Privacy Advisor

2008 Presidential Candidates Present Contrasts on Privacy

February 1, 2008

By Lucy L. Thomson, CIPP/G

With the 2008 presidential campaigns in full swing, it's time to look at the privacy positions of the remaining candidates as well as the privacy policies on the campaign Web sites. Each of the candidates has a privacy policy on their Web site, but only three — Hillary Clinton, Barack Obama and Ron Paul — have policy positions that specifically address privacy.

Web Site Privacy Policies
All of the candidates' privacy policies discuss what personal information is collected through their Web sites, how the information is used, and how it is secured. Generally, the candidates urge supporters to provide identifying information and email addresses to facilitate campaign-related communications. Of concern are the use of cookies, IP address logs, and the sharing of personal information with third parties hosting advertising on some of the candidates' Web sites.

The privacy policies detail the collection of personal information in connection with online donations in order to comply with federal election law and regulations of the Federal Election Commission. They assert that they protect the security of credit card information when transmitted using SSL software.

All of the privacy policies describe how they comply with the Children's Online Privacy Protection Act of 1998 (COPPA), reserve the right to change their privacy policies at any time, indicate how to opt-out or discontinue association with the Web site, and how to contact the campaign about privacy. All provide links to other Web sites of interest, emphasizing that they are not responsible for the content or privacy policies of those third party Web sites or social networks. Unique aspects of each candidate's privacy policy highlight the differences among them (discussed in alphabetical order).

HillaryClinton.com
The privacy policy for Hillary Clinton for President is accompanied by a lengthy Terms of Service. The privacy policy focuses on how information on the Web site is protected and used, including when an individual contributes money online, signs a petition or schedules online events. The Web site says it uses cookies to "tailor your experience to the preferences you have specified." The privacy policy says the campaign cannot and does not access any information stored in a cookie by other Web sites. The Web site logs IP addresses "for system administration purposes." Photos and videos of campaign events can be used without an individual's permission, because your "attendance or participation is considered a release to use them for that purpose."

MikeHuckabee.com
The privacy policy was created by the Huckabee for President Exploratory Committee, Inc., and contains a Terms of Use as well as a list of standard notices for what, how and why personally identifiable information is collected.

The privacy policy states "we do not request or store sensitive information from our visitors except for credit card information requested on a donation page." The vendor handling their contribution system does not retain the full credit card numbers once transactions are complete.

While the Web site collects IP addresses for administration, to gather demographic information, and to deliver customized, personalized content, "IP addresses are not linked to personally identifiable information." The Web site uses cookies to save passwords and personal preferences, and to make sure visitors "do not see the same ad repeatedly." However, users are told they can set their browser to refuse cookies. The privacy policy outlines some of the steps taken to protect account information, such as SSL encryption, access control and placing information on a secure portion of the site. The Huckabee campaign manages its "Tell-A-Friend" program by only using the friend's name and email address to send a one-time email inviting them to visit the site.

JohnMcCain.com
The privacy policy for Senator McCain's campaign Web site declares that the "basic privacy policy for our Web site is simple: JohnMcCain 2008 does not collect any personally identifiable information about you when you visit the Web site unless you choose to provide information through email, a request to join our team, filling out a form or other method."
The privacy policy addresses personal information that is collected to provide information about campaign policies and events, and to enhance participants' experiences on the Web site. Log files are used to gauge Web site traffic and for administration. The log files contain IP addresses identifying the geography but not the identity of individuals.

Personal information may be used to personalize Web site and email communications. The McCain Web site will not sell individual's personal information, though information may be shared with Republican and other like-minded groups.

The privacy policy states that strict measures are in place to protect against the loss, misuse and alteration of information collected through the Web site. The Web site uses cookies to customize interactions with JohnMcCain.com.

Personal information can be edited. The Web site provides the opportunity to opt-in and opt-out of email communications, and the privacy policy may be updated at any time.

BarackObama.com
The privacy policy for Obama's campaign Web site begins: "We at BarackObama.com are committed to protecting the privacy and security of your visits to this Web site." With respect to information sharing, the privacy policy specifies that, "We may make personal information available to organizations with similar political viewpoints and objectives, in furtherance of our own political objectives."

This privacy policy addresses the what, why and how personally identifiable and browser/IP address information may be collected through the Web site.

Advertising on Obama'08 — The Privacy Policy states that the Web site uses "pixel tags (also known as Web beacons or clear GIF files) or other tracking technology to help us manage our online advertising campaigns." It reveals that "Such technologies may also be used by third party advertising service providers who serve or assist us in managing ads on our site, such as DoubleClick, Yahoo Tremor and 24/7 RealMedia." While the privacy policy states that the "information that is collected and shared using these pixel tags and similar technology is anonymous and not personally identifiable," the campaign says it is "not responsible for the actions or policies of third party advertising technology service providers." The privacy policy directs visitors to the Web sites of DoubleClick, 24/7 and Yahoo for information about how to opt-out of the use of these technologies.

Privacy of our email lists — Individuals must affirmatively request to join an email list. The Privacy Policy says it attempts to protect its email lists and has configured its list server software to refuse to divulge the email addresses of their list subscribers to anyone other than whom they authorize.

A related Terms of Service provides further information related to Privacy Policy, Accuracy of Information, Links to Other Web sites, Campaign Finance Laws, Your Use of Information Contained on Web site, Limitations on Use, User-Contributed Content, Disclaimer of Warranties and Limitation of Liability, Modifications and Copyright Policy.

RonPaul2008.com
Ron Paul's privacy policy is a succinct one-page statement that commits to "providing the highest level of protection for your online privacy and security." Paul emphasizes: "Privacy is one of the main issues of our campaign, and therefore it is likewise a critical concern for our online campaign presence as well." The Privacy Policy addresses several issues: Individuals may decide how much personal information to provide on the Web site, and they can unsubscribe from their email database quickly and easily.

Ron Paul is using his Web site to organize an online grassroots movement. He urges supporters to connect with "friends, family, neighbors and co-workers." His Privacy Policy states that "we reserve the right to store any information about the people you contact through our Web site."

Privacy Policy Positions
Three candidates, Hillary Clinton, Barack Obama and Ron Paul, have unveiled policies on privacy and technology that reflect serious efforts to address complex privacy issues.

In a major policy speech in June 2006, Hillary Clinton presented a "Privacy Bill of Rights" that she envisions as part of legislation entitled the PROTECT Act—Privacy Rights and Oversight for Electronic and Commercial Transactions (http://clinton.senate.gov/ news/statements/detail.cfm?id=257288&&). She has concluded that "at all levels, the privacy protections for ordinary citizens are broken, inadequate and out of date." Senator Clinton observed that, "Today our privacy comes into uncertain conflict with security cameras, data mining, computer hackers and identity theft. ... So therefore we need legal protections that are up to date with the technological and national security needs of our time."

She advocates for "a new set of consumer protections" consisting of three basic rights:

   1. "People have the right to know, and to correct, information which is being kept about them."
   2. "People have the right to know what is happening to their information when they are cooperating with a business and to make decisions about how their information is used."
   3. "In a democracy, people have the right and the obligation to hold their government and the privacy sector to the highest standards of care with the information they gather."
      Senator Clinton asserts that her legislation provides "clear privacy rules, and clear protections for individual's most private information," including:

          o Right to sue when privacy rules have been violated. The legislation would create a tiered system of damages, exempting the smallest businesses with set minimums of $1,000 for breaches and $3,000 for actual
            misuse of information. "The burden of prevention belongs on the companies that handle our data." She believes the FTC must issue a single, clear set of rules that provides
            comprehensive protection against unauthorized access or security breaches.
          o Right to protect phone records. Senator Clinton says her legislation will try to get ahead of the curve of technology, making sure that consumers' cell phone numbers and call records remain private.
          o Right to freeze credit when someone's identity has been stolen. This will strengthen the right to know provisions. If a person's credit or identity is compromised, he or she should be notified immediately, not days, weeks or months later.
          o Right to know what businesses are doing with individuals' credit and credit reports.
          o Right to expect the government to use the best privacy practices with individuals' information. To oversee and enforce the government's handling of sensitive data, a privacy czar should be appointed.

Senator Barack Obama's views on privacy are revealed through his technology policy plan, unveiled in November 2007, which provides safeguards for privacy rights (www.barackobama.com/ isssues/technology).

Emphasizing the risks inherent in the "open information platforms of the 21st century," he proposed "sensible safeguards that protect privacy in this dynamic new world," and "harness the power of technology to hold government and business accountable for violations of personal privacy." Senator Obama's privacy positions are based on these principles:

  • Ensuring that powerful databases containing information on Americans that are necessary tools in the fight against terrorism are not misused for other purposes. He supports information use restrictions and technology safeguards to verify how the information has actually been used.
  • Updating surveillance laws and ensuring that law enforcement investigations and intelligence-gathering relating to U.S. citizens are done only under the rule of law.
  • Providing robust protection against misuses of particularly sensitive kinds of information, such as e-health records and location data that do not fit comfortably within sector-specific privacy laws.
  • Increasing the FTC's enforcement budget, and greater international cooperation to track down cyber-criminals so that U.S. law enforcement can better prevent and punish spam, spyware, telemarketing and phishing intrusions into the privacy of American homes and computers.

Senator Obama says he would "invest $10 billion a year over the next five years to move the U.S. healthcare system to broad adoption of standards-based electronic health information systems, including electronic health records." Part of this initiative will be to ensure that patients' privacy is protected.

Ron Paul highlights privacy and personal liberty on his Web site by stating that the "biggest threat to your privacy is the government. We must drastically limit the ability of government to collect and store data regarding citizens' personal matters." Paul emphasizes three areas of particular concern:

  • We must stop the move toward a national ID card system.
  • We must protect medical privacy.
  • The Patriot Act must be overturned.

The aspects of the Patriot Act Paul opposes are the federal government's expanded ability to use wiretaps without judicial oversight; search warrants that are not specific to any given location nor subject to any local judicial oversight; the governmentability to monitor Internet usage; authorized "sneak and peak" warrants enabling federal agents to search a person's home, office or personal property without that person's knowledge; and requirements that libraries and bookstores turn over records of books read by their patrons.

As the field narrows going into the November elections, The Privacy Advisor will take a closer look at the privacy positions of the major party candidates.


Attorney Lucy Thomson, CIPP/G, is senior principal engineer and privacy advocate at Computer Sciences Corporation, a global IT company. She works on teams building modernized information systems for very large organizations. Thomson earned an M.S. degree from Rensselaer Polytechnic Institute in 2001, and received her J.D. degree from the Georgetown University Law Center.