I'm a little conflicted on this. Clearly if we leave security to political parties, for many reasons we can expect poor security in IT, which leaves our very democracy vulnerable.

On the other hand, imagine the government mandating "if you run for office, you and everyone in your campaign must use this email for all communications, and if you communicate electronically outside of these approved methods we'll come down on you". The number of ways that could be misused is mind-boggling. Even if it isn't used to sniff on the communications of the opposition, it could simply be raised to higher and higher levels of complexity (and perhaps $$ cost) until new political parties (or insurgencies within a party) cannot afford to compete, because the legal requirements for IT are too stringent.

I think that's the bigger issue than disparate organization complexity/scale (which is a huge hurdle).

Political speech is sacrosanct and despite being pretty liberal I agree with your skepticism of Government. Not so much that it would ever be used for bad, but I think far more likely it just becomes a huge, slow, shitty mess.

The US government does mandate numerous IT security measures for companies involved in military/defence-related projects, justified by national security concerns. The same argument could be made for regulating private organisations involved in national elections.

> I mean the government doesn't take on basic IT security responsibilities for corporations. It's up to each campaign.

Couldn't the DHS provide recommendations (e.g. practices, particular providers and configurations), and the parties provide turnkey solutions to their candidates and elected officials?

It seems foolish to leave such decisions up to such small, short-term groups that shouldn't be expected to have the IT expertise to pick a good vendor.