2016 Presidential Candidate Security Investigation

New submitter Fryan writes: InfoSec Institute has assessed the security posture of 16 of the presidential candidates' websites. This is an indicator of the level of security awareness the candidate and the campaign staff has. The recent breaches and security lapses of high profile individuals highlight the absolute need for everyone to take security awareness seriously. The hacking of the Director of the CIA's (John Brennan) personal email account, and the storage of classified emails on a personal email server with Hillary Clinton, show how damaging a lack of basic good security hygiene can be. In this survey (of only the best known presidential candidates, not the scads of others), the authors give both their highest grade (an A) and lowest (a D) for candidates still in the race to two Republicans, Ben Carson and Jim Gilmore, respectively; surprising for a tech-focused campaign, Lawrence Lessig (who has ended his candidacy since the survey began) ranked even lower, with a D-.

Speaking of presidential candidates, the fourth Republican debate, hosted by Fox Business, will kick off about an hour after this post goes live (9:00 PM Eastern, 0200 GMT). Feel free to discuss it alongside the security report.

Really?

[TWX]

From TFA:

InfoSec Institute has assessed the security posture of 16 of the presidential candidates' websites. This is an indicator of the level of security awareness the candidate and the campaign staff has.

This assertion is false. First, the candidate has other things to be concerned about. His IT staff, who will probably not follow him to the political office if he's elected given the nature of government bureaucracy, handle it. Second, a web site is a glorified poster and graffiti wall. It's there for John Q Public. Media organizations are provided with itineraries and possibly with the contents of speeches and other material directly, they do not have to go to the candidate's website. Third, any maliciousness done to the candidate only serves to strengthen the candidate, as those who were already in-favor of the candidate will not lessen their opinions based on a website hack, and those who were undecided may sympathize with the candidate after such an attack. Fourth, given the propensity for semianonymous abuse of comments sections, the candidate's staff already have to peruse comments to moderate/censor, so long-term abuse that could paint a candidate as something that they don't want to be is unlikely.

If you want to know how a candidate handles security, follow how they handle money, and how quickly they return contributions that come from undesirable sources, or how they handle public appearances and interaction with specific persons. At this early stage that's probably more of a tell than any website.

Re:More live-debate commenting

[drinkypoo]

As a biomedical research scientist who values individual freedom, Obama's stifling of (direct-to-consumer) personal genomics - e.g. what the FDA did to 23andMe - is going to make it very hard for me to vote for any of the "centrist" Democrats.

As a person concerned with privacy, I cannot imagine why anyone would use 23andMe.

One of the reasons I voted for Obama was that he was billed as a scholar of constitutional law - who would presumably believe in freedom of speech

Don't presume.

Supposedly Obama deserves all kinds of credit for reforming healthcare in the USA, but all he really did was layer on additional bureaucracy

That's what government does.

Would the Republicans be better? Probably not. But the centrist Democrats sure ain't heroes either.

Correct. They're mostly a bunch of assholes. People with the courage to actually be far-left (or even far-right) are typically drummed out of government in a hot second.