On July 11, 2019, the Federal Election Commission (“FEC”) issued an advisory opinion stating that low to no-cost cybersecurity services do not constitute an in-kind contribution. Accordingly, to not run afoul of campaign finance laws, the firm providing these services must already offer “discounted solutions to similarly situated non-political organizations, such as small non-profits.” The opinion was issued in response to a petition by California-based Area 1 Security, a cybersecurity company that specializes in blocking phishing attacks.
This is just one of the many recent opinions issued by the FEC regarding cybersecurity offerings. For example, last year, Microsoft was granted an exemption that allowed the company to “offer enhanced online account security services to its election-sensitive customers at no additional cost because Microsoft would be shoring up defenses for its existing customers and not seeking to win favor among political candidates.”
These rulings come at a time where election security is of dire importance. Russian phishing attacks, voter database probing and disinformation campaigns ran widespread throughout the 2016 and 2018 election cycle, and as cybersecurity author Brian Krebs suggests, these attacks were merely a test run for 2020. These pending attacks require significant action to ensure election security, and there is growing concern that the FEC is incapable of handling this responsibility. Adav Noti, a former FEC general counsel, stated that the commission is “incredibly unsuited to the danger that the system is facing . . . The FEC is an agency that can’t even do the most basic things properly.”
In response, Senator Ron Wyden introduced the Federal Campaign Cybersecurity Assistance Act. This legislation would “allow national party committees to provide cybersecurity assistance to state parties, individuals running for office, and their campaigns.” The bill would also “give the Department of Homeland Security the power to set minimum cybersecurity standards for U.S. voting machines, authorize a one-time $500 million grant program for states to buy ballot-scanning machines to count paper ballots, and require states to conduct risk-limiting audits of all federal elections in order to detect any cyber-attacks.”
The bill has failed in the Senate, as Senate Majority Mitch McConnell has stated that “many of the proposals labeled by Democrats to be ‘election security’ measures are indeed election reform measures that are part of the left’s wish list I’ve called the Democrat Politician Protection Act.” Regardless of the blatant partisanship that currently engulfs Congress, election security is a matter of national security, and the issue needs to be addressed.