WASHINGTON — The Federal Election Commission gave the go-ahead this week to a nonprofit organization seeking to offer free cybersecurity services to political campaigns, upending rules that typically consider such free services illegal campaign contributions.

Robby Mook, campaign manager for Hillary Clinton, speaks to the traveling media corps. Washington Post photo by Melina Mara

The commission’s reasoning, in a nutshell, was that it ordinarily bans such services due to the possibility people might try to cash in on political favors later. But in this case, the risk of Russian and Chinese hackers running roughshod over the 2020 elections is far worse.

The nonprofit Defending Digital Campaigns, which made the appeal, now plans to run cybersecurity boot camps for staffers on presidential and congressional campaigns. The FEC also gave it the green light to negotiate free and reduced prices for cybersecurity services from companies to provide to the campaigns. The organization will also help share information about cybersecurity threats between campaigns and the U.S. government.

And they’ll make those services available to any campaign of any party — provided presidential candidates are polling above 5 percent in national polls and House and Senate candidates have collected at least $50,000 and $100,000 in donations that cycle respectively. The services will also be available to think tanks and policy focused non-governmental organizations.

“Elections should be about which candidate has the better vision and plan, not who has the most sophisticated cyber defenses, but today’s campaigns in both parties are up against some of the world’s most sophisticated cyber operatives,” Robby Mook, Hillary Clinton’s 2016 campaign manager and one of three Defending Digital Campaigns board members, said via email.

The organization’s other two board members are Mitt Romney’s 2012 campaign manager, Matt Rhoades, and Debora Plunkett, former director of the National Security Agency’s defensive arm, the Information Assurance Directorate. The idea for the organization grew out of a broader election security effort sponsored by Harvard University’s Belfer Center called Defending Digital Democracy where Mook, Rhoades and Plunkett are senior fellows.


The initative could go a long way in securing campaigns, which are often unwilling to invest in digital protections because they’re devoting every dollar to building up other campaign infrastructure and staying in the race. That’s especially worrying to government officials fighting to avert devastating breaches during the 2020 campaign that could undermine the political process or even swing elections at the presidential or congressional level. Presidential party nominees in the past three election cycles were hacked — most devastatingly in 2016 when Russian hackers stole troves of information from the Clinton campaign and strategically released it via WikiLeaks and other sites.

But congressional candidates, who work with much smaller budgets, are often the least defended from hacking, Plunkett said in an interview. And foreign hackers are likely to target those campaigns, she said — either to release their information and damage faith in the democratic system or just to gather up as much information about the electorate as possible.

“It would be foolish for any candidate for federal office to think they wouldn’t be a target,” she said in an interview.

In such a crowded field this year, hackers could also target those campaigns looking to cut short the career of a promising upstart candidate, Rhoades warned during an FEC meeting last month. “You can see many of the rising stars coming well in advance — people like former President Barack Obama, former President George W. Bush — and they’re very vulnerable at that stage,” he said.

Despite the grave threat of campaign hacking, the aproval didn’t come easily.

The FEC was wary that free cybersecurity services could be used as a workaround to evade campaign finance laws meant to cut down on corruption and influence in politics and it took several months to approve its advisory opinion. The final opinion stresses that the permission applies only to nonpartisan, nonprofit groups that are offering the same services to campaigns of all parties.


It also notes that the opinion won’t apply anymore if the hacking threat becomes less dire for some reason or if the government figures out a way to provide the same services on its own.

Two of the four commissioners — Democratic Chairwoman Ellen L. Weintraub and independent Steven T. Walther — wanted to add additional requirements that DDC publish information about all of its donors each month and refuse any contributions from foreign citizens.

The Republican members didn’t endorse those provisions, but DDC agreed to abide by them anyway, which cleared the way for the proposal’s approval.

Because the FEC has only four members — the minimum allowed for it to make decisions — all of its opinions must be unanimous.

Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.

filed under: