A U.S. elections officer who served in voting districts that partnered with a controversial online voting firm recently retired from his government position to work for the firm in question, the foreign-headquartered company SCYTL.
WND reported yesterday that SCYTL has faced questions about the security of its electronic voting technologies, which are now set to be deployed in 900 U.S. jurisdictions.
The firm already provides balloting for overseas U.S. military and civilian voting in nine states along with elections technologies in several districts.
Concerns have also been raised about SCYTL’s ties to the Spanish government and to international venture capital firms. Also, SCYTL overseas Internet balloting in foreign countries worldwide.
In October, it was announced that Paul Stenbjorn, the executive director of the D.C. Board of Elections and Ethics, resigned from his position to take a job at SCYTL as director of U.S. operations.
Prior to joining SCYTL, he also served as information services manager for the Virginia State Board of Elections.
D.C.’s Board of Elections and Ethics is the independent agency of the district government responsible for the administration of elections, ballot access and voter registration.
While Stenbjorn was working for the D.C. elections and ethics board he was directly involved in testing a SCYTL system that had been deployed in the district to provide voting technologies during the November 2010 midterm elections.
Just prior to the midterms, it was Stenbjorn who opened D.C.’s Internet-based voting system for a weeklong test period, inviting computer experts from all corners to prod its vulnerabilities.
A group of University of Michigan students responded to Stenbjorn’s call and hacked into the site, commanding it to play the University of Michigan fight song upon casting a vote.
“The integrity of the system had been violated,” Stenbjorn told the Washington Post after the Michigan students infiltrated the system.
Stenbjorn said that because of the hack, a portion of the Internet voting pilot was being temporarily scrapped.
He told the Post the security hole that allowed the playing of the fight song had been identified, but it raised deeper concerns about the system’s vulnerabilities.
“We’ve closed the hole they opened, but we want to put it though more robust testing,” he said. “I don’t want there to be any doubt. … This is an abundance-of-caution sort of thing.”
After the hack, Stenjborn’s ethics board decided to relaunch the Internet program under a download-only format, allowing users to access ballots but forcing them to fax or mail them rather than cast a vote online.
Still, his D.C. elections board was hailed as “[leading] the nation in attempting to overcome the security obstacles and offer e-voting.”
While on the elections board, Stenjborn told the website Broadband and Social Justice that voting “is many, many years away, more than a decade, possibly more than a generation away.”
National security concerns
With the purchase of SOE Software, meanwhile, SCYTL has increased its involvement in the U.S. elections process. SOE Software boasts a strong U.S. presence, providing results in over 900 jurisdictions.
In 2009, SCYTL formally registered with the U.S. Election Assistance Commission (AEC) as the first Internet voting manufacturer in the U.S. under the EAC Voting System Testing and Certification Program.
Also that year, SCYTL entered into an agreement with another firm, Hart InterCivic, to jointly market a flexible and secure electronic pollbook purportedly to allow U.S. election officials and poll workers to easily manage the electoral roll on Election Day in an efficient and convenient manner.
SCYTL’s ePollBookTM already replaced the paper precinct roster in Washington, D.C.
During the midterm elections in November 2010, SCYTL successfully carried out electoral modernization projects in 14 states. The company boasted that a “great variety” of SCYTL’s technologies were involved in the projects, including an online platform for the delivery of blank ballots to overseas voters, an Internet voting platform and e-pollbook software to manage the electoral roll at the polling stations.
The states that used SCYTL’s technologies during the Midterms were New York, Texas, Washington, California, Florida, Alabama, Missouri, Indiana, Kansas, Mississippi, New Mexico, Nebraska, West Virginia and Washington D.C.
Just prior to the midterm’s however, the new electronic voting system in Washington, D.C., was hacked.
As a program security trial, the D.C. Board of Elections and Ethics reportedly encouraged outside parties to hack and find flaws in its new online balloting system. A group of University of Michigan students then hacked into the site and commanded it to play the school’s fight song upon casting a vote.
This is not the first time SCYTL’S systems have been called into question
Voter Action, an advocacy group that seeks elections integrity in the U.S., sent a lengthy complaint to the U.S. Election Assistance Commission in April 2010 charging the integration of SCYTL systems “raises national security concerns.”
“Foreign governments may also seek to undermine the national security interests of the United States, either directly or through other organizations,” Voter Action charged.
The document notes that SCYTL was founded in 2001 as a spinoff from a research group at the Universitat Autonoma de Barcelona, which was partially funded by the Spanish government’s Ministry of Science and Technology.
SCYTL’s headquarters are in Barcelona with offices in Washington, D.C., Singapore, Bratislava and Athens.
Project Vote noted that in 2008, the Florida Department of State commissioned a review of SCYTL’s remote voting software and concluded, in part, that:
- The system is vulnerable to attack from insiders.
- In a worst case scenario, the software could lead to (1) voters being unable to cast votes; (2) an election that does not accurately reflect the will of the voters; and (3) possible disclosure of confidential information, such as the votes cast by individual voters.
- The system may be subject to attacks that could compromise the integrity of the votes cast.
With research by Brenda J. Elliott