Despite alleged Russian hacking of the 2016 presidential election, no evidence has been produced showing Moscow’s hackers – or anyone else – being able to remotely access and change votes on any of the 350,000 electronic voting machines used in the U.S.
Americans have largely accepted that the machines are safe from hackers because they’ve repeatedly been told the devices are “air-gapped” – isolated from all unsecured networks, including the internet.
That is untrue, according to a New York Times Magazine investigation last month that described Election Systems & Software, the largest manufacturer of voting machines, selling hardware with election-management systems pre-installed with remote-access software. The company also is said to have encouraged past purchasers to install the software on machines that did not currently have it so ES&S technicians could do troubleshooting and maintenance without having to be onsite.
“The American public has been repeatedly assured that voting machines are not connected to the internet, and thus, cannot be remotely compromised by hackers,” Wyden wrote in the letter to ES&S.
“The default installation or subsequent use of remote-access software on sensitive election systems runs contrary to cybersecurity best practices and needlessly exposes our election infrastructure to cyberattacks.”
Wyden, a senior member of the Senate Intelligence Committee, questioned ES&S officials last year about the company’s cyber security practices, but it was less than forthcoming.
“ES&S did not answer Wyden’s questions about whether the company follows basic cybersecurity best practices,” a spokesman for the senator’s office told Gizmodo.
In his most recent questioning of ES&S, Wyden is addressing the issues raised in the New York Times Magazine report:
- Has ES&S sold devices on which remote-access software was pre-installed?
- Have ES&S officials or technical-support personnel recommended customers install remote-access software on voting machines or other election systems that did not already have it?
In the last 24 hours, the company has issued a response that seems to deny any knowledge of pre- or post-installed remote-access software:
“Election Systems and Software certifies our voting systems to the Voluntary Voting System Standards (VVSG) adopted by the Election Assistance Commission (EAC). The EAC VVSG does not allow for voting systems to be tested or approved with any form of remote-access software. In fact, an election-management system that is approved and tested to the EAC standard is required to be hardened. The term hardened in this case means that the server is locked down from any use other than that which has been approved under the standard and that it cannot contain any software application, including remote access software, which is not part of the certified end to end configuration. ES&S always adheres to these guidelines and, as such, does not sell or distribute products with remote access software installed.”
But this denial fies in the face of evidence reported in last month’s report.
In 2011, the election board in Pennsylvania’s Venango County, had its system examined by a computer-science professor from Carnegie Mellon University following complaints by voters that their votes were “flipped” from candidates they had selected on the screen to their opponents. While serious in terms of the vote outcome, that problem proved to be a simple calibration error that could be easily fixed. But of greater alarm was the discovery of remote-access software installed on the county’s election-management computer. This computer is used to tally results and, in some cases, program voting machines. In this case, the culprit was not a hacker but an approved contractor who was accessing the system from home. Still, the county had no knowledge such access was installed in the system they had purchased from ES&S or that it was possible to do so.
An ES&S contract with Michigan from 2006 describes how the company’s tech-support workers used remote-access software called pcAnywhere to access customer-election systems. That same year, ES&S technicians spent hours connected to a Pennsylvania county’s system trying to track down the reason for vote discrepancies in a local race. According to an official for the county, the software had been pre-installed.
As now, ES&S denied any knowledge of such a breach of cybersecurity protocol. “None of the employees who reviewed this response, including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software.”
It’s a toss-up as to whether it’s worse that ES&S secretly installed the software or that it is unaware of how it came to be on systems that were sold.
Even without the installed access software, there are other areas of vulnerability.
Many counties have modems connected to their machines to transmit results to their central election office. While election officials say such transmissions are safe because the information is sent over phone lines and not the internet, the fact is that many of the modems are cellular, which use radio signals to send data to cell towers and routers that are part of the internet. It is theoretically possible to intercept and change the data being transmitted.
The Election Assistance Commission, which oversees testing and certification of voting machines, says modems aren’t a problem.
“The caution about not permitting network access does not apply to the use of modems on election night to transmit unofficial polling place results to the central office,” the commission’s election guidelines state. “The technical expertise required to intercept and alter a telephone communication without detection is extremely complex. Therefore, it is unlikely that anyone will be able to intercept and alter these results without detection.”
But that does not address the problem of hackers using the connected modem and the pre-installed remote-access software to gain access to machines if they have the password or exploit some vulnerability. Indeed, trust in the election process can be undermined simply by the public never being certain the vote results are true.
“The incorrect assertion that voting machines or voting systems can’t be hacked by remote attackers because they are ‘not connected to the internet’ is not just wrong, it’s damaging,” Susan Greenhalgh, a spokeswoman for the National Election Defense Coalition, an elections integrity group, told New York Times Magazine.
“This oft-repeated myth instills a false sense of security that is inhibiting officials and lawmakers from urgently requiring that all voting systems use paper ballots and that all elections be robustly audited.”