Posts Tagged: Defending Digital Campaigns


11
Jul 19

FEC: Campaigns Can Use Discounted Cybersecurity Services

The U.S. Federal Election Commission (FEC) said today political campaigns can accept discounted cybersecurity services from companies without running afoul of existing campaign finance laws, provided those companies already do the same for other non-political entities. The decision comes amid much jostling on Capitol Hill over election security at the state level, and fresh warnings from U.S. intelligence agencies about impending cyber attacks targeting candidates in the lead up to the 2020 election.

Current campaign finance law prohibits corporate contributions to campaigns, and election experts have worried this could give some candidates pause about whether they can legally accept low- to no-cost services from cybersecurity companies.

But at an FEC meeting today, the commission issued an advisory opinion (PDF) that such assistance does not constitute an in-kind contribution, as long as the cybersecurity firm already offers discounted solutions to similarly situated non-political organizations, such as small nonprofits.

The FEC’s ruling comes in response to a petition by California-based Area 1 Security, whose core offering focuses on helping clients detect and block phishing attacks. The company said it asked the FEC’s opinion on the matter after several campaigns that had reached out about teaming up expressed hesitation given the commission’s existing rules.

In June, Area 1 petitioned the FEC for clarification on the matter, saying it currently offers free and low-cost services to certain clients which are capped at $1,337. The FEC responded with a draft opinion indicating such offering likely would amount to an in-kind contribution that might curry favor among politicians, and urged the company to resubmit its request focusing on the capped-price offering.

Area 1 did so, and at today’s hearing the FEC said “because Area 1 is proposing to charge qualified federal candidates and political committees the same as it charges its qualified non-political clients, the Commission concludes that its proposal is consistent with Area 1’s ordinary business practices and therefore would not result in Area 1 making prohibited in-kind contributions to such federal candidates and political committees.”

POLICY BY PIECEMEAL

The decision is the latest in a string of somewhat narrowly tailored advisories from the FEC related to cybersecurity offerings aimed at federal candidates and political committees. Most recently, the commission ruled that the nonprofit organization Defending Digital Campaigns could provide free cybersecurity services to candidates, but according to The New York Times that decision only applied to nonpartisan, nonprofit groups that offer the same services to all campaigns.

Last year, the FEC granted a similar exemption to Microsoft Corp., ruling that the software giant could offer “enhanced online account security services to its election-sensitive customers at no additional cost” because Microsoft would be shoring up defenses for its existing customers and not seeking to win favor among political candidates.

Dan Petalas is a former general counsel at the FEC who represents Area 1 as an attorney at the law firm Garvey Schubert Barer. Petalas praised today’s ruling, but said action by Congress is probably necessary to clarify the matter once and for all.

“Congress could take the uncertainty away by amending the law to say security services provided to campaigns to do not constitute an in-kind contribution,” Petalas said. “These candidates are super vulnerable and not well prepared to address cybersecurity threats, and I think that would be a smart thing for Congress to do given the situation we’re in now.” Continue reading →