A Board of Elections technician works on a ballot scanning machine at a polling station in Brooklyn, N.Y., Nov. 8, 2016. (AP/Alexander F. Yuan)

Remote-access allowed: Voting machine company admits installing vulnerable software

Election hacking: Despite previous denials, top vendor admits it sold systems with remote access to states


Matthew Rozsa
July 20, 2018 7:41PM (UTC)

A letter sent to Congress reveals that, between 2000 and 2006, one of America's top voting machine companies installed remote-access software in their products that made it possible for them to be manipulated by third parties.

The letter was sent to Sen. Ron Wyden, D-Ore., in April but was only recently obtained by Motherboard. In the letter, Election Systems and Software admitted that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006."  In those years, ES&S was one of the top voting machine makers in the United States.

Advertisement:

As The Verge notes, "pcAnywhere’s security vulnerabilities have been well-documented in the past":

In 2006, hackers stole the source code for pcAnywhere and then stayed quiet until 2012, when a hacker published part of the code online. Symantec, which distributed pcAnywhere, knew vaguely of the theft back in 2006 but only spoke up about it after the code leaked, along with the warning that users should disable or uninstall the software. At the same time, security researchers studied pcAnywhere’s code and found a vulnerability that could let a hacker take control of a whole system and bypass the need to enter a password.

Motherboard also noted that Election Systems and Software had sent a misleading answer to questions about their voting machines when asked for a New York Times story back in February, claiming that "none of the employees … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software." It also offered this hypothesis as to why the company's answer evolved between February and April:

ES&S did not respond on Monday to questions from Motherboard, and it’s not clear why the company changed its response between February and April. Lawmakers, however, have subpoena powers that can compel a company to hand over documents or provide sworn testimony on a matter lawmakers are investigating, and a statement made to lawmakers that is later proven false can have greater consequence for a company than one made to reporters.

READ MORE: Donald Trump, Brexit and the Russians: A dangerous turning point in "World War IV"

In a letter to Rhode Island Secretary of State Nellie Gorbea, ES&S claimed it "discontinued providing pcAnywhere over a decade ago, and no ES&S customer is using it today.”

Kathy Rogers, the company's senior vice president, clarified that “ES&S voting machines across the nation do not have any form of remote access capability. ES&S has never installed remote connection software on any vote tabulation device it has ever delivered to a customer — nor has it ever been possible to do so”:

Between 2000 and 2006, ES&S provided pcAnywhere remote connection software to a small number of customers for technical support purposes on county workstations, but this software was not designed to and did not come in contact with any voting machines.

One irony about this story, of course, is that it has not yet received any attention from President Donald Trump. The president has on a number of occasions complained about voter fraud and even formed a commission to investigate it (which was later disbanded). It would seem that if his grievances were genuine — as opposed to being excuses for him losing the popular vote in the 2016 presidential election or trying to justify repressive legislation like Voter ID laws — he would be focused on such a scandal.

Advertisement:

Today's hottest topics

Check out the latest stories and most recent guests on SalonTV.


Matthew Rozsa

Matthew Rozsa is a breaking news writer for Salon. He holds an MA in History from Rutgers University-Newark and is ABD in his PhD program in History at Lehigh University. His work has appeared in Mic, Quartz and MSNBC.

MORE FROM Matthew Rozsa

Related Topics ------------------------------------------

Donald Trump Election Systems And Software Es&s Ron Wyden Voter Fraud Voting Machines

BROWSE SALON.COM
COMPLETELY AD FREE,
FOR THE NEXT HOUR

Read Now, Pay Later - no upfront
registration for 1-Hour Access

Click Here
7-Day Access and Monthly
Subscriptions also available
No tracking or personal data collection
beyond name and email address

•••






Fearless journalism
in your inbox every day

Sign up for our free newsletter

• • •