Sign up for a daily newsletter defining what matters in business and markets

Stories

New rules on paying for campaign cybersecurity

 Illustration of campaign yard sign in the shape of a padlock on the ground
Illustration: Sarah Grillo/Axios

It just got easier for cybersecurity toolmakers to offer campaigns help — but only by a little.

The big picture: Cybersecurity firms have flocked to provide free services to state election authorities, and some want to help protect political campaigns, too. But those efforts have been in legal limbo thanks to the complexities of election finance law.

Driving the news: The Federal Election Commission issued its final of a series of clarifying decisions last week: Firms may offer political campaigns the same discounts they offer other customers, but only non-profits can provide campaigns with free services or deals special to the campaigns.

Why it matters: Though much of the political focus has moved to voting machines, that wasn’t what Russia hacked in 2016. Rather, it targeted campaigns and political groups — and getting their defenses correct in 2020 is critical.

Details: The FEC had been weighing whether Area 1, a phishing security company, and Defending Digital Campaigns, an election security non-profit, could offer free services to campaigns.

  • Last week the FEC decided that Area 1 could offer the same discounts to campaigns it offers to everyone.
  • In May, the FEC said Defending Digital Campaigns (DDC), as a non-profit, could offer free services.
  • Companies that want to cut prices for campaigns still generally can’t.

The intrigue: Several firms already offer free services to state election groups — including Microsoft, Cloudflare, Google and Synack — and it’s easy to think democracy would be better served if campaigns could get security tools for free, too.

  • But the way campaign finance laws are written, this would open the door for analogous groups to argue they too should be able to offer free services.
  • Smith & Wesson, for instance, could start offering free physical security.
  • The FEC’s position is that any kind of carve-out from regulations for a specific industry like cybersecurity is a matter for Congress to decide.

Area 1's case was unique, because both the FEC and Area 1 agree that offering the same pricing to campaigns as to everyone else is explicitly legal. But Area 1's unusual pricing scheme made campaign lawyers nervous, Area 1 CEO Oren Falkowitz told Codebook.

Agari, which provides a different type of email security than Area 1, adjusted plans to offer its wares for free to campaigns. It will now offer free services via non-profits like DDC.

  • Agari chief marketing officer Armen Najarian believes the restrictions in the FEC ruling will actually benefit both campaigns and companies.
  • The deluge of free services in 2016 posed a problem for election officials who didn't have the industry savvy to know which products were snake oil and which were legit.
  • That led many states to pass on useful freebies.
  • As Najarian sees it, the FEC decision will inadvertently allow non-profits to work as a kind of snake-oil filter.