It’s no secret that conservatives, who will soon control all three branches of the U.S. government with the election of President Trump, are more liable to give more power and deference to law enforcement. Perhaps the strongest influence is the likely appointment of one to three conservative Supreme Court justices.
What does that mean for computer security? What are the good and the bad possible outcomes?
Increased privacy concerns
In general, most governments and their law enforcement agencies would like the ability to invade citizens’ privacy whenever they feel it would benefit their investigations. At the same time, businesses and marketers want as much insight into their potential customers’ lives to better sell goods and services.
Neither impulse necessarily derives from evil intent. Anyone performing any job wants the tools and access to make their jobs easier. But this natural need should be balanced by citizen privacy protections, codified in law, to make these intrusions justifiable, legal, and minimal. Most countries struggle to find the right balance.
In the United States, hundreds of acts and laws govern privacy. Some of the notable ones:
Any law or guidance that affects the operations and activities of the National Security Agency, Federal Bureau of Investigation, or Central Intelligence Agency impacts American and foreign citizens around the world.
We already have red light cameras, public CCTV, automated license plate readers, and toll booth sensors that collect information about our vehicles and our travel. Much of that information is intended to be stored in perpetuity. Dozens of “fusion centers” aggregate information about everything from book-buying habits to childcare choices. Many law enforcement agencies don’t need warrants to use cellphone tracking technology such as Stingray. Moreover, you can be compelled by a court to provide your cellphone’s PIN, even if it leads to self-incrimination.
The recent political shift is likely to encourage even less privacy, with expanded government and business invasions. One ray of hope: A small contingent of libertarians want to protect or even broaden citizen privacy. These libertarians made themselves known after recent leaks involving the CIA and NSA. The resulting public uproar resulted in a few positive changes to the extension of the Patriot Act. Unfortunately, those gains were modest and short-lived.
Impact on government security
Few people think the election of a new president will improve the security of government computers, which remains in a lamentable state. That said, the U.S. government has some impact on security through guidelines and recommendations.
The top two issuers of these directives are the Defense Information Systems Agency, which is directly responsible for protecting our government’s information security assets, and the National Institute for Standard and Technology, which publishes the United States Government Configuration Baseline. The Baseline mandates computer security configurations across many government agencies. Both agencies’ computer security initiatives, as flawed as they may be, have had significant impact on securing government agency computers.
The trend over the years has been for these guidelines to be even more inclusive in providing a solid set of computer security recommendations. Implementing them does reduce risk. In fact, many of the people charged with implementing them will tell you they go too far and break too many applications—a good complaint to hear when you’re a computer security pro! Plus, the Defense Information Systems Agency is looking at implementing strict application control (that is, whitelisting) on managed computers, which should significantly complicate hackers’ plans.
Increasing the security of government computers was already a top priority. I don’t expect the new administration to try and remove those “troublesome regulations.”
Mandated security defenses for business
Some wonder if private businesses will be mandated to be more secure. Since incoming President Trump and other conservatives ran on a platform of fewer government regulations, it’s unlikely we’ll see new computer security defenses mandated for private businesses. I see a risk, though, that some of what’s already out there may be weakened or removed.
Will that make a difference either way? We already have sweeping regulations and guidelines, such as the Payment Card Industry’s Data Security Standard for credit cards, the Health Insurance Portability and Accountability Act, and the NIST Cybersecurity Framework, which attempts to cover, recommend, and enforce basic computer security best practices. Would another new law really help?
Barring an unforeseen, cataclysmic computer security attack against multiple businesses or our financial system, I don’t think new laws mandating additional computer security for businesses will be passed anytime soon.
Punishment for hackers
Trump campaigned as the “law and order” candidate, so I expect law enforcement to be better funded and sentences for breaking the law to be intensified. Law enforcement will probably be enabled with more ways to catch and identify hackers and those able to be brought to American justice will likely face longer and more severe sentences.
I, of course, support these measures. Unfortunately, all administrations learn how hard it is to catch and prosecute hackers, especially when they are located in unreachable areas. On a related note, I don’t think the new administration will be any more successful in trying to put down all the Russian ransomware campaigns.
Funding for STEM and immigration
The U.S. federal government has been increasing funds for STEM (science, technology, engineering, and math) for a long time now. Whether that continues at current levels is anyone’s guess.
It’s important to note, however, that the United States' own STEM colleges have a disproportionate number of students born of recent immigrants. No American who won a Nobel Prize in science or economics this year was originally born here. Because Trump ran on an anti-immigrant platform, many scholars may opt to study and gain citizenship in countries other than the United States.
Lastly, the new administration has run on the idea of giving states more control over their public education systems. While this can be good for a number of reasons, it could potentially mean further uneven promotion and preparedness for STEM careers in some states versus others. Plus, it could directly mean less federal STEM funding in general to the states that continue to aggressively pursue it.