The Federal Election Commission (FEC) released a draft advisory opinion (draft AO) yesterday, holding that a nonprofit corporation providing certain cybersecurity services to candidates and political parties are not in-kind contributions.

Defending Digital Campaigns, Inc. (DDC) is a nonprofit corporation under Washington, D.C., law, exempt from federal income tax under § 501(c)(4). Its stated purpose is "to provide education and research for civic institutions on cybersecurity best practices and assist them in implementing technologies, processes, resources, and solutions for enhancing cybersecurity and resilience to hostile cyber acts targeting the domestic democratic process." DDC's request for an AO seeks the FEC's guidance on whether the Federal Election Campaign Act, 52 U.S.C. §§ 30101-45 allows DDC to provide certain cybersecurity services, software, and hardware to candidates for federal office and political parties for free or at a reduced cost, or whether those actions would constitute in-kind contributions.

DDC proposes creating information sharing systems that would allow it to serve as a streamlined, nonpartisan clearinghouse for cyber threats. It also intends to operate a cybersecurity hotline and to provide advanced training for eligible candidates and committees. These activities would entail providing significant advanced training and services for a wide variety of cybersecurity topics for campaigns and political committees, as well as installing and using software licenses and hardware on the candidates', staffs', and committees' devices.

The draft AO determines that DDC's activities would not constitute in-kind contributions. The FEC noted that DDC's organizational structure ensured that its activities remain nonpartisan, and that several provisions of the act and FEC regulations allow corporations to engage in certain nonpartisan activities without those activities being prohibited in-kind contributions (e.g., encouraging individuals to vote or register to vote, distributing registration or voting information, preparing and distributing voter guides). The through-line of these activities, and that DDC's proposed activities share, is that they are offered on an objective, nonpartisan basis and are meant to facilitate the proper functioning of the electoral process rather than to support or oppose any candidate or party. The FEC also noted that DDC's services will be available to candidates and committees based on a pre-determined set of criteria, including the registration status with the FEC, whether the candidate has a place on the general election ballot, and the candidate's ranking in national polls.

Ultimately, the FEC found that DDC's proposed activities would have the stated purpose of protecting all eligible federal candidates and parties against cyber threats, on a nonpartisan basis and according to pre-determined, objective criteria. As such, the FEC determined that these activities would not be made for the purpose of influencing or in connection with any federal election, and therefore would not constitute in-kind contributions under the Act.

The draft is available for comment until 9 a.m. ET on October 11, 2018.

This provides an important dose of clarity to campaigns and nonprofits alike. Dating back to at least 2008, campaigns have been beset with cybersecurity threats, some of which have achieved national and international notoriety. The FEC's analysis allows campaigns to engage companies like DDC to implement appropriate data security protocols without fear of violating campaign finance regulations. And at the same time, it encourages collaboration between candidates, parties, and corporations in a way that fosters confidence in our electoral system.