The largest voting machine vendor in the nation has acknowledged using remote-access software on its election management systems in the past, calling into question the integrity of the elections for which the vulnerable systems were utilized.
What's that now?
Responding to a request from Sen. Ron Wyden (D-Ore.), Election Systems and Software admitted that the company "provided PCAnywhere remote connection software ... to a small number of customers between 2000 and 2006."
Wyden told Motherboard — which first reported on and obtained the letter — that using remote-access software on election equipment "is the worst decision for security short of leaving ballot boxes on a Moscow street corner."
In the firm's correspondence to Wyden, ES&S defended its previous practice of utilizing the more hacker-friendly systems, saying that at the time of their usage it was "considered an accepted practice by numerous technology companies, including other voting system manufacturers."
But the recent admission from ES&S is an about-face from what a company spokesperson reportedly told the New York Times back in February: "None of the employees ... including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software."
Given Motherboard's report that ES&S systems were used to tabulate a minimum of 60 percent of the ballots cast in America during 2006, the possibility of a breach is enormous. For security reasons, voting machines and systems should not be connected to the internet, so questions remain not only for ES&S, but other voting machine vendors who may have used remote-access election management systems.
So what's next?
Likely, a lot more attention from Congress and the possibility of subpoenas. Wyden told Motherboard that ES&S still hasn't answers questions he sent to the company in March, saying, "ES&S needs to stop stonewalling and provide a full, honest accounting of equipment that could be vulnerable to remote attacks. When a corporation that makes half of America's voting machines refuses to answer the most basic cyber security questions, you have to ask what it is hiding."