In advance of the 2020 elections, a new federal law proposed on Tuesday seeks to remove impediments faced by national political committees when seeking to help shore up the cybersecurity of their state-level counterparts.
One of three big security-focused bills introduced by Sen. Ron Wyden this year, the Federal Campaign Cybersecurity Assistance Act aims to grant national party committees, such as the Republican National Committee, more leeway when it comes to financing security assistance for both federal candidates and state parties.
The bill follows news last week that, in 2016, Russian hackers breached the systems of two county election systems in Florida. U.S. intelligence and national defense leaders have repeatedly emphasized, without dissent, that U.S. elections remain a primary target of enemies and rivals overseas host to sophisticated capabilities.
“Political campaigns lack the resources or technical expertise to protect themselves from these powerful, highly-motivated hackers. The parties are also unable to spend freely to secure their own computer systems,” reads material distributed by Sen. Wyden’s office on Tuesday.
Currently, cybersecurity assistance offered by a national committee to a candidate is considered an “in-kind donation” (goods or services); in other words, accepting the assistance reduces other kinds of direct financial support the candidate can receive. In the case of a Senate candidate, for instance, a national party committee can contribute no more than $49,600 (or its equivalent in in-kind donations.)
One of Washington’s top privacy and security hawks, Wyden argues that by including cybersecurity assistance under this cap, current federal election laws may incentivize a campaign to spend money on, for example, efforts to “get out the vote,” rather than address its security flaws. Campaigns may be more likely to pay for advertising, phone banks, and other voter outreach efforts than hire a security professional to help lessen the odds of a candidate getting hacked.
“The 2016 election made it painfully clear that campaigns need more help defending against sophisticated cyber threats,” Wyden said in a statement. “Foreign hackers successfully weaponized hacked emails to drive media coverage in 2016, but the government has done virtually nothing to protect campaigns from future attacks.”
“The fastest way to make an impact and put more resources into protecting candidates from foreign hacking is to give parties the ability to help in the fight against dangerous foreign influence in our elections,” added Wyden.
Previously, the senior Oregan Democrat introduced the Protecting American Votes and Election Act along with 14 Senate co-sponsors. The bill is aimed at mandating risk-limiting audits for all federal elections, among other protect-the-vote measures. In March, he introduced a bipartisan bill known as the Senate Cybersecurity Protection Act to provide Senate staff with voluntary cybersecurity assistance.
The announcement of Wyden’s new bill was accompanied by several endorsements from legal experts and privacy advocates. Adav Noti, senior director of the Campaign Legal Center, said the Federal Campaign Cybersecurity Assistance Act “strikes the right balance” when it comes to improving the security of campaigns while also “ensuring that funds spent on cybersecurity are fully regulated and disclosed.”
“Right now, no one is providing substantive cybersecurity help to campaigns and campaign finance restrictions reduce the incentive for campaigns to seek help,” said Paul Rosenzweig, a senior fellow at R Street Institute. “Every campaign needs robust cybersecurity and this bill is a good start to that end.”
Added Rosenzweig: “The Russians really are coming.”
Correction: An earlier version of this article stated the purpose of Wyden’s bill was to benefit state parties and candidates. The bill does apply to state parties, but only to candidates seeking federal office. We regret the mistake.