Remote-access allowed: Voting machine company admits installing vulnerable software

Election hacking: Despite previous denials, top vendor admits it sold systems with remote access to states

By Matthew Rozsa

Staff Writer

Published July 20, 2018 3:41PM (EDT)

A Board of Elections technician works on a ballot scanning machine at a polling station in Brooklyn, N.Y., Nov. 8, 2016. (AP/Alexander F. Yuan)
A Board of Elections technician works on a ballot scanning machine at a polling station in Brooklyn, N.Y., Nov. 8, 2016. (AP/Alexander F. Yuan)

A letter sent to Congress reveals that, between 2000 and 2006, one of America's top voting machine companies installed remote-access software in their products that made it possible for them to be manipulated by third parties.

The letter was sent to Sen. Ron Wyden, D-Ore., in April but was only recently obtained by Motherboard. In the letter, Election Systems and Software admitted that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006."  In those years, ES&S was one of the top voting machine makers in the United States.

As The Verge notes, "pcAnywhere’s security vulnerabilities have been well-documented in the past":

In 2006, hackers stole the source code for pcAnywhere and then stayed quiet until 2012, when a hacker published part of the code online. Symantec, which distributed pcAnywhere, knew vaguely of the theft back in 2006 but only spoke up about it after the code leaked, along with the warning that users should disable or uninstall the software. At the same time, security researchers studied pcAnywhere’s code and found a vulnerability that could let a hacker take control of a whole system and bypass the need to enter a password.

Motherboard also noted that Election Systems and Software had sent a misleading answer to questions about their voting machines when asked for a New York Times story back in February, claiming that "none of the employees … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software." It also offered this hypothesis as to why the company's answer evolved between February and April:

ES&S did not respond on Monday to questions from Motherboard, and it’s not clear why the company changed its response between February and April. Lawmakers, however, have subpoena powers that can compel a company to hand over documents or provide sworn testimony on a matter lawmakers are investigating, and a statement made to lawmakers that is later proven false can have greater consequence for a company than one made to reporters.

READ MORE: Donald Trump, Brexit and the Russians: A dangerous turning point in "World War IV"

In a letter to Rhode Island Secretary of State Nellie Gorbea, ES&S claimed it "discontinued providing pcAnywhere over a decade ago, and no ES&S customer is using it today.”

Kathy Rogers, the company's senior vice president, clarified that “ES&S voting machines across the nation do not have any form of remote access capability. ES&S has never installed remote connection software on any vote tabulation device it has ever delivered to a customer — nor has it ever been possible to do so”:

Between 2000 and 2006, ES&S provided pcAnywhere remote connection software to a small number of customers for technical support purposes on county workstations, but this software was not designed to and did not come in contact with any voting machines.

One irony about this story, of course, is that it has not yet received any attention from President Donald Trump. The president has on a number of occasions complained about voter fraud and even formed a commission to investigate it (which was later disbanded). It would seem that if his grievances were genuine — as opposed to being excuses for him losing the popular vote in the 2016 presidential election or trying to justify repressive legislation like Voter ID laws — he would be focused on such a scandal.

Today's hottest topics

Check out the latest stories and most recent guests on SalonTV.

By Matthew Rozsa

Matthew Rozsa is a staff writer at Salon. He received a Master's Degree in History from Rutgers-Newark in 2012 and was awarded a science journalism fellowship from the Metcalf Institute in 2022.

MORE FROM Matthew Rozsa

Related Topics ------------------------------------------

Donald Trump Election Systems And Software Es&s Ron Wyden Voter Fraud Voting Machines