The Special Counsel’s report on Russian election interference carefully documents a “sweeping and systematic” attempt to interfere in the 2016 presidential election. Nearly three years later, our democracy is under an increasing threat from Russia and other foreign actors, and campaign cybersecurity is crucial to fighting the cyber threat.
But there are questions about how to provide campaigns with the cybersecurity tools they need.
For example, some have characterized the longstanding ban on corporations giving federal candidates valuable services for free as an “obstacle” to campaign cybersecurity. But there are good reasons for that law, which is one of the most important tools for preventing actual and apparent corruption in our democracy.
And there are other, better ways to ensure political candidates and their campaigns can protect themselves from the increasing cyber threats they face, without creating a massive loophole in our federal campaign finance rules that would allow corporate special interests to give valuable services to political campaigns for free.
For starters, candidates may use lawfully raised campaign funds to purchase products and services that are necessary to protect themselves and their campaigns against cyber threats.
Indeed, the Federal Election Commission issued an advisory opinion last December concluding that in light of the current, increased cyber threats faced by U.S. senators, a sitting senator may also use campaign funds to pay the fair market value of cybersecurity hardware, software, and services to secure personal electronic devices and accounts.
For candidates looking for help to cover those costs, a recently introduced Senate bill would allow national party committees to use money from their “building funds” accounts — contributions to which are subject to a heightened limit as a result of the Consolidated and Further Continuing Appropriations Act of 2015 — to pay for cybersecurity assistance to state parties, candidates, and their campaigns.
This approach would help campaigns access cybersecurity services while still ensuring that spending on those services is fully disclosed and compliant with campaign finance restrictions.
Alternatively, Congress could pay for campaign cybersecurity costs in the same way Congress previously financed presidential nominating conventions under the Presidential Election Campaign Fund.
This approach would greatly reduce opportunities for corruption by eliminating the need for campaigns to raise private funds for cybersecurity expenses. And it could secure a broader spectrum of campaigns by making cybersecurity available to any candidate that meets certain minimum qualifications, rather than relying on private corporations or national parties to determine which candidates receive the cybersecurity benefit.
Either of these solutions would strike a reasonable balance by helping candidates pay for cybersecurity services without undermining the important, century-old anticorruption law that prevents corporations from giving free stuff to legislators.
But in the absence of legislative action, the FEC has opted for a different approach — allowing corporations to provide free or discounted cybersecurity to candidates and their campaigns.
In the most troubling example of this approach, the FEC blessed Microsoft’s plan to provide free online account security services to “election-sensitive customers,” including federal candidates and national party committees, although it does not provide those services for free to non-political customers.
The FEC accepted Microsoft’s claim that it had legitimate commercial reasons for providing free services to political customers — protecting its brand reputation from the damage that would result if its election-sensitive customers were hacked — and relied on that claim to conclude that such free services were not impermissible political contributions.
But as Campaign Legal Center explained, under this “brand reputation” justification for providing free services to campaigns, a wide variety of corporate services outside the cybersecurity context could be provided to candidates for free.
A security company that does business with campaigns could provide free 24-hour bodyguard protection to “election-sensitive” clients because its reputation would suffer if a candidate were harmed.
When faced with a similar question more recently — by a nonprofit organization seeking to provide free cybersecurity services to political clients — the FEC adopted a more carefully tailored approach in approving the request.
The resulting advisory opinion largely followed a proposal by CLC and explicitly limited the scope of its application to the cybersecurity context, while invoking the FEC’s duty to ensure compliance with the statutory ban on foreign participation in U.S. elections, 52 U.S.C. § 30121.
The opinion emphasized the national “obligation to preserve the basic conception of a political community” through enforcement of the prohibition on foreign participation in U.S. elections, and it approved the nonprofit’s proposal to offer free or reduced-cost cybersecurity services as “a unique response” to the urgent cyber threats faced by federal candidates and national parties.
There is no doubt that the need to prevent foreign or malicious actors from unlawfully interfering in U.S. elections is real and urgent.
As federal legislators and regulators work to help candidates protect themselves and their campaigns from cyberattacks, it is equally important that the solutions avoid creating new opportunities for corruption of our political system.
For over 100 years, Congress has recognized the corruptive potential of corporate contributions to political candidates and has accordingly banned corporations from contributing money or free goods or services to campaigns.
Candidates urgently need cybersecurity, and the Nation urgently needs to end big-money corruption — these needs can and should be addressed together.