Top election software maker admits it allowed some remote access

Election Systems and Software (ES&S) admitted to installing remote access software on election management systems sold to “a small number of customers between 2000 and 2006,” which could open it up to manipulation by a hacker. The admission came in a letter to Sen. Ron Wyden (D-Ore.) obtained by Axios and first detailed by Kim Zetter in Motherboard.

Why it matters: Remote access meant those systems, which, among other tasks, have tabulated votes from voting machines, could have hypothetically been manipulated by a hacker.

The intrigue: Zetter wrote an earlier story for the NYT on the use of remote access software in voting machines, in which ES&S denied installing the software.

What they're saying:

• ES&S's letter to Wyden explained the use of remote access software on these machines as an "accepted practice."
• Sen. Wyden said, "Installing remote-access software and modems on election equipment is the WORST decision for security short of leaving ballot boxes on a Moscow street corner. Congress MUST pass my bill to require paper ballots and audits."

The impact:

• More than 60% of votes tabulated across the country in 2006 used ES&S election management systems.
• ES&S says the software was configured to not allow incoming connections, which significantly reduces the risk of an attack but does not outright eliminate it.
• ES&S says it stopped installing this vulnerable software in 2007, which is when new Voluntary Voter Systems Guidelines from the Election Assistance Commission went into effect.
• ES&S wrote in the letter that it has confirmed that the election management systems with the remote-access software installed are no longer using the application today.