Top Voting Machine Vendor Admits it Sold Remote-Access Software on Systems Sold to States

Discussing a letter to Senator Ron Wyden (D-OR), in response to his questions, Kim Zetter writes for Motherboard:

The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.

In 2006, at least 60% of U.S. votes were tabulated on election management systems made and operated by ES&S, the corporation that admitted to the installation of the remote-access software. It remains today the top voting machine maker in the U.S. In its letter to Wyden, ES&S referred to its remote-access software as “pcAnywhere”, and admitted selling it to “customers” between 2000 and 2006. Of note, earlier this year ES&S lied about this very same activity, in saying that it had never installed a remote-access system on any system that it sold.

Zetter notes:

The presence of such software makes a system more vulnerable to attack from hackers, especially if the remote-access software itself contains security vulnerabilities. If an attacker can gain remote access to an election-management system through the modem and take control of it using the pcAnywhere software installed on it, he can introduce malicious code that gets passed to voting machines to disrupt an election or alter results.

Consequently, Senator Wyden has tried very hard to obtain more information on this issue from ES&S. But they have refused to answer many of his questions, including what “customers” they sold their remote-access systems to. ES&S also refused to attend a hearing on election security last week before the Senate Committee on Rules and Administration. Wyden concludes:

ES&S needs to stop stonewalling and provide a full, honest accounting of equipment that could be vulnerable to remote attacks…. When a corporation that makes half of America’s voting machines refuses to answer the most basic cyber security questions, you have to ask what it is hiding.

I have been writing an eight-part series on Election Fraud in the United States for World News Trust, which has been posting this series on DU. Part I dealt with the vulnerability of our election system, but it did not include the recent admission by ES&S because it was not available at the time.

It seems to me that this admission by ES&S is dynamite, and I’m very grateful to Senator Wyden, one of our most progressive U.S. Senators, for aggressively investigating this. I have some additional thoughts on this issue:

1) Though Zetter’s article notes that the remote-access software makes our voting system more vulnerable to attacks from “hackers”, it seems to me that a more serious threat than outside “hackers” would be the voting machine companies themselves or the “customers” whom they choose to sell the software to, because they would have inside knowledge as to the opportunities that are available. Of note in this regard is that ES&S and other major voting machine companies in the United States are owned by militant supporters of the Republican Party.

2) I totally agree with Senator Wyden saying that, due to ES&S’s refusal to answer many of his questions and refusal to attend a Senate hearing on the subject, we have to ask what they are hiding. But I would also add, perhaps even more important, that we have to ask why they chose to make and sell remote-access systems in the first place – and then refuse to acknowledge this.

3) Although ES&S has admitted that it sold this remote access feature between 2000 and 2006, we have no assurances that it hasn't also sold or used it from 2006 to 2016. We only know what they've admitted to, not what they haven't yet admitted to.

In conclusion, Zetter notes in her article that “the recent US indictments against Russian state hackers who tried to interfere in the 2016 presidential elections show that they targeted companies in the US that make software for the administration of elections”. That alone should make Americans extremely concerned about the vulnerability of their election systems. I would add that we should have similar concern whether it’s the Russians who hack our elections, our Republican supporting voting machine corporations, Republican politicians who have access to these machines, outside hackers who have an interest in altering the results of our elections, or a combination of any of the above.

I believe that this is the most important issue facing our country today, because everything else depends upon it. I believe that Donald Trump would not be our President today if we had a secure election system. And I believe that the matter is only going to get worse unless and until we do something to start correcting it. In Part VIII of my World News Trust series I discuss some things we can do to improve the security of our election system.