Kaveh Waddell | The Atlantic | February 2, 2017 | 0 Comments

How Did Cybersecurity Become So Political?

Maksim Kabakou/Shutterstock.com

Less than a month before he was elected president, Donald Trump promised to make cybersecurity “an immediate and top priority for my administration.” He had talked about technology often on the campaign trail—mostly to attack Hillary Clinton for using a private email server when she was secretary of state.

But less than two weeks into his presidency, it’s Trump and his team who have struggled to plug important security holes, some of which are reminiscent of Clinton’s troubles.

Rather than sparking an uproar, the problems have largely been buried the by other changes and crises of the Trump administration’s first days. But even without the distracting firehose of executive orders, announcements and tweets, half of America wouldn’t blink at the new president’s computer-security shortcomings. That’s because cybersecurity, like just about everything else, has become burdened with political baggage.

Here’s a short rundown of the security problems that dogged Trump’s White House during his first week as president:

Cybersecurity figured more prominently in the 2016 race than ever before, in part because Clinton’s email server was in the spotlight for so much of it. But that doesn’t mean voters suddenly care about how carefully politicians guard their digital secrets.

A survey conducted last week by Public Policy Polling asked whether Trump should be allowed to use a private email server—and 42 percent of Trump voters said yes. (By contrast, 87 percent of Republicans said Clinton did something illegal—for example, by using a private server—compared to 13 percent of Democrats who said the same, in McClatchy-Marist poll from November.)

A similar split appears when Democrats and Republicans are asked about Russia’s attempts to influence the election. In a Fox News poll from December, 85 percent of Republicans said Russia’s meddling had no effect, compared to 36 percent of Democrats who said the same. (A report prepared by the intelligence community concluded Russia had tried to help Trump win the presidency, but didn’t evaluate whether the Kremlin’s effort was effective.)

How did we get here?

For years, cybersecurity was straightfoward. It was about common-sense goals: keeping your own PC clean, company networks free from hackers, and critical infrastructure safe from foreign intrusions. But as it started to affect and frighten everyday Americans—not to mention Congress, which is famously behind the curve on technology—cybersecurity got sucked into the inevitable vortex of politicization.

Things began changing sometime in the last four or so years. Documents leaked by Edward Snowden in 2013 brought to light the extent of the national-security spying apparatus for the first time, and captured widespread attention, far beyond just privacy wonks and IT professionals.

Around the same time, massive data breaches hit Americans one after another: one that affected Target customers in 2013, another at Home Depot in 2014, and two enormous breaches at the Office of Personnel Management that same year. And while the intrusion into Sony Pictures that year didn’t affect as many people as some of the other breaches, the sordid details it revealed brought the power of state-on-state cybercrime even to the pages of TMZ.

As cybersecurity nudged its way into the lives of normal people, Washington took note. The 113th and 114th Congresses passed several cybersecurity bills that were signed into law, including the controversial Cybersecurity Information-Sharing Act, which provided incentives for companies to share details about cyberthreats with the government, and the USA Freedom Act, which ended the National Security Agency’s bulk-spying program.

Along the way, cybersecurity—and especially privacy—became increasingly political. Only one Democrat voted against the USA Freedom Act, for example, which cut back on Patriot Act surveillance powers. I wrote about the increasing partisanship around digital privacy last year, when Democrats and Republicans were divided over supporting Apple or the FBI in a case surrounding an iPhone that belonged to one of the San Bernardino shooters. Democrats tended to agree with Apple’s position—the company fought back against a request to unlock the shooter’s phone—but Republicans aligned more closely with the FBI.

Trump certainly hasn’t helped calm the waters. He’s shown a profound lack of understanding about computer securityhacking attribution, and cyberwar. And by writing off as a “political witch hunt” the intelligence community’s assessment that Russia was behind cyberattacks on top Democrats and Democratic organizations, he did more than just malign top intelligence agencies—he compounded his supporters’ belief that the findings were politically motivated.

(For his part, Barack Obama often framed cybersecurity as a bipartisan issue. “Defending against cyber threats, just like terrorism or other threats, is one more reason that we are calling on Congress not to engage in politics,” Obama said at a cybersecurity summit at Stanford. “This is not a Republican or Democratic issue.”)

Politicizing cybersecurity is dangerous: It threatens to tie a critical matter of national security to the whims of partisanship. And if voters make decisions about cybersecurity based on what party they identify with, protecting American people, businesses and government agencies—let alone the integrity of critical national infrastructure—will come in second to scoring political points.