Donate
Online Trust Audit for 2020 Presidential Campaigns Update Thumbnail
‹ Back
Building Trust 4 December 2019

Online Trust Audit for 2020 Presidential Campaigns Update

Jeff Wilbur
By Jeff WilburTechnical Director, Online Trust Alliance

On 7 October 2019, the Internet Society’s Online Trust Alliance (OTA) released the Online Trust Audit for 2020 U.S. Presidential Campaigns. Overall, 30% of the campaigns made the Honor Roll, and 70% had a failure, mainly related to scores for their privacy statements. As part of this process, OTA reached out to the campaigns, offering to explain their specific Audit scores and ways to improve them. The campaigns were also told that they would be rescored in mid-November and the updated results would be published in early December. As a result, several campaigns contacted us to understand the methodology and scoring, and several of them made improvements.

Rescoring of all elements of the Audit was completed on 25 November, and the table below shows the updated results since release of the original Audit. Several campaigns have been suspended since early October (Messam, O’Rourke, Ryan, and Sanford, as well as Bullock and Sestak in early December). Campaigns shown in bold in the Honor Roll column made enough improvements to earn passing scores for their privacy statements and thereby achieve Honor Roll status. Campaigns shown in italics at the bottom of the table are new entrants since the Audit was released. Based on this updated list of 20 campaigns, 10 made the Honor Roll while 10 had a failure in one or more areas, creating a 50/50 split.

Figure 1 – 2020 Presidential Campaign Audit Supplement Results
Privacy Practice Updates

Three campaigns updated their privacy statements, and all three made changes that caused them to pass in the privacy area (a score of 60 or more) and achieve Honor Roll status. However, these were minor changes (added a date stamp, addressed children’s use of the site, layered the statement to make it easier to navigate) – none addressed the core data sharing issues highlighted in the original Audit.

For the new entrants, one had no privacy statement (De La Fuente), one had a privacy statement with a score below 60 (Bloomberg), and one had a privacy statement with a passing score that directly addressed the data sharing issues (Patrick).

Site Security Updates

Minor changes were noted in the site security aspects of the Audit, and none were substantial enough to cause a change in Honor Roll status. Two campaigns now have outdated software (lowering their score), and one added support for TLS 1.3.

Site security scores for the new entrants were strong, which is in line with other campaigns, and all of them support “always on SSL” or fully encrypted web sessions.

Consumer Protection Updates

A few changes were noted in the existing campaigns – one added support for DNSSEC, and one added DMARC support with a reject policy (the recommended email security best practice). These improved the campaigns’ scores, but did not affect their Honor Roll status. The two campaigns that originally had failures due to email authentication have been suspended so are no longer on the list.

For the new entrants, one has insufficient email authentication (so fails in Consumer Protection as well as Privacy), and while the other two have strong SPF and DKIM protection, only one uses DMARC with a reject policy. One supports DNSSEC.

Conclusion

The engagement with several of the campaigns was constructive and led to improvements that helped them earn Honor Roll status. We find that for most organizations the issue is more about awareness of best practices and their impact on overall trust than a refusal to follow those best practices. However, the data sharing language in all but one of the privacy statements is concerning. For example, most of the campaigns had language that would allow them to share data with “like minded organizations.” Language along these lines gives the campaigns broad discretion to share user data. We encourage campaigns (and the political parties they work with) to consider improvements to sharing language to increase transparency about how data is shared and give users more control over their data.

Campaign Sites and Privacy Statements

You can find the list of the URLs for the rescored campaign sites and associated privacy statements in the Supplement to Online Trust Audit – 2020 Presidential Campaigns.

This supplement was finalized before Kamala Harris dropped out of the U.S. presidential race on 3 December 2019.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Announcing the 2020 U.S. Presidential Campaign Audit
Announcing the 2020 U.S. Presidential Campaign Audit
Building Trust8 October 2019

Announcing the 2020 U.S. Presidential Campaign Audit

Today, the Internet Society's Online Trust Alliance released a new report, the "2020 U.S. Presidential Campaign Audit," analyzing the 23...

Getting Ready for the 2016 Online Trust Audit
Building Trust15 February 2016

Getting Ready for the 2016 Online Trust Audit

Got Trust?  The Online Trust Audit continues to serve as benchmark of security, privacy and consumer protection best practices for...

2017 Online Trust Audit Released - What Did We Learn?
2017 Online Trust Audit Released - What Did We Learn?
Building Trust20 June 2017

2017 Online Trust Audit Released – What Did We Learn?

Today the OTA released the 9th annual Online Trust Audit and Honor Roll. This year’s Audit is our most comprehensive ever, assessing...

Join the conversation with Internet Society members around the world