FEC Allows Political Campaigns to Accept Free Cybersecurity Services
An advisory opinion issued by the Federal Election Commission (FEC) last week will allow political campaigns to accept free and low cost cybersecurity services without violating campaign finance laws. The decision was made given the “highly unusual and serious threat” posed to US elections by foreign adversaries. The opinion discusses the case in reference to a non-profit spinoff of Harvard’s Defending Digital Democracy Project, called Defending Digital Campaigns (DDC).
The DDC has proposed providing campaigns and political parties with “knowledge, training, and resources to defend themselves from cyber threats” and considers themselves “truly nonpartisan.” The nonprofit offers free or reduced cost cybersecurity services, including facilitating the provision of free or reduced-cost cybersecurity software and hardware from technology corporations, to federal candidates and parties according to a pre-determined set of criteria.
DDC requested permission from the FEC to establish information sharing systems to relay information regarding cyber threats, create a free cybersecurity hotline, create cybersecurity “boot camps” to train and certify campaign leaders and staff, provide on-site training and assistance, and provide cybersecurity incident response and monitoring systems.
In the opinion, FEC Chair Ellen Weintraub noted several high profile cybersecurity risks posed to campaigns over the last decade and concludes, “Under the unusual and exigent circumstances presented by your request and in light of the demonstrated, currently enhanced threat of foreign cyberattacks against party and candidate committees, the Commission approves DDC’s proposed activity.”
The FEC praised DDC for its uniquely “bi-partisan fashion” for handling this issue, noting that the group is co-led by former campaign managers from Republicans and Democratic presidential campaigns.
Matt Rhoades, senior fellow with the Defending Digital Democracy Project, told the FEC in April that free or low-cost cybersecurity recourses were important because campaigns are often unable to afford true cyber experts or advisors.
When you’re first setting up and you’re first raising those precious hard dollars, the last thing you want to do is to spend them on something to secure your networks,” said Rhoades, who served as Mitt Romney’s campaign manager in 2012.
Eligible groups for DDC services include House candidates who have at least $50,000 in receipts and Senate candidates who have at least $100,000 in receipts for the current election cycle, candidates who will appear on the general election ballot, or presidential candidates who are polling above five percent in national polls.
“We [approved the measure] because of the grave dangers facing campaigns from hackers, and I hope every campaign will take advantage of it,” Weintraub told a House Oversight and Reform subcommittee hearing on Wednesday.
Weintraub noted in the opinion that approval is conditioned on DDC’s public disclosure of all donations and going forward, disclosure of new donations by the first day of the month following when they were received, and its commitment to accept donations only from individuals, foundations, and entities that have elected C corporation status for federal income-tax purposes.
Posted in Featured News