FEC Clears Path for Warren to Spend Campaign Funds on Cybersecurity

WASHINGTON — Sen. Elizabeth Warren, D-Mass., can use campaign funds to pay for the cost of reasonable cybersecurity measures to protect her home network, the Federal Election Commission announced on Friday.

The decision came in response to an advisory opinion request on behalf of Warren Democrats Inc., the senator’s campaign committee.

It was about Warren’s proposed use of campaign funds to pay for reasonable cybersecurity measures to protect her home network.

As outlined in her original request, the funds would be used to protect the electronic devices connecting to her network, whether hers or those of other authorized users.

Warren is seeking to use campaign funds for professionally managed security services to provide ongoing network monitoring, patch management, backup management and remote incident remediation services to ensure overall home network security.

Though Warren herself won’t be running for reelection until 2024, a number of news reports in recent years suggest senators, candidates and other senior government officials have routinely been targeted for hacking and that similar incidents are likely in the future.

In the request for an advisory opinion, Warren notes that as a senator she “faces threats greater than those faced by the general public, including heightened vulnerability to cyberattacks against their electronic devices and accounts.”

She also submitted a number of documents forwarded to the agency Sen. Ron Wyden, D-Ore., when he made a similar request for an advisory opinion from the commission in 2018.

These included a letter from Michael Rogers, then-director of the National Security Agency, stating that the personal devices and accounts of senior U.S. government officials “remain prime targets for exploitation”; congressional testimony of Dan Coats, former director of National Intelligence, in which he stated that “[t]he personal accounts and devices of government officials can contain information that is useful for our adversaries to target”; and the opinion of professor Thomas Rid, a cybersecurity expert at Johns Hopkins University’s School of Advanced International Studies, who argued that “the personal accounts of senators and their staff are high-value … targets” because they “contain highly sensitive information about officials’ activities, private communications, family life, finances and movements.”

In considering Warren’s request, the commission noted that the expenses for the proposed security upgrades would not have existed had she not been a federal officeholder or candidate.

As a result, it said, the use of campaign funds to pay for the security upgrades was permissible under the act and commission regulations.

“The commission has …  previously concluded that the heightened threat environment faced by members of Congress necessitated increased residential security measures even if an individual member has not received direct threats,” the opinion states.

In the Wyden case, the FEC concluded, “that a United States senator’s use of campaign funds to pay for cybersecurity measures for that senator’s personal electronic devices and accounts would constitute ordinary and necessary expenses incurred in connection with his duties as a federal officeholder because the senator faced a heightened threat of cyberattacks with respect to [his] personal electronic devices and accounts by virtue of [his] role as a federal officeholder.”

“As in [Wyden’s case], Senator Warren is currently subject to heightened cybersecurity threats due to her role as a federal officeholder,” the commission said. “Specifically, both the heightened risk to senators’ personal electronic devices and accounts and the magnitude of the potential harm would not exist if not for their roles as federal officeholders.”

Dan can be reached at dan@thewellnews.com and @DanMcCue