Wyden: Let politicians use campaign funds for cybersecurity
Oregon Sen. Ron Wyden wants Congress and political candidates to avoid the trouble that hit German lawmakers during the past few weeks, when hackers published private information stolen from the German politicians' personal email and social media accounts.
Wyden will introduce legislation this year to allow U.S. political candidates and lawmakers to use campaign funds to fund cybersecurity of their personal and political accounts and devices. In mid-December, the Federal Elections Commission gave Wyden the green light to use campaign money for what would otherwise be considered a personal expense. Under old federal election rules, candidates could not use campaign funds for most "personal" expenses.
"In 2017, the FEC recognized that elected officials face heightened physical security threats and permitted the use of campaign funds to protect against those threats," Wyden said. "Given the growing cybersecurity threats posed by foreign governments hacking the personal accounts and devices of elected officials, it is common sense to permit these same funds to be spent on cybersecurity as well."
Wyden's plan includes using campaign funds to pay for protection of personal devices, such as cell phones and computers, secure home routers and networking equipment, and security tokens and "keys," personal software and apps, firewalls and antivirus software, password management tools, secure and encrypted backup and cloud services, and secure and encrypted chat, email, and project management tools. It also would pay for cybersecurity consulting services and security services to clean up malware and restore systems after an attack.
In its eight-page Dec. 12 ruling, FEC officials wrote that "the use of campaign funds for the expenses described in your request is limited to your own personal devices and accounts and not available for devices and accounts of family members, staff or other persons." The FEC wrote that the use of funds would have to be listed as "cybersecurity expenses" on campaign-finance reports.
Cybersecurity dangers facing politicians and political candidates were highlighted Friday, Jan. 4, when The New York Times reported that the accounts and devices of several hundred German lawmakers were hit by hackers, who then posted the private information online through a Twitter account (which has been shut down). The Times reported that the information included emails, chats, messages and contact information in many of the lawmakers' accounts. It was unclear how the information had been stolen, the Times reported.
During the 2016 U.S. presidential campaign, servers used by the Democratic National Committee were hacked, and much of the information was distributed publicly through Wikileaks.
Wyden originally made the FEC request in a May 16, 2018, letter detailing cyberthreats and potential threats to political leaders. He wrote that "some of the threats members face are physical, but many more are digital. The 2016 election season highlighted the dangers that elected officials face in the cyber realm."
In a four-page Sept. 18 letter attached to Wyden's request, Johns Hopkins University's Thomas Rid, a professor of strategic studies at the Paul H. Nitze School of Advanced International Studies, wrote that U.S. elected officials at nearly all levels of government were targets for nearly a year of "advanced, persistent cyberattacks."
"It is my expert opinion that these reports only scratch the surface of the advanced cyber threats faced by senators, house members, senior executive branch officials and important political staff," Rid wrote. He called personal email and other online accounts used by senators and their staff "high-value, low-hanging targets."