The Washington Post - PowerPost - Technology 202: Nonprofit expands free security services for campaigns as election season heats up

Written By CAT ZAKRZEWSKI with Tonya Riley

Voters fill in their ballots as they vote in the U.S. midterm elections in 2014. (REUTERS/Rick Wilking/File Photo)

Political campaigns might not have the time or money to seek out tech talent and services in their busiest season, even as concerns loom about election hacking and interference. A political odd couple is trying to change that. 

Defending Digital Campaigns — founded by Robby Mook, Hillary Clinton’s 2016 campaign manager, and Matt Rhoades, Mitt Romney’s 2012 campaign manager — is offering campaigns a wide range of free and discounted cybersecurity services. 

The nonprofit organization, which acts as a clearinghouse between campaigns and the companies, announced yesterday that it broadly expanded its industry partners to include tech heavyweights such as Microsoft and Cloudflare. 

DDC is designed to be a one-stop shop for campaigns to get protections against phishing, websites and mobile app security, multi-factor authentication through security keys, and more. 

"DDC will create even more value for campaigns by housing a number of these offerings from different companies," Ginny Badanes, director of Microsoft's Defending Democracy Program, tells me. "We think this will help increase adoption of these services and ultimately make campaigns more secure." Microsoft is offering its suite of Office and business products for campaigns at a discount. 

It's also a more expedient way to ensure campaigns can access their services, especially in a complicated regulatory environment, companies say. DDC secured Federal Election Commission approval to provide campaigns with free or discounted services last year. By partnering with the organization, companies don’t have to seek out individual approvals — a process that can take several months.  

Alissa Starzak, Cloudflare’s head of public policy, told our researcher Tonya Riley in a recent interview that the partnership with DDC reflected “a reality of time” as the Iowa caucuses approach. 

Cloudflare has said many campaigns were already using the free version of its service, while others were paying for additional protections. The company has provided protection to 18 of the 32 U.S. presidential campaigns, and at least 23 U.S. Senate campaigns. But with the DDC partnership, Cloudflare will be able to provide business-level services to campaigns for free. 

"Congressional campaigns that were using our free service already," Starzak said. "The good thing about this project is it will make a broader set of services for free. They already know what they can get."

Partnerships like DDC could go a long way in helping campaigns improve their tech-savvy and security practices heading into 2020 — which experts could help candidates avoid some of the same technical pitfalls and security exposed by the Russian interference in 2016. 

But given the high stakes, some are calling for Washington to do more to make accessing these services easier for campaigns. 

While the FEC has taken major steps toward easing the restrictions on offering free services, there are still limitations. The commission ruled in July that the cybersecurity company Area1 could provide campaigns with free services because it was already offering similar services to other organizations such as non-profits at the same cost, the New York Times reported

Daniel Petalas, a former general counsel at the FEC who represented Area1's petition in that ruling, said the decision was a good step, but still didn't provide enough clarity for the industry or campaigns. 

"Political campaigns are highly targeted and vulnerable, and as not-for-profits often cannot spend resources to protect themselves as they should," he told me. "The FEC is historically unwilling and presently unable to act to make these services available at no or low cost, despite the willingness of providers to come to the aid of the campaigns." 

Petalas thinks Congress should step in and create a broader exception for companies to provide campaigns with cybersecurity services. 

But companies have a major commercial incentive to offer services to campaigns. It can lead to publicity for their businesses, and potentially even open new avenues of business down the line. "Campaign finance hawks are wary of opening the floodgates to all security organizations out of concern they’ll try to barter for political favors later," my colleague Joseph Marks has written. 

But Starzak praised the FEC's "thoughtfulness" In approaching the issue. 

"The FEC has to weigh their desire to protect political campaigns from cyberattack with their mission of protecting the integrity of the campaign finance process," she said. "This is a difficult balance, and we appreciate the thoughtfulness shown by the FEC. We expect that the FEC will continue to show similar care and careful consideration in new cases that come before them."  

You are reading The Technology 202, our guide to the intersection of technology and politics.