Building Trust 18 September 2015

Online Trust Alliance Audit Finds 74% of U.S. Presidential Candidates’ Websites Fail to Respect Americans’ Privacy

Candidates are sharing, selling & trading sensitive data

BELLEVUE, Wash. September 18, 2015 – The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust, today released its Presidential Candidate Online Trust Audit. The report evaluates the privacy, security and consumer protection practices of the top presidential candidates’ websites. After a thorough assessment, 17 of the 23 websites, or 74 percent received failing grades.

Conversely, the 26 percent that passed performed so admirably that they achieved “Honor Roll” status. There was no middle ground—either the websites had failing or excellent scores.

Poor Privacy Practices
All the failures can be attributed to troubling privacy practices, with 74 percent of candidates’ websites scoring an “F” grade in this category. Some websites failed due to nonexistent or inadequate privacy policy disclosures. Others flunked because they reserve the right to liberally share or sell their donors and site visitors’ personally identifiable information (PII), including addresses, phone numbers, employers and even passport numbers, with unaffiliated third parties that the candidates deem as like-minded organizations.

“Although political websites may not be beholden to the same security and privacy standards as industry, our findings clearly reveal that these campaigns’ data practices are out of alignment with consumer expectations and Federal Trade Commission guidelines for the business community,” said Craig Spiezle, Executive Director and President of OTA. “In this era of consumers’ mounting distrust of data and privacy practices, candidates must move beyond a compliance mindset and embrace responsible data stewardship.”

OTA recommends that voters review a candidate’s site for published privacy policies before making a donation or completing an online form. Unfortunately, 17 percent of the evaluated websites did not even have a discoverable privacy policy. Failure to disclose such information potentially puts candidates at odds with various federal and state regulations.

Bright Spots: Security and Consumer Protection
On a positive note, the candidates’ websites received excellent scores for server security, with only one site having an observed vulnerability (not serious enough to fail). This trend can be ascribed to the adoption of best practices and the fact that they are all relatively simple, recently built sites. 70 percent of the sites have implemented Always-On SSL, which encrypts the web session between the user and website, enhancing both data security and privacy of the user. 

All candidates had excellent consumer protection scores. This category accounts for measures implemented to help protect one’s domain and email communications from eavesdropping through the adoption of best practices including email encryption and authentication protocols. This is important because deficiencies in this area can put campaigns at risk of phishing schemes whereby cybercriminals use spoofed domains to send fraudulent emails that appear to be from the candidate. Recipients are then tricked into donating money or revealing personal information, putting them at risk for identity theft.

Passing and Failing Candidates
The breakdown of candidates whose websites made OTA’s Honor Roll or failed the evaluation is as follows:

2016 Presidential Candidates
Honor Roll       Failing Grades
Jeb Bush (R)  Ben Carson (R)
Lincoln Chafee (D) Hillary Clinton (D)
Chris Christie (R) Ted Cruz (R)
Martin O’Malley (D) Carly Fiorina (R)
Rick Santorum (R) Jim Gilmore (R)
Scott Walker (R)  Lindsey Graham (R)
  Mike Huckabee (R)
  Bobby Jindal (R)
  John Kasich (R)
  Lawrence Lessig (D)
  George Pataki (R)
  Rand Paul (R)
  Marco Rubio (R)
  Bernie Sanders (D)
  Jill Stein (G)
  Donald Trump (R)
  Jim Webb (D)

The complete report and methodology is posted at here.  

About OTA: 

The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users’ security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, ecommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors.

Related resources

Building Trust 8 October 2019

OTA’s Trust Audit Scores U.S. Presidential Candidates’ Campaigns, Finds Major Failures in Privacy Statements

Reston, VA. – October 8, 2019 – The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy...

Building Trust 25 September 2019

The Internet Society’s Online Trust Alliance Announces Methodology for Eleventh Online Trust Audit and Honor Roll

Criteria updated to include increased focus on encryption and global privacy regulations; international retail segments added

Building Trust 9 July 2019

Internet Society’s Online Trust Alliance Reports Cyber Incidents Cost $45B in 2018

Reston, VA – July 9, 2019 – The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy...