FEC says lawmakers can use campaign funds toward personal cybersecurity expenses

The Federal Election Commission ruled in favor of letting lawmakers use leftover campaign funds for personal cybersecurity-related expenses, citing heightened hacking risks posed by virtue of their positions in the House and Senate.

Commissioners announced their decision Thursday in a letter clarifying the definition of campaign-related expenses sent in response to a question raised recently by Sen. Ron Wyden, Oregon Democrat.

“The Commission concludes that you may use campaign funds to pay for the costs of security measures to protect your personal devices and accounts without such payments constituting an impermissible conversion of campaign funds to personal use, under the Act and Commission regulations,” FEC Chair Caroline C. Hunter wrote on behalf of the group.

A member of the Senate Intelligence Committee, Mr. Wyden wrote the FEC in May seeking an advisory opinion on the matter after being told by cybersecurity professionals that state-sponsored hackers have attempted to breach the personal email accounts of senators in pursuit of sensitive data to steal.

“The value of such information means that the personal electronic devices and accounts of Senators are more likely to be the targets of hackers and foreign actors than are those of other individuals, and both the heightened risk to Senators’ personal electronic devices and accounts and the magnitude of the potential harm would not exist if not for their roles as federal officeholders,” wrote Ms. Hunter, an FEC commissioner appointed by former President George W. Bush.

“Accordingly, the reasonable expenses incurred in protecting your personal electronic devices and accounts from, and responding to, cybersecurity threats, as described in your advisory opinion request, constitute ordinary and necessary expenses incurred in connection with your duties as a holder of federal office, which are a permissible use of campaign fund,” she wrote.

Governmental email accounts and computer systems are federally protected, but not personal accounts and devices, such lawmakers’ Gmail accounts and private smartphones.

The FEC similarly concluded in 2017 that lawmakers can use campaign funds for physical security, as long as the protection is “needed due to threats driven by the individuals’ roles as officeholders.”

“With growing threats posed by foreign governments, it’s crucial that elected officials get smarter about their cybersecurity,” Mr. Wyden said Thursday. “The FEC has taken the first step by approving my proposal to allow elected officials to use campaign funds to protect against heightened security threats.”

Russian hackers breached Democratic targets prior to the 2016 election and obtained sensitive material subsequently leaked during the race as a part of a state-sponsored interference campaign, U.S. officials previously concluded.

More recently, Microsoft said in July that the company caught hackers attempting to mount attacks targeting at least three candidates running for office in the November 2018 midterms. Democratic Sens. Claire McCaskill of Missouri and Jeanne Shaheen of New Hampshire previously said they were unsuccessfully targeted by hackers during the midterm races, in addition to at least three Democrats seeking House seats in California.