The wait continues on whether federal campaigns will be able to receive low or no-cost cybersecurity services from an organization co-founded by former Clinton manager Robby Mook and Romney manager Matt Rhoades.
The FEC on Thursday again “held over for further drafting” the request by Defending Digital Campaigns, Inc., a 501(c)4, which is seeking the commission’s approval to “provide or facilitate the provision of certain cybersecurity services, software, and hardware for free or at a reduced cost to federal candidate committees and national party committees on a nonpartisan basis and according to pre-determined, objective criteria.”
During the public meeting, FEC Chair Ellen Weintraub expressed concern that approving the group’s request would “blow a hole through” the corporate contribution ban. “I would like to support this endeavor, I also have an obligation to protect the law,” she said.
Weintraub also questioned why the two experienced practitioners—both of whom managed presidential campaigns that were “affected by breaches”—didn’t simply offer cybersecurity services at a reasonable price to campaigns.
The former managers emphasized they were targeting the “little guy” campaigns. “It’s for the down-ballot candidates—people that don’t have as much hard dollars to spend,” said Rhoades.
Even down-ballot campaigns are now facing the threat of hacking. For instance, two Democratic House primary candidates came under cyber attack last cycle. “We’re putting an enormous burden on campaigns that maybe have one or two staff,” said Mook. “The work’s just not getting done, and so the threat remains.”
In fact, their FEC filings note the services of DDC would be open to House candidates that have raised at least $50,000 and Senate candidates who have raised $100,000 for the current election cycle.
The fair market value of services like network monitoring and cyber incident response would be beyond those campaigns. “You can be getting into the tens of thousands of dollars [for each service.] Based on our evaluation, I don’t see a way to just kind of package that up,” said Mook. “Monitoring networks to see if bad people are in there, that’s a really expensive thing, but it can be done at scale, at a much lower cost and be in-kinded to the campaigns.”
Mook added: “Nobody’s interested in making money off this.”
The cost of the services would be covered by donations from individuals and foundations. “Our plan is to make the organization as lightweight as possible and to get the resources to the candidates and parties as directly as possible so we hope that the overhead of this organization is not enormous and fundraising is not an ongoing obligation,” Mook said.
Weintraub also wondered why the major party committees didn’t take the lead in offering these services to campaigns.
“Frankly, given the threat and the urgency, it’s just not realistic,” Mook said, noting the leadership of the party committees rotates and priorities could shift, even while the threat remains.
“For the next few years, on the Democratic side, we need this,” he said.
Meanwhile, Rhoades questioned if the GOP committees would have the resources and said that privacy would be a concern for Republican candidates given how a service like network monitoring works.
“They would be more comfortable,” he said of GOP candidates, with a private entity doing the monitoring.
The non-partisan DDC grew from Mook and Rhoades’ collaboration at the Belfer Center at Harvard University, where they’ve worked on the Harvard Defending Digital Democracy Project.
That produced a training video and a toolkit for campaigns. They also worked directly with election officials, “but when it came to campaigns, our hands were really tied because it’s a non-profit institution,” said Mook. “It cannot be in-kinding assistance to campaigns.”
Mook and Rhoades, together with Deborah Plunkett, former Director of Information Assurance at the National Security Administration (NSA), subsequently formed the DDC and petitioned the FEC last October to begin offering their services to campaigns. Throughout the process, they’ve been represented by attorneys Michael Toner and Marc Elias, who said they were doing the work pro bono because they believed in the mission of the organization.
Mook described that mission succinctly: “We just want to make sure that these foreign nation-state actors who are incredibly sophisticated don’t have an open door to push on to get into the campaigns.”
Meanwhile, Rhoades said hackers are threatening to disrupt the careers of future top-level candidates.
“Sometimes these foreign international threats or even our own domestic threats can see these rising campaigns, these rising stars and really have an opportunity to disrupt our democracy at a level,” he said. “You can see many of the rising stars coming well in advance—people like former President Barack Obama, former President George W. Bush—and they’re very vulnerable at that stage.”
During Thursday’s meeting, Commissioner Steven Walther likened the DDC request to the 2017 decision made by the FEC to allow campaign funds to be used to install or upgrade residential security systems at the homes of members of Congress. But Weintraub disagreed, arguing it wasn’t the same because the FEC just authorized the use of campaign funds in that case.
Weintraub said the commission would table the matter for the day “with the goal of trying to find a place where they four commissioners can land.”
Toner declined to comment to C&E while the matter was pending. The FEC is scheduled to take it up again April 25. The matter had previously been heard by the FEC four times. Each time it was held over to a later meeting.