President Trump and Cybersecurity
As the dust begins to settle on Donald Trump’s unprecedented victory, following a campaign that was often heavy on rhetoric, but short on detail, commentators, scholars, and the public are left questioning precisely what a Trump presidency will look like. One area that has too often been overlooked in the analysis, however, is Trump’s potential impact on cybersecurity. Trump gave only scant attention to cybersecurity on the campaign trail and offers merely vague reference to a cybersecurity “vision” on his campaign website.1 Considering Russia’s presumed involvement in WikiLeaks’ releases during the general election season and the impact it may have had on the election, the threat of hacks from foreign governments on American servers – see, for example, China’s 2015 hack of an Office of Personnel Management database containing classified information on some four million current and former federal employees2– and the growing incentives for American tech companies to spy on one another in an increasingly data and analytics-driven market, President Trump must pay serious attention to this area.
Part of the uncertainty surrounding Trump’s approach to cybersecurity stems from confusion as to whether or not he will actually follow through on his campaign promises and continue his rhetoric. For example, if he indeed plans to deport large numbers of undocumented immigrants, one of the ways to collect the necessary demographic information would be to direct companies like Facebook to do the work for him, by detecting users who use the Spanish language or using some other metric to mine data on individual users. Tech companies that primarily cater to minority communities could face similar demands by Trump to release user information.3 Trump will surely follow through on his promise to do everything in his power to deter ISIS recruitment, but this may also lead to overreaching and violating the privacy of Internet users. Trump, after all, said on the campaign trail that he would advocate “penetrat[ing] the Internet” and “clos[ing] down parts of the Internet” in order to stop would-be ISIS recruits. 4. Related is Trump’s stated willingness to monitor mosques and task police with creating “demographic units.”5. Such rhetoric from Trump has too often not been qualified by a stated need to also respect the civil liberties of American citizens.
While companies can protect themselves and their users’ personal data by storing it for a limited time only, encrypting their data in the way Apple successfully has, or relocating or moving their servers abroad, these solutions are impracticable and cost prohibitive for many companies. In any event, considering that Trump has previously called on his supporters to boycott Apple following its refusal to help the FBI unlock the suspected San Bernardino shooter’s iPhone6 and his insistence on keeping American companies in the U.S., President Trump may use his influence to dissuade companies from taking such measures.
Then there is of course Trump’s non-denunciatory, if at times bordering on fawning, comments about Vladimir Putin. As of October 2016, the U.S. Intelligence community was in a position to declare that they were “confident” that it was the Russian government who hacked into the DNC and other political organizations during the presidential race in an effort to influence the election. These leaked emails were provided to Wikileaks, and it is believed that those high up in the Kremlin were involved. 7 However, there has not been a genuine repudiation of this hacking by Trump. Instead, he (allegedly) joked that he wanted Russia to engage in further espionage to uncover Hillary Clinton’s deleted emails. While he later claimed these comments were sarcastic, people were unwilling to give him the benefit of the doubt, and the backlash from national security experts and others was swift and harsh. 8
It is also being reported that WikiLeaks founder Julian Assange, currently under a U.S. criminal investigation for his continued leaks of sensitive, confidential U.S. information, plans to ask President-elect Trump for a pardon.9 While only Trump’s Attorney General can ultimately decide to drop the case, Trump can certainly apply pressure one way or the other. Trump’s response to this plea may help reveal whether he understands the magnitude of the risk that such continuing attacks pose for our national security.
Trump did assert in October 2016, while reading off a teleprompter, that “to truly make America safe, we truly have to make cybersecurity a major priority”, but actions will speak louder than his words. Considering that politically motivated cyber warfare is expected to intensify moving forward 10, Trump needs to appoint a strong coalition of both public and private sector experts to work diligently to minimize cyber attacks from abroad, keep our sensitive information safe, and protect consumers. He should also alter his rhetoric and public statements to give the American people confidence that he understands and will take seriously this important area. Until then, he can expect to face more questions and concerns moving forward.