Voting Machine Vendor Admits Installing Remote-Access Software on State Systems

Voting Machine Vendor Admits Installing Remote-Access Software on State Systems

In February 2018, Election Systems and Software told the press that it had never installed remote-access software in any of the e-voting systems it has sold in the various US states or to local governments. In April, the company told Senator Ron Wyden’s office (D-OR), that it had sold pcAnywhere remote connection software “to a small number of customers between 2000 and 2006.” The good news about this disclosure is that the systems in question have all been retired and are no longer in use across the United States.

But the fact that this happened in the first place, combined with ongoing warnings about the generally poor state of e-voting security, speaks to the depth and breadth of the issues facing the United States’ e-voting system as the 2018 midterm election approaches. The fact that ES&S lied about its own previous behavior to the public until pressured by Senator Wyden’s office says little good about the civic responsibility these companies feel towards ensuring that voting is handled safely. It’s important — just not as important as minimizing any hint of corporate liability.

Voting Machine Vendor Admits Installing Remote-Access Software on State Systems

In this case, ES&S installed pcAnywhere software on election management systems, not voting terminals. While EMS hardware doesn’t actually collect votes, they’re typically used to program voting terminals and to tabulate results aggregated from those terminals. In short, compromising an ESM could be even more effective than individual terminals, depending on the nature of the breach and the capabilities of the software. But with that said, there’s some important differences between how Vice characterizes the situation and what ES&S says in its letter to Wyden. Vice writes: “ES&S customers who had pcAnywhere installed also had modems on their election-management systems so ES&S technicians could dial into the systems and use the software to troubleshoot, thereby creating a potential port of entry for hackers as well.” ES&S, however, maintains that “The use of the tool could only occur through approval by the customer, who had to initiate the remote connection.”

This isn’t a trivial distinction, and ES&S notes that none of the ESMs that it sold in this configuration are still operating today. But it’s also not the end of the problem — not by a long shot. The United States’ voting system is heavily atomized and administered at the local level, which means it’s mostly run by the Republican party, since the GOP controls far more counties in the United States than the Democratic party does. This atomization makes it extremely difficult to change votes as part of a massive coordinated campaign, and is one reason why allegations of vast swaths of illegal votes being cast have never withstood investigation — any attempt to alter election results within even a single state effectively requires compromising multiple counties across broad geographical areas, to say nothing of the difficulty of coordinating such an attack nationwide.

But the fact that the US system is generally resistant to certain kinds of attack doesn’t make it perfect against all of them. The atomized nature of our election system also means, for example, that we have absolutely no global standard when it comes to preserving a paper trail of how people vote to ensure that electronic records can be verified:

Data by Ballotpedia
Data by Ballotpedia

As the New York Times wrote in February:

In the 15 years since electronic voting machines were first adopted by many states, numerous reports by computer scientists have shown nearly every make and model to be vulnerable to hacking. The systems were not initially designed with robust security in mind, and even where security features were included, experts have found them to be poorly implemented with glaring holes.

This was true in 2016. It remains true as we move into the 2018 midterms. It’s not that ES&S has been caught having done something terrible — it’s not clear if Vice understands the difference between a system with a dial-up modem, in which the customer initiates the connection with a remote employee, and one in which the vendor can make that connection independently — but the company’s initial failure to be transparent on this issue is just the latest example of a problem that does date back decades. All the way back in 2006, Ars Technica was documenting massive problems with e-voting machines. Major flaws were still being found in 2015. They’re still being found today. It’s this fact — more than the question of what ES&S was shipping in 2006 — that ought to concern us.