Advertisement

FEC expands campaign spending rules to allow for physical, cybersecurity purchases

The changes would permit federal candidates and current officeholders to use campaign funds to pay for software, devices and services and cover family members and campaign staff.
Federal Election Commission Chair Sean Cooksey (R) and Commissioner Dara Lindenbaum (L) testify during a hearing before House Administration Committee at Longworth House Office Building on Capitol Hill on September 20, 2023 in Washington, DC. (Photo by Alex Wong/Getty Images)

The Federal Election Commission is expanding the use of federal campaign funds to pay for physical and cybersecurity measures for political candidates, their families and their campaign staff.

The amended rules were first proposed earlier this year and passed unanimously by the commission during a Sept. 19 open meeting. They would expand the ability of federal candidates and current officeholders to use campaign funds to pay for a range of security measures, including cybersecurity software, devices and services. It would also cover similar purchases for family members and campaign staff.

In addition to digital security, the amended rules would allow campaign funds to be spent on physical security measures, such as guards, cameras, motion detection, alarm systems and other security improvements.

At the meeting, Commissioner Dara Lindenbaum praised the changes and said finding additional ways to protect candidates and associated individuals was “critical.”

Advertisement

“This isn’t a new issue,” she said. “It’s been happening for quite a while, and while this is largely outside the commission’s jurisdiction … the one small thing we can do is give these candidates, officeholders and their families and staff the ability to actually use funds to pay for them.”

In a proposed rule set to publish Wednesday in the Federal Register, the FEC said federal candidates and officeholders “may use campaign funds to pay for the reasonable costs of security measures so long as the security measures address ongoing dangers or threats that would not exist irrespective of the individual’s status or duties as a federal candidate or officeholder.”

The agency received 16 comments from the public that “universally” supported the commission’s proposal, even as some expressed concerns around the risks of “improper use of campaign funds under the pretext of security spending.”

In response to comments, the agency further amended the rules to include family members and campaign staff. While it rejected calls to explicitly prohibit the use of campaign funds to purchase services provided by family members, it clarified that any purchases using campaign funds must be “bona fide, legitimate, and professional.”

“The Commission agrees with these comments that raised concerns about personal enrichment and potential abuse of campaign funds but finds that the proposed rule language, along with the other provisions of the Act and regulations, sufficiently addresses these concerns,” the agency wrote.

Advertisement

The rule changes come as political candidates, family members and campaigns have faced a barrage of physical and digital threats over the past few years. Experts and public officials have increasingly sounded alarms about the increased risks for foreign hacks and violence or harassment of political candidates, their families and staff.

In the past two months alone, Republican presidential candidate Donald Trump has had campaign materials stolen by hackers linked to the Iranian government and faced at least two assassination attempts. Campaign officials have had ongoing discussions with the U.S. Secret Service over the level of security they provide to the campaign, and the temporary funding measure that House leaders have agreed to includes extra funding for the agency’s protection of political candidates.

Chair Sean Cooksey told CyberScoop in an email that “no one should be killed for trying to run for office.”

“Candidate security has been one of my top priorities as Chairman of the Federal Election Commission, and I’m proud that the agency has unanimously issued new rules to allow candidates and campaigns to protect themselves with their own funds,” he said.

Intelligence officials have said that Vice President Kamala Harris’s presidential campaign was also targeted by Iranian hackers, and that earlier this year actors linked to the group reached out to Biden campaign associates in an effort to pass along stolen Trump campaign materials. There’s no evidence that the individuals responded to the offer.

Advertisement

Other politicians, such as Sen. Ron Wyden, D-Ore., have previously sought and received approval to spend campaign funding on cybersecurity for their personal devices.

The inclusion of family members takes place as research institutions have tracked a broad increase in threats to public officials as well as state and local officeholders in recent years. It also follows a number of high-profile incidents where family members of politicians have been targeted or assaulted.

Two years ago, former Democratic House Speaker Nancy Pelosi’s husband was assaulted by a Canadian man wielding a hammer after he broke into their home searching for her.

Pelosi’s husband, Paul, suffered a fractured skull and other injuries, and the incident was specifically cited by the FEC as an example of how family members of politicians can also face significant threats to their safety by virtue of their association.

On the digital side, the Department of Justice earlier this year indicted members of a hacking group linked to the Chinese Ministry of State Security for targeting thousands of U.S. and Western politicians, foreign policy experts and activists between 2015 and 2024. Those efforts included sending tracking emails to family members of targets to gather more information on their location, browser and operating system, devices, IP address and other schematic details for their network.

Advertisement

According to the indictment, the hackers used this reconnaissance to enable “more direct and sophisticated” targeting of devices, such as routers belonging to high-ranking U.S. government officials, politicians and campaign staff. 

Derek B. Johnson

Written by Derek B. Johnson

Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Latest Podcasts