Lincoln Davidson is a research associate for Asia Studies and James Pooler is an intern at the Council on Foreign Relations.
Last week, Democratic presidential candidate Hillary Clinton released her platform on how the U.S. government should promote innovation and respond to technological change. Although the platform focuses primarily on STEM education, entrepreneurship, and economic growth, it addresses pressing topics in cybersecurity, internet governance, digital trade, data flows, and human rights online.
Bolster cybersecurity. Clinton supports greater investment in cybersecurity and would promote collaboration between the public and private sectors, through research, information sharing, and adoption of best practices like the National Institute of Standards and Technology (NIST) Cybersecurity Framework. She plans to “build on” the Obama administration’s Cybersecurity National Action Plan by hiring and “empowering” a federal Chief Information Security Officer and upgrading federal government information technology systems. Clinton intends to strengthen the security of federal networks by ensuring federal agencies are following best practices like two-factor authentication and expanding federal government bug bounty programs.
Support multistakeholder internet governance. Clinton supports the IANA transition and the multistakeholder model of internet governance, with civil society organizations and network operators taking the lead in making decisions about the future of the internet. Her platform highlights the work she did as Secretary of State to oppose efforts by other countries, such as Russia and China, to promote a government-led approach to internet governance. As president, she plans extend her vision for a free and accessible internet abroad by opposing foreign governments’ restriction and monitoring of free speech online.
Protect an open internet and the free flow of data. Clinton says she would support the U.S.-EU Privacy Shield governing data transfers between the European Union and the United States. As president, she promises to call on other countries to stop restricting online speech or limit internet access. Clinton also says she would reject efforts by other countries to require data localization, a position consistent with her previous support for such requirements in the Trans-Pacific Partnership. One way she proposes undercutting data localization efforts is reform of the mutual legal assistance treaty (MLAT) system, which governs how law enforcement authorities access data stored in other countries.
Reconcile privacy and security. Clinton “rejects the false choice between privacy interests and keeping Americans safe” and supports Congressman Mike McCaul (R-TX) and Senator Mark Warner’s (D-VA) proposal of a national commission on encryption. The commission, composed of stakeholders from law enforcement, the technology industry, the intelligence community, and civil liberties advocates, would aim to identify ways to preserve the security of Americans while protecting their privacy. Her administration would also enforce strong consumer privacy protection by encouraging high standards in the tech industry, a response to the challenges raised by the advent of big data and the internet of things.
Viability and impact
Clinton’s message on cybersecurity and internet policy is consistent and dovetails with the Obama administration’s efforts. The Cybersecurity National Action Plan, NIST Framework, information sharing, IANA transition, and Privacy Shield are all initiatives initiated and promoted by the current administration. This is not to say they are bad ideas, or that it’s surprising Clinton supports them. As secretary of state, Clinton was a driving force behind the United States’ internet freedom agenda and created an Office of the Coordinator for Cyber Issues, reporting directly to her, to coordinate programming and policy advocacy across the State Department. In 2009, her staff asked Twitter to delay maintenance that would shut down its servers while Iranians were using the service to protest then President Ahmadinejad’s reelection.
On the encryption issue, the Democratic candidate refrains from siding with either privacy advocates or law enforcement, preferring to support the McCaul-Warner commission instead. Throughout the primaries, Clinton tried to stake out middle ground, saying that there must be “some way” for the tech sector to devise a method that would allow law enforcement access to encrypted communications without creating security vulnerabilities in encryption software. Her stance, however, was strongly ridiculed in the tech sector and by some members of Congress, who argue that no such magical way exists. Nevertheless, the attempt to strike a middle ground in a highly contentious debate avoids ruffling any feathers on either side of the debate. And while the tech community may be unhappy with her position, it is likely to dislike Donald Trump’s position more. Earlier this year, the presumptive Republican nominee called for an Apple boycott during that company’s legal standoff with the Federal Bureau of Investigation.
One topic the platform avoids altogether is the vulnerabilities equities process (VEP), the process by which the federal government determines whether to disclose a computer vulnerability discovered by government employees. Admittedly, it’s a pretty arcane topic for a election campaign appealing to the general population to discuss, but then again, so are the IANA transition and the EU-U.S. Privacy Shield. There’s a good case to be made for increasing the accountability and transparency of the VEP, and it would have been nice to see recognition of that case in Clinton’s platform.