The country’s leading manufacturer of voting machines has switched gears and admitted that the company installed remote-access software on election-management systems sold over the course of a six-year period. This comes as a reversal of a previous public statement from the vendor in question.
The admission comes by way of an April letter sent to Senator Ron Wyden (D-OR) by Election System and Software (ES&S) and recently obtained by Motherboard. The letter notes:
[ES&S] provided pcAnywhere remote connection software…to a small number of customers between 2000 and 2006…
According to Motherboard, this admission is a direct contradiction of previous statements made by ES&S in February of this year. In a New York Times article, the company previously claimed, by way of an unattributed statement, “None of the employees…including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software.”
Per the April Wyden letter, ES&S says that they stopped installing the remote-access pcAnywhere software in December of 2007. This change in course was apparently prompted in response to a slate of new regulations and standards adopted by the U.S. Election Assistance Commission (EAC).
The EAC is a little-known government entity tasked with myriad voting-and-election-related duties, including the creation of a national standard for voting systems in the United States. This agency is fairly newborn, having been spun into existence after the passage of the Help America Vote Act in 2002.
According to Motherboard, “Software like pcAnywhere is used by system administrators to access and control systems from a remote location to conduct maintenance or upgrade or alter software. But election-management systems and voting machines are supposed to be air-gapped for security reasons—that is, disconnected from the internet and from any other systems that are connected to the internet.”
That apparently hasn’t been the case, however, as a 2007 ES&S contract notes, “ES&S technicians can use PCAnywhere to view a client computer, assess the exact situation that caused a software issue and to view data files.”
In response to the admissions contained in the April letter, Wyden said, “[This] is the worst decision for security short of leaving ballot boxes on a Moscow street corner.”
[Image via STEPHEN MATUREN/AFP/Getty Images]
Follow Colin Kalmbacher on Twitter: @colinkalmbacher
Have a tip we should know? [email protected]