The US Federal Election Commission (FEC) has a data privacy problem. Though making political campaign financial records publicly accessible enables independent review to counter corruption and foreign influences, providing anonymous online access to every financial campaign transaction contradicts authoritative government guidance regarding the protection of sensitive personal information and exposes supporters to physical and cyber attacks.
Context Matters In Personal Information Protection
Examining the FEC campaign finance database reveals that the government interprets financial transparency as a broad mandate to make detailed personal information about all campaign contributions and disbursements anonymously available. While many may perceive personal data disclosure as acceptable because an individual’s name and address are generally viewed as public information, the data value increases extraordinarily when considered in the political context and warrants stronger privacy protections.
The government has established precedent to consider how data value changes when presented in different contexts. All federal agencies manage information flow using a labeling system that assigns standard classification levels to each piece of information. Much of the information that the government collects and maintains is considered Unclassified, meaning that disclosing the information will not damage national security. Though individual personal information generally falls into that category, the government recognized years ago that “personally identifiable information” (PII) warrants additional protections.
Widely considered the primary authority for defining government cybersecurity and privacy guidelines, the National Institute of Standards and Technology (NIST) established this definition for PII in 2010:
PII is “any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. — NIST SP 800–122: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
One example that NIST includes in that document addresses issues related to a fraud reporting application, a data context similar to that of the FEC database. The example argues that the disclosure of personal information in that context “would likely cause some of the individuals…to fear retribution,” leading to a “severe or catastrophic adverse effect” that warrants the highest levels of protection.
Internal guidance published by the Department of Homeland Security (DHS) follows the NIST guidance, noting:
“[Personal information] which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual…requires stricter handling guidelines because of the increased risk to an individual if the data are compromised.”
Furthermore, the government demonstrably understands that the value of information will increase as the reporting context changes. The US Office of the Director of National Intelligence (DNI) describes how the value of individual data items changes when new associations are made through compilation:
“Information that individually is unclassified or classified at a lower level, may become classified or classified at a higher level when aggregated or compiled in a single document, if the compiled information reveals an additional association or relationship that meets the standards for classification under the Order, and is not otherwise revealed in the individual data items.”
Those sources advance the premise that government agencies should determine the value of personal information it processes by assessing the potential harm to an individual against three criteria: 1) Linkage of identity to contextual information, 2) Potential for discovering new contextual information through compilation, and 3) Potential for individual harm from disclosure. Applied against the FEC campaign finance database:
- Linkage Assessment — Yes: The database contains name, street address, and employer data for contributors and employees, in addition to the context of the direct supported candidate. Those linkages meet the NIST PII definition.
- Discovery through Compilation — Yes: The database contains a deep historical record of individual support that enables an anonymous user to conduct a trend analysis of a contributor’s actions over time and to determine the salary level and travel history of campaign employees. That potential for discovery meets the criteria for elevated data flow control.
- Potential for Harm — Yes: The FEC’s allowance for anonymous database access exposes individual supporters to potential embarrassment and retaliation within their personal and professional communities, especially when coupled with a hyper-partisan political landscape.
To illustrate the assessment and convey the personal harm that the database could elicit, I outlined simple procedures that anyone can follow in accompanying guides for mapping campaign contributors using Google Maps and processing disbursement data for initiating a phishing attack against campaign employees.
Enabling the independent review of campaign finance records is important, but the context in which the FEC provides personal data combined with how easily data flows on the Internet enhances how disclosure may harm political supporters.
FEC personal data governance is unlikely to change in the near term
Rather than make all of the data available to every anonymous source (including foreign actors intent on undermining our democracy using such data), the FEC should reassess how its data stewardship responsibilities align with legal requirements. The FEC’s compilation of campaign finance laws notes that it requires political campaigns to report the names and addresses of those people who contribute or receive more than $200 in aggregate during a single calendar year. The Internal Revenue Service (IRS) section 527 rule that governs the tax filing rules of political organizations then addresses disclosure, requiring that the reports be “made available to the public” and searchable by contributor or recipient (including employees).
The legal definition seems sufficiently vague to allow greater data flow control and reduce the potential harm that the database can cause. Rather than make all of the data anonymously available in full, the FEC could constrain the searchable database to reduce contextual linkages and the ability to discover new data relationships through compilation. It could also restrict access to the raw records and an expanded searchable database to known and verifiable independent authorities. These changes in the governance process would add a bit of bureaucracy, but still enable the FEC to meet its legal requirement to allow public access to campaign finance records while preventing weaponization of its database.
Although those actions would help the FEC defend political supporter privacy, the agency currently lacks sufficient leadership to advance data privacy controls. Since September 2019, the FEC has lacked the quorum of four commissioners it needs to investigate campaign finance violations, issue fines, and rule on alignment with election laws. While the agency continues to operate, its status quo condition likely eliminates any possibility of improving data governance processes. Until the FEC regains the leadership needed enact change, malicious actors will continue to have the access to weaponize campaign finance records and harm political supporters.
The FEC is a critical government agency for countering corruption and malicious foreign influencers threatening the US political landscape. Furthermore, its role in supporting independent review of campaign finance records is crucial for maintaining political integrity and encouraging the public engagement needed to promote anti-corruption efforts at the local, state, and national levels. Once the President and Congress reach agreement on new commissioners to overcome current leadership gaps, the FEC must reassess its role as a steward of extremely sensitive personal information and enact data flow controls consistent with those promoted by other agencies. Otherwise, advances in big data, microtargeting in social media, and other advanced technology trends will take increasing advantage of citizen participation at the expense of democratic process integrity.
I define cyber defense strategies and architect solutions that make sense for protecting mission-driven organizations. If you are looking for a partner to help improve your organizations cybersecurity profile, contact me on LinkedIn or Twitter.