Where do the presidential candidates stand on encryption? A handy guide

Alyssa Bereznak
·National Correspondent, Technology
image

Photo: Getty Images

In the wake of terrorist attacks here and abroad, candidates in the 2016 presidential race have shifted their attention to issues of national security. Many have proposed aggressive measures to confront ISIS, including bombing it “back to the Stone Age” (Sen. Ted Cruz, R-Texas) and banning Muslims from entering the country altogether (Donald Trump). But very few have articulated a clear position on how to prevent terrorist recruitment and plotting online.

CNN’s Tuesday night Republican debate brought many of these issues to the table, raising questions about surveillance, who owns the Internet and — paramount to the tech world — encryption.

Encryption — a way to encode information so that only the sender and the intended recipient can read it — has been central to a security versus privacy debate dubbed the Crypto Wars that dates back to the early 1990s. For years, intelligence officials have pointed to the technology as a significant obstacle in tracking nefarious activity online. Those complaints have only grown more insistent since the terrorist attacks in Paris and San Bernardino. Recently, FBI Director James Comey even suggested that major tech companies reconsider their business structure to intercept and pass on encrypted information when needed. And those pressures are sure to increase after French counterterrorism investigators announced that encrypted apps such as WhatsApp and Telegram may have been used to plot the Nov. 13 Paris attack.

Virtually all tech companies and cryptographers argue that building any type of “backdoor” into these secure communications would undermine the purpose of the technology entirely, ultimately compromising public privacy and driving consumers to use unregulated international products.

It’s something our next president will most definitely have to weigh in on. And though not every presidential candidate has offered a firm stance on the debate, they’ve definitely dropped hints. Below, a survey of those candidates who have acknowledged the issue of encryption and what they think about it.

Democrats:

Hillary Clinton


The current Democratic frontrunner has discussed encryption regulation several times, though we still don’t know how she feels about it. In a conversation with Re/code’s Kara Swisher in June, she said Silicon Valley needs to sit down with legislators and have a “real conversation” about ways to get around encryption to combat online terrorist activity. Then she waffled, admitting it was a “hard choice” and that “there are really strong, legitimate arguments on both sides.”

During a speech at the Brookings Institution in December, Clinton threw around more vague platitudes, requesting an “urgent dialogue” between industry giants and law enforcement officials about tackling terrorists online, appealing to Silicon Valley to “disrupt ISIS.”

Her voting record, however, offers a clearer picture of her stance on privacy tech. As a New York senator in 2001, Clinton supported the Patriot Act, which authorized expanded government surveillance to monitor phone and email communications, collect bank and credit card records and track Internet activity.

As provisions under that act were set to expire this year, she endorsed a bill that re-upped and modified that surveillance program, ending the NSA’s bulk metadata collection but maintaining other forms of surveillance.

At the same time, she said the Cybersecurity Information Sharing Act, which allows the sharing of Internet traffic information between the government and tech companies, “doesn’t go far enough,” in protecting us from foreign hackers. So, it seems Clinton has a history of siding with the surveyors, and not the surveilled.

Bernie Sanders

Maintaining a steadfast focus on economic and social justice issues during his presidential campaign, Sanders hasn’t spent much time battling mass surveillance. But his record signals that he’s much more concerned than Clinton about protecting citizen’s privacy. Just as he voted against the Patriot Act, he rejected the USA Freedom Act this June, arguing that it didn’t “go far enough in protecting our privacy rights.”

“I worry that we are moving toward an Orwellian form of society, where Big Brother — whether in the corporate world, or the government — knows too much information about the private lives of innocent people,” he told Yahoo Global News Anchor Katie Couric in June. Though that’s not an outright condemnation of building back doors into encrypted communications for the purpose of government surveillance, it’s very close.

Martin O’Malley

image

Photo: Cheryl Senter/AP

The Democratic Party’s third wheel addressed encryption, however noncommittally, in an op-ed for the New York Daily News, calling for “greater public-private collaboration on how we can prevent terrorists from exploiting encryption, which has enabled them to ‘go dark’ well before they strike.”

Ultimately that concern for security is likely what pushed O’Malley to support the USA Freedom Act. However, he said he “would like to see us go further” when it comes to limiting the government’s ability to conduct surveillance on citizens. So it seems he’s conflicted in this area.

Republicans:

Jeb Bush:

image

Photo: John Locher/AP

Jeb Bush more or less condemned the use of encryption in August: “If you create encryption, it makes it harder for the American government to do its job — while protecting civil liberties — to make sure that evildoers aren’t in our midst,” he said at an event sponsored by a military contractor-affiliated group named Americans for Peace, Prosperity, and Security.

Rand Paul


Paul has positioned himself as one of the most tech-savvy candidates of the 2016 presidential race, hosting hack-a-thons and accepting donations via Bitcoin. So it’s no surprise that he has a lot to say about the proposal to limit encryption. In an interview with Yahoo News’ Olivier Knox in November, he supported public use of the technology and echoed the security concerns of many cryptographers and activists.

“The head of the FBI came out with this recently, he says, ‘Oh, we’re going to ban encryption.’ And it’s like we want to build a backdoor into Facebook and a backdoor into Apple products,” Paul said at the Yahoo Politics Digital Democracy Conference. “A backdoor means that the government can look at your stuff, look at your information, your conversations. … The moment you build an opening — and I’m not an expert on coding or anything, but the moment you give a vulnerability to a code that someone can get into your source code, not only can the government, but so can your enemies, so can foreign governments.”

This comes as no surprise, as Paul has challenged the provisions of the Patriot Act in the past, and recently compared banning encryption to banning guns.

Carly Fiorina

image

Photo: John Locher/AP

During the first GOP debate, Carly Fiorina was asked whether Google and Apple should cooperate with the U.S. government to weaken encryption so criminals can’t hide behind it. In response, the former Hewlett-Packard CEO made up a new word. “We need to tear down cyberwalls,” she said, referring, one can only assume, to encryption. “We could have detected and repelled some of those cyberattacks” if we had passed “a law [that] has been sitting, languishing, sadly, on Capitol Hill.”

Just this week, she clarified her stance in an interview with Breitbart News. “You can’t outlaw encryption,” she said. “Encryption protects American consumers from identity theft, and all the rest of it. But we have to be able to work around it when necessary to give our investigators the information they need.”

Fiorina reiterated this strategy, which some experts say is wholly infeasible, at the debate on Tuesday, solidifying her willingness to compromise the security of encryption in the wake of terrorist threats.

Lindsey Graham

image

Photo: Mike Blake/Reuters

Graham followed up on Fiorina’s remarks at the first Republican debate by declaring “if I have to tear down a cyberwall, I’ll tear down a cyberwall.”

But the South Carolina senator’s past comments about technology may be reason to question whether he knows what tearing down that cyberwall would entail. In March, Graham said he’d never sent an email. Adding: “I don’t know what that makes me.”

In this case, it makes him a person who probably doesn’t know much about the encryption debate. However, those who contribute to his campaign can rest assured that the governor’s website processes each credit card transaction “using encrypted code.”

John Kasich

Tuesday’s debate gave the Ohio governor an opportunity to blame encryption for our lack of prior intelligence in terrorist attacks.

“There is a big problem, it’s called encryption,” he said. “The people in San Bernardino were communicating with people who the FBI had been watching, but because their phone was encrypted, because intelligence officials could not see who they were talking to, it was lost. … We need to be able to penetrate these people when they’re involved in these plots and these plans, and we have to give the local authorities the ability to penetrate in this route. Encryption is a major problem and Congress has got to deal with this, and so does the president, to keep us safe.”

Kasich’s suggestion that we could not access the San Bernardino shooters’ phone conversations because their phone was encrypted is somewhat misleading. Kasich was referring to a CBS News tweet that quoted a “senior law enforcement official” who said investigators had found “levels of built-in encryption” in Syed Farook and Tashfeen Malik’s phones.

Virtually all modern phones in the United States come out of the box with “levels of built-in encryption,” otherwise criminals would be able to intercept your calls whenever your phone connected to a cellular tower. Not to mention, if your phone was stolen, anyone would be able to access your sensitive information.

Whether Kasich is confused by that point, or simply using it as an example to explain why all encryption is dangerous, is unclear. But there’s no question that he’s willing to significantly downgrade the security of devices to be sure nothing gets past intelligence officials.

George Pataki

During Tuesday night’s undercard debate, the former New York governor said that, as president, he would pass “a law on tech firms to prevent encryption.”

In clarifying his position, he provided suggestions similar to Fiorina’s.

“Companies are entitled to encrypt and protect their knowledge and their intelligence,” he said. “But what we need is a backdoor for law enforcement to be able — when they can establish that that communication poses a risk to our safety and engages in terrorism — to get a court order and go in and access those communications. Allow the companies to continue encryption, provide an entryway for law enforcement when they can prove to a court that there’s a sufficient risk, when there’s an attack upon us, that they have the right to look at those messages.”

Marco Rubio

image

Photo: John Locher/AP

Rubio has made it clear that he wants the federal government and the private sector to share more information as a way to prevent cyber- and terrorist attacks. He’s also publicly supported the Foreign Intelligence Surveillance Act. And during Tuesday’s debate, he doubled down on his commitment to mass surveillance.

“We are now at a time where we need more tools, not less tools,” the Florida senator said, criticizing the limits on metadata collection in the USA Freedom Act.

Rubio’s willingness to expand programs that collect the private information of Americans signals an apparent willingness to compromise encryption for the same reasons.

Ted Cruz

image

Photo: John Locher/AP

The Texas senator has towed a libertarian line when it comes to surveillance legislation in the past. As a candidate whose campaign runs on an explicit distrust of big government, it makes sense that Cruz would vote for the USA Freedom Act — a move that has earned him scorn from Rubio. During Tuesday’s debate, he argued that the bill’s mandate to transfer mass phone data collection from the NSA to phone companies actually gave more tools to pinpoint terror threats.

However, cybersecurity activists worry that Cruz is uneducated on the intricacies of these policies, after an Oct. 15 video surfaced of the senator admitting to a crowd in Iowa that he was unfamiliar with CISA — a bill that critics say allows companies to monitor their customers and share their information with the government without warrant.

Donald Trump

image

Photo: John Locher/AP

Trump has made many a reference to building walls, and some of them even appear to be cyber in nature. Though the Republican presidential frontrunner has not explicitly addressed encryption issues, he has suggested we shut off ISIS’ Internet connection, and expressed concern that the group is “using the Internet better than we are,” despite the fact that it “was our idea.” During the debate, he elaborated as best he could.

“I wanted to get our brilliant people from Silicon Valley and other places and figure out a way that ISIS cannot do what they’re doing,” he said. “You talk freedom of speech, you talk freedom of anything you want. I don’t want them using our Internet to take our young impressionable youth.”

Trump could be referring to the issue of encryption, or something much simpler. But anyone who’s willing to ban a world religion from the country might be willing to do the same for an essential element of consumer technology.

Ben Carson

image

Photo: Mike Blake/Reuters

The retired brain surgeon has made virtually no mention of encryption on the campaign trail. But when it comes to assuring potential donors that their credit card information is safe, his website has a whole page on it:

“Carson America uses a secure socket layer (SSL) with the highest level of encryption commercially available for www.bencarson.com on pages where online visitors register or make a secure online donation using their credit card.”

That being said, Carson has said he’s open to the surveillance of mosques, churches and schools. Who knows whether that would entail the compromise of encryption technology?

Chris Christie

image

Photo: John Locher/AP

In early 2015, Christie signed a law that required health insurance companies in New Jersey to encrypt client information, signaling he understands its importance. Still, the New Jersey governor has made his support for the NSA and government surveillance very clear, praising the provisions in the Patriot Act, and calling for the extension of intelligence-gathering capabilities.

The fact that he’s publicly criticized Edward Snowden, and sparred with Rand Paul about these issues suggests he’d overhaul encryption if that meant even a hint of access to potential terrorist activity.

Rick Santorum

image

Photo: Mike Blake/Reuters

Though the former senator from Pennsylvania has made no explicit mention of encryption, his voting record speaks for itself. Santorum voted for the Patriot Act in 2001, and said he’d do it again today. He’s also criticized Paul’s stance on the issue, saying “hopefully Rand Paul won’t prevail, that the Senate will do what it must do, which is to keep our defenses up and follow through with a plan that balances the interests,” Santorum replied. “It’s always a [balance] between security and freedom, and that’s in every aspect of our [lives].”

That balance would likely mean that he’d prefer the government has access to encrypted communication for the sake of national security.

Mike Huckabee

image

Photo: Mike Blake/Reuters

Huckabee, though not the race’s expert on online surveillance, has most definitely been vocal about the issue. He’s been known to publicly criticize unregulated monitoring by the NSA, arguing that the Patriot Act has gone too far. The former Arkansas governor has even said he’d repeal “Obama’s warrantless NSA spying program” if he became president.

However, his comments about cybersecurity have caused experts to question his technological knowledge of the government’s digital capabilities in general. So, though he’s made no explicit mention of encryption, it’s possible that he, like so many other candidates, might not understand it.

Related:

Following Paris attacks, encryption services face new scrutiny

Here’s the manual ISIS uses to teach its soldiers about encryption

How encryption works and why people are so freaked out about it