Top election software maker admits it allowed some remote access
Election Systems and Software (ES&S) admitted to installing remote access software on election management systems sold to “a small number of customers between 2000 and 2006,” which could open it up to manipulation by a hacker. The admission came in a letter to Sen. Ron Wyden (D-Ore.) obtained by Axios and first detailed by Kim Zetter in Motherboard.
Why it matters: Remote access meant those systems, which, among other tasks, have tabulated votes from voting machines, could have hypothetically been manipulated by a hacker.
The intrigue: Zetter wrote an earlier story for the NYT on the use of remote access software in voting machines, in which ES&S denied installing the software.
What they're saying:
- ES&S's letter to Wyden explained the use of remote access software on these machines as an "accepted practice."
- Sen. Wyden said, "Installing remote-access software and modems on election equipment is the WORST decision for security short of leaving ballot boxes on a Moscow street corner. Congress MUST pass my bill to require paper ballots and audits."
- More than 60% of votes tabulated across the country in 2006 used ES&S election management systems.
- ES&S says the software was configured to not allow incoming connections, which significantly reduces the risk of an attack but does not outright eliminate it.
- ES&S says it stopped installing this vulnerable software in 2007, which is when new Voluntary Voter Systems Guidelines from the Election Assistance Commission went into effect.
- ES&S wrote in the letter that it has confirmed that the election management systems with the remote-access software installed are no longer using the application today.