
Congress and Campaigns Need All the Security Help They Can Get

As Zack Whittaker reported, a new Federal Election Commission ruling will allow a private company firm, Area 1 Security, to provide services to federal political campaigns at a discounted rate without violating laws that prohibit in-kind donations. This is an important step, but its importance should not be overstated, especially given how much more work needs to be done to secure American political campaigns at every level of government from escalating digital threats.
Under the new ruling, Area 1 may provide federal campaigns with services designed to prevent phishing attempts like the one that successfully targeted the email account of former White House chief of staff John Podesta, who was then the chairman of former Secretary of State Hillary Clinton’s presidential campaign. As the world knows, despite strenuous denials from President Trump, those emails were then exfiltrated by Russian intelligence services, distributed to Wikileaks, and published over the final months of the campaign, to the apparent detriment of Clinton’s candidacy.
The ruling will help more campaigns to better protection against phishing, but it’s important for the public and press not to over-interpret this decision, however, which is limited: it only applies to Area 1, which provides anti-phishing services. There are no new software, services or legal tools now available to campaigns that help them to prevent or mitigate disinformation campaigns, as Whitaker’s reporting implies. Importantly, such campaigns do not require a target to be hacked to inject lies, doubt or propaganda into public discourse.
But that doesn’t mean that this isn’t a step in the right direction.
While it’s fair to acknowledge how many different factors led to the outcome of the 2016 presidential race, there’s no denying the insufficient security practices at the Democratic National Committee and inadequate hygiene by the chairman of the Clinton campaign played a significant role. Every federal campaign, from the incumbent president to Congressional candidates down the ballot, needs to anticipate both longstanding security risks, like phishing, weak websites, or vulnerable mobile devices, and newer risks posed by emerging technologies.
If political campaign staff and candidates aren’t thinking about the potential impact of hackers compromising their mobile devices, messaging systems, websites and databases, they’re not just behind the technological curve in 2019. They’re showing the public that they’ve failed to learn and apply painful lessons, which can and should undermine public trust in those candidates’ capacity to understand the risks of modern life. If candidates for higher office want to demonstrate their capacity to protect and defend public services, secret or confidential investigations, and sensitive data in office, they should start with their campaigns.
Meanwhile, Congress and the US government needs to invest more time, money, public attention and staff to address the expanding range of threats posed to campaigns by existing and emerging digital threats, from defusing disinformation to shoring up the integrity of voting systems with paper ballots to protecting the personal devices and email of Members of Congress and their staff. The 2020 campaign is already upon us.