New: A daily newsletter defining what matters in business and markets

Stories

Top election software maker admits it allowed some remote access

Backs of poll white poll booths are shown diagonally with American flags on them, with word "Vote"
Photo: Brendan Smialowski/AFP/Getty Images

Election Systems and Software (ES&S) admitted to installing remote access software on election management systems sold to “a small number of customers between 2000 and 2006,” which could open it up to manipulation by a hacker. The admission came in a letter to Sen. Ron Wyden (D-Ore.) obtained by Axios and first detailed by Kim Zetter in Motherboard.

Why it matters: Remote access meant those systems, which, among other tasks, have tabulated votes from voting machines, could have hypothetically been manipulated by a hacker.

The intrigue: Zetter wrote an earlier story for the NYT on the use of remote access software in voting machines, in which ES&S denied installing the software.

What they're saying:

  • ES&S's letter to Wyden explained the use of remote access software on these machines as an "accepted practice."
  • Sen. Wyden said, "Installing remote-access software and modems on election equipment is the WORST decision for security short of leaving ballot boxes on a Moscow street corner. Congress MUST pass my bill to require paper ballots and audits."

The impact:

  • More than 60% of votes tabulated across the country in 2006 used ES&S election management systems.
  • ES&S says the software was configured to not allow incoming connections, which significantly reduces the risk of an attack but does not outright eliminate it.
  • ES&S says it stopped installing this vulnerable software in 2007, which is when new Voluntary Voter Systems Guidelines from the Election Assistance Commission went into effect.
  • ES&S wrote in the letter that it has confirmed that the election management systems with the remote-access software installed are no longer using the application today.
More stories loading.