Internet Group Says Most U.S. Presidential Candidates Have Cybersecurity Flaws

More than three years after media reports disclosed hackers were interfering in the 2016 U.S. presidential race to influence voters, most of the country's candidates in the 2020 presidential election are struggling with cybersecurity issues, according to a nonpartisan group focused on internet standards.

A majority of the 23 candidates in the race for the White House failed to meet the privacy and security standards set by the Internet Society's Online Trust Alliance (OTA), according to the group's audit released this week.

The findings are the latest to show the increasing pressure countries are facing to preserve online security during elections, as well as in their industries and infrastructure.

The research by the OTA examined how well the 23 Democratic, Republican and Independent candidates are handling online security challenges in their campaigns. Just seven of the 23 politicians scored 80% or higher in campaign cybersecurity, meaning researchers found no failures in the three areas examined: privacy, website security and consumer protection. Weaknesses ensuring the data privacy of users accessing the candidate's online platforms raised the most red flags, researchers found.

"Sixteen candidates failed in privacy, and this was entirely due to language in the privacy statement that basically said they could share data with anyone they want and not hold them to any restrictions," says Jeff Wilbur, the OTA's technical director. "Also, if we are assessing a service such as PayPal or Twitter, we are looking for language such as, 'We don't share data except in narrow cases and anyone we share data with we're going to hold them to the same rules as ourselves.' None of the campaigns said that."

[MORE: America 2020]

Researchers identified the three evaluating metrics as follows:

1. Privacy: A metric related to "data sharing, retention, notice, and third-party restriction policies in the privacy statement, as well as analysis of third-party tracking on the website."

2. Website security: Related to how secure servers for the campaign platforms were, type of encryption used, website protections and overall vulnerability.

3. Consumer protection: Related to how well-protected campaign emails were via authentication and encryption between servers, as well as domain protection from hackers.

Pete Buttigieg, Kamala Harris, Amy Klobuchar, Beto O'Rourke, Bernie Sanders, Donald Trump and Marianne Williamson earned "Honor Roll" status by receiving a passing grade in all of the three categories. Michael Bennet, Joe Biden, Cory Booker, Steve Bullock, Julian Castro, John Delaney, Tulsi Gabbard, Wayne Messam, Tim Ryan, Mark Sanford, Joe Sestak, Tom Steyer, Joe Walsh, Elizabeth Warren, Bill Weld and Andrew Yang were listed as having had "a failure" in at least one of the three categories.

Compared with other organizations in various sectors in the economy that the Online Trust Alliance audited in the past -- retailers, banks, the Federal Reserve, consumers, media, internet service providers and hosts, and health sites -- the 2020 presidential candidates' digital platforms are underperforming in the cybersecurity categories and are far less likely to join the "Honor Roll," the report showed.

[MORE: China and Russia Biggest Cyber Offenders Since 2006, Report Shows]

Election Hacks Around the World

Cybersecurity issues have become increasingly important for political campaigns, and election-related cyberattacks are no longer isolated incidents. By September 2019, the Center for Strategic International Studies had identified dozens of cyberattacks around the world, including in elections and on countries' industries and infrastructure.

Government officials in Montenegro have said that Russia tried to interfere in the Balkan country's 2016 general elections, a charge that Moscow has denied. In December 2016 a senior official in German Chancellor Angela Merkel's government warned that the country's 2017 general elections were at risk of being manipulated by hackers in Russia, drawing further denials from Moscow.

[MORE: Financial Losses From Cybercrimes Rose in 2018, Group Says]

Election hacks also have reportedly impacted countries such as the Netherlands and France, with the latter country's election infrastructure reportedly attacked in 2017. Then-candidate Emmanuel Macron, the favorite to win France's presidential election, was the target of a cyber espionage group linked to the Russian military.

In the run-up to the September 2018 general election in Sweden, government officials in that country worked with social media companies, the private sector and the news media to boost online security. Steps taken included the creation of a Facebook "hotline" to report false content, a media literacy program for high school students and the training of government workers to better identify digital influence programs, the BBC reported.

[MORE: Latin America Faced Heavy Amounts of Disinformation in 2018 Elections]

During the 2016 U.S. presidential campaign, Russia targeted election systems in all 50 states, while more recently Microsoft announced a hacker group with ties to Iran has targeted the current presidential campaign. Between August and September 2019, the Microsoft Threat Intelligence Center noticed a threat group making more than 2,700 attempts to identify email accounts of particular Microsoft customers and attack 241 of them. "The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran," Tom Burt, vice president of customer security and trust at Microsoft, wrote in a blog post.

Online security remains a major issue in the U.S. elections, the OTA report shows. While candidates in both the 2016 and the 2020 race scored well in website protection, consumer protection was worse in the 2020 race than in 2016. The 23 presidential candidates in the 2016 race performed slightly worse than the 2020 candidates, and privacy concerns remained issues for candidates in both election years.

"It isn't surprising that (digital) privacy is such a big issue (in political campaigns) because in the political realm they understand that data might be shared freely within the political party," Wilbur says. "The fact that there haven't been improvements in this area in the past four years is surprising."

Sintia Radu is a staff writer for Best Countries at U.S. News & World Report, covering international affairs, technology and global issues. Before joining U.S. News in 2017, she reported on business and technology at the Washington Post, the Missouri Business Alert and the St. Louis Post-Dispatch; she also previously worked as the managing editor and writer-at-large for Esquire Romania. She graduated from the Academia de Studii Economice din Bucure?ti, earned her Master of Arts in Journalism at the University of Missouri-Columbia, and is a fellow of the National Press Foundation for a program on the future of artificial intelligence. Radu is the 2016 winner of the Chicago 1871 Women in STEM competition, the 2016 winner of the Missouri Innovation Center's Mid-MO Tech Accelerator Selection, and helped design a multiple award-winning iOS/watchOS app profiled in the 2017 Associated Press report on The Future of Augmented Journalism. She is a 2015-2016 Fulbright Scholar and in 2017 gave a TEDx talk on immigration and diversity. Follow her on Twitter, connect with her on LinkedIn, or email her at sradu@usnews.com.