FEC rules that campaigns can get discounts on cybersecurity
Political campaigns will need cybersecurity to avoid a repeat of the 2016 presidential election, but are often strapped for cash. The Federal Election Commission made a ruling today that will make it legal for campaigns to secure low-cost services from cybersecurity firms, as long as the firms offer the same rates to their non-political clients. According to the New York Times, FEC lawyers initially had concerns that the practice would violate campaign finance laws designed to prevent corporations from currying favor with political candidates.
The cybersecurity firm at the center of the FEC’s decision is Area 1, a California-based firm that focuses on phishing. Founded by a group of former NSA hackers in 2013, the security vendor continuously crawls the web for signs of phishing and claims it can analyze 6 billion URLs and 4.8 billion IP addresses every couple of weeks, according to a report in Network World. Back in December, the firm successfully uncovered a phishing attack on the Ministry of Foreign Affairs in Cyprus that compromised the entire EU’s diplomatic communication network.
Area 1 first approached the FEC in June and requested to offer free services to political candidates. The security vendor cited an FEC’s decision in 2018 to allow Microsoft to offer free account security to political candidates. In Microsoft’s case, it stood the risk of long-term damage to its reputation if its clients were hacked. But the FEC wasn’t sure if the same case applied to Area 1, which seemed to have nothing to gain from offering cheap cybersecurity to candidates (other than political favor).
But the FEC switched gears after discovering that Area 1 would simply be offering the same low-cost services to candidates as it does to its regular clients. In its ruling, the FEC stated that Area 1 could charge candidates a fixed fee of $1,337 for its phishing services, “because doing so would be in the ordinary course of Area 1’s business and on terms and conditions that apply to similarly situated non-political clients.”
Hopefully, this most recent FEC ruling will make it easier for campaigns and cybersecurity vendors to work together. After electoral interference in both the 2016 and 2018 elections, it’s clear that campaigns will need all the help they can get.