Washington, D.C., October 26, 2020 - In the lead up to the 2020 presidential election, the Cyber Vault has reviewed the respective 2020 platforms of the Democratic and Republican parties and how they propose to address issues of cyber and technology policy. To avoid confusion, it is worth noting that the Republican National Committee (RNC) declined to compile a new convention platform for the 2020 presidential election. According to the “Resolution Regarding the Republican Party Platform,” given that the size and scope of the 2020 Republican National Convention in Charlotte was reduced significantly due to COVID precautions, “the RNC has unanimously voted to forego the Convention Committee on Platform, in appreciation of the fact that it did not want a small contingent of delegates formulating a new platform without the breadth of perspectives” found in the GOP. Instead, the RNC affirmed its commitment to the principles and policies proposed in the 2016 Republican Party Platform and resolved “that any motion to amend the 2016 Platform or to adopt a new platform … will be ruled out of order.”
With this caveat, we have endeavored to compare the platforms issue by issue; however, given the chronological difference between the platforms, there are some cases where one platform may address a specific topic, while the other is silent on the issue. For example, while the Democratic platform speaks directly to election cybersecurity, the Republican platform says very little about the topic, a divergence that is understandable given that the GOP’s platform was crafted prior to the 2016 election.
Offense and Defense in Cyberspace
The GOP platform features a subsection, “Facing 21st Century Threats: Cybersecurity in an Insecure World.” In it, the writers note, “Despite their promises to the contrary, Russia and China see cyber operations as part of a warfare strategy during peacetime,” and affirm that the United States’ response “should be to cause diplomatic, financial, and legal pain, curtailing visas for guilty parties, freezing their assets, and pursuing criminal actions against them.” Additionally, the platform supports the Department of Defense’s latest cyber strategy of “defending forward,” asserting that the United States must “stop playing defense and go on offense to avoid the cyber-equivalent of Pearl Harbor.”
The platform also calls for the equivalence of “stand-your-ground” laws in cyberspace, noting that Republicans will “make clear that users have a self-defense right to deal with hackers as they see fit.” These sentiments are echoed in a proposed amendment to Title 18 of the United States code, “Active Cyber Defense Certainty (ACDC) Act.” Sponsored by Rep Tom Graves (R-GA-14), the bill seeks to “provide a defense to prosecution for fraud and related activity in connection with computers for persons defending against unauthorized intrusions into their computers.” Critics of the concept of “hacking back” offer concerns that legalizing such responses would essentially protect cyber vigilantism, and allow companies to punish accused hackers by circumventing due process. Others point to the possibility that innocent third parties could be unintentionally impacted by such retaliatory measures. Admiral Michael S. Rogers, former director of the National Security Agency, voiced his own concerns about ACDC in a congressional hearing on cyber threats, cautioning Congress, “Be leery of putting more gunfighters out on the streets of the Wild West. We’ve got enough cyber actors out there already.”
Privacy in the Digital Realm
Regarding data privacy, “Democrats are committed to policies that will protect individuals’ privacy and data rights while continuing to support and enable innovation and improve accessibility in the technology sector.” The platform asserts that Democrats will update the Consumer Privacy Bill of Rights, initially drafted by the Obama administration in 2015, to include data breach protections for consumers, students, employees, and patients. The original draft was roundly criticized from privacy advocates and technology companies alike. Privacy hawks protested that the proposed bill did not empower the Federal Trade Commission (FTC) to set regulations to enforce consumer data privacy, but instead allowed companies to create their own rules and then request approval from the FTC. Jeff Chester, the executive director of the Center for Digital Democracy, opined that President Obama “allowed the process to be hijacked by the Commerce Department, which is more aligned with the data lobby than the American people.” Critiques from private industry included concerns that unnecessarily burdensome regulations could inhibit the creation of offerings beneficial to consumers. Gary Shapiro, the president and CEO of the Consumer Electronics Association said the bill “could hurt American innovation and choke off potentially useful services and products.”
In “The Fourth Amendment: Liberty and Privacy,” the Republican Party Platform addresses privacy protections in digital policy, noting that while “technology companies have responded to market demand for products and services that protect the privacy of customers through increasingly sophisticated encryption technology,” criminals and terrorists have also utilized this technology for nefarious purposes. The platform writers maintain that while “citizens must retain the right to communicate with one another free from unlawful government intrusion … the government’s legitimate need to access encrypted information” must also be addressed. Echoing this concern, the ‘‘Lawful Access to Encrypted Data Act,’’ a bill introduced by Senator Lindsey Graham (R-SC) in June 2020, seeks to “improve the ability of law enforcement agencies to access encrypted data.” The proposed legislation has come under fire from critics such as the Electronic Frontier Foundation, which criticizes both the bill’s wide scope and call for the implementation of “backdoors,” or intentionally designed system vulnerabilities used to circumvent security controls, to commonly used devices and software, making the system simultaneously more accessible to both the government and to bad actors. The EFF notes that the provisions would “give the government the ability to demand these backdoors in connection with a wide range of surveillance orders in criminal and national security cases, including Section 215 of the Patriot Act, a surveillance law so controversial that Congress can’t agree whether it should be reauthorized.”
Both platforms speak to the issue of net neutrality, the concept that internet service providers should provide access to all content and applications equally without favoring or blocking particular materials or products. Net neutrality was a core principle enshrined in the 2015 Federal Communications Commission (FCC) order, “Protecting and Promoting the Open Internet,” and a point of contention in the order’s repeal in 2017 by the “Restoring Internet Freedom” Order. In a section entitled “Protecting Internet Freedom,” the GOP platform writers assert that in 2015, President Barack Obama “ordered the chair of the supposedly independent Federal Communications Commission to impose upon the internet rules devised in the 1930s for the telephone monopoly.” The Republican Party Platform instead commits to “support Internet policies that allow people and private enterprise to thrive, without providing new and expanded government powers to tax and regulate so that the internet does not become a vehicle for a dramatic expansion of government power.” The language used by the FCC in the subsequent 2017 repeal order is strikingly similar to that of the 2016/2020 GOP platform:
We reverse the Commission’s abrupt shift two years ago to heavy-handed utility-style regulation of broadband Internet access service and return to the light-touch framework under which a free and open Internet underwent rapid and unprecedented growth for almost two decades. We eliminate burdensome regulation that stifles innovation and deters investment, and empower Americans to choose the broadband Internet access service that best fits their needs.
By contrast, the Democratic Party Platform commits to reinstating the principles of the overturned 2015 FCC order and affirms the FCC’s “clear authority to take strong enforcement action against broadband providers who violate net neutrality principles through blocking, throttling, per prioritization, or other measures that create artificial scarcity and raise consumer prices for this vital service.” Democrats also propose to utilize net neutrality to recommit the United States to the principles of an open internet, and expect technology companies and social media platforms to do more to preserve democracy and challenge illicit efforts to influence American elections.
In a section entitled, “Protecting and Enforcing Voting Rights,” the Democratic Party Platform addresses election cybersecurity and affirms that “Democrats will increase investments to help state and local governments upgrade election technology, including cybersecurity technology … Democrats will also increase oversight of private election vendors to ensure voting systems are secure and worthy of voters’ trust.” These priorities are mirrored in the “Securing America’s Federal Elections Act,” a bill introduced by Rep. Zoe Lofgren (D-CA-19) which passed the House along mostly party lines in June 2019, but was subsequently blocked in the Senate. The proposed legislation includes “grants for obtaining compliant paper ballot voting systems and carrying out voting system security improvements” (Sec. 111), as well as additional “voting system cybersecurity requirements” (Sec. 201). The SAFE Act proposes that by the date of the regularly scheduled November 2022 general election, “each State shall seek to ensure that any voting machine used in such election and any subsequent election for Federal office is manufactured in the United States.” Critics of the SAFE Act allow that while its provisions are perhaps a good start, the legislation does not provide enough specificity to truly engender election security. Jason Healey, senior research scholar and professor at Columbia University’s School of International and Public Affairs, as well as the founding director and senior fellow at the Atlantic Council’s Cyber Statecraft Initiative suggests, “The made-in-USA provision probably doesn’t buy a lot of security—what about design and software?—and might create quite a bit of havoc.” Others express concern that the core of the SAFE Act is an allotment of $600 million in federal funds to assist states in running elections—a responsibility that has previously been the purview of the states, and some would argue, is one best left to the states alone to fund and control.
Expanding Broadband Access
Both parties’ platforms acknowledge the critical impact of reduced rural access to broadband internet. In a report produced by the Government Accountability Office, according to FCC data, in 2018 fixed broadband service was available to 94.4 percent of the U.S. population, as compared to 81.2. percent in 2012. However, as of 2018, broadband was available to only 77.7 percent of the rural population, as compared to 98.5 percent of the urban population. The GAO noted that despite high-cost programs designed to support the deployment of broadband in rural areas, “some rural areas continue to lack access due, in part, to challenges with providing service to areas where deployment costs are high and returns on investment are low.” These concerns are reflected in both party platforms.
The Republican Party Platform focuses on the economic impact of restricted broadband access, as well as the cost of federal programs aimed at eliminating access gaps:
At the cost of billions, the [previous] Administration has done little to advance our goal of universal broadband coverage. That hurts rural America, where farmers, ranchers, and small business people need connectivity to operate in real time with the world’s producers … We encourage public-private partnerships to provide predictable support for connecting rural areas so that every American can fully participate in the global economy.
By contrast, the Democratic Party Platform seeks to bridge the “digital divide,” worsened by the pandemic, by increasing federal investment in broadband and 5G infrastructure expansion.
Democrats will close the digital divide that deprives more than 20 million Americans of high-speed internet access by investing in broadband and 5G technology, including rural and municipal broadband … Significant gaps in access to technology, including lack of access to high-speed broadband and connected devices, have deepened inequities in our educational system for students of color, students with disabilities, English language learners, and students in rural areas and under-resourced neighborhoods during this pandemic. We will significantly increase federal investments in rural, urban, and Tribal broadband infrastructure to close the digital divide and ensure students can access educational resources from their homes and schools now and in the future.
The full GAO report, which examines industry and federal investments in broadband expansion efforts since 2009, as well as the efforts federal agencies are making to address challenges to broadband deployment, demonstrates that the expansion of broadband access, particularly into rural communities, has been a challenge for multiple presidential administrations, and will remain so into the next.
This is the Republican National Convention's resolution adopting the 2016 Republican Party Platform as the platform for the 2020 presidential election, as well as the 2016 platform itself.
This is the 2020 Democratic Party Platform.
"The National Cyber Strategy of the United States of America," released in 2018 under the Trump Administration, establishes the cyber priorities of the U.S., built upon four "pillars:" Protect the American People, the Homeland, and the American Way of Life; Promote American Prosperity; Preserve Peace through Strength; and Advance American Influence.
HR. 3270, introduced by Rep. Tom Graves (R-GA-14) and also known as the "Active Cyber Defense Certainty Act" (ACDC), is a proposed amendment to title 18 of the U.S. Code which would provide a "defense to prosecution for fraud and related activity in connection with computers for persons defending against unauthorized intrusions into their computers."
This draft of a "Consumer Privacy Bill of Rights" by the Obama Administration sought to "establish baseline protections for individual privacy in the commercial arena."
S.4051, sponsored by Sen. Lindsey Graham (R-SC) and also known as the "Lawful Access to Encrypted Data Act," is a proposal to "improve the ability of law enforcement agencies to access encrypted data."
This Declaratory Ruling and Order from the FCC establishes the principle of "net neutrality," or the concept that internet service providers should provide access to all content and applications equally without favoring or blocking particular materials or products.
This Declaratory Ruling and Order rescinds the FCC's 2015 order, "Promoting and Protecting the Open Internet."
H.R. 2722, introduced by Rep. Zoe Lofgren (D-CA-19) and also known as the "Securing America's Federal Elections Act", is a proposal to "protect elections for public office by providing financial support and enhanced security for the infrastructure used to carry out such elections."
This GAO report examines industry and federal investments in broadband expansion efforts since 2009, as well as the efforts federal agencies are making to addresss challenges to broadband deployment.