Motherboard reports on more reasons to feel insecure about fair, secure elections in the United States.

The nation’s top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.

In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had “provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006,” which was installed on the election-management system ES&S sold them.

The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. “None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software,” the spokesperson said.

Stu Soffer, the Republican state election commissioner, hurred to the defense of ES&S, a major vendor in Arkansas, circulating its statement that it had stopped providing the software more than a decade ago and no client was using it today. Well and good. But the Motherboard article points out that is’ not clear if all the users of the system had made the patches necessary to close off vulnerabilities the software presented.

Advertisement

It’s not clear if election officials who had pcAnywhere installed on their systems, ever patched this and other security flaws that were in the software.

“[I]t’s very unlikely that jurisdictions that had to use this software … updated it very often,” says Joseph Lorenzo Hall, chief technologist for the Center for Democracy and Technology, “meaning it’s likely that a non-trivial number of them were exposed to some of the flaws found both in terms of configuration … but also flaws that were found when the source code to that software was stolen in 2006.”