US senators, members of the US Senate Select Committee on Intelligence,
sent a letter on Wednesday to Election Systems and Software (ES&S),
the largest voting machine vendor in the US, asking for clarifications
on why the vendor is trying to discourage independent security reviews
of its products.
four senators who signed the letter are
Kamala D. Harris (D-CA), Mark Warner (D-VA), Susan Collins (R-ME), and
James Lankford (R-OK).
take notice of ES&S dismissive attitude
senators sent the letter to ES&S following the conclusion of the
Voting Village at the DEF CON 26 security conference held in Las Vegas
at the start of the month, where security researchers found
several security vulnerabilities in the
are disheartened that ES&S chose to dismiss these demonstrations as
unrealistic and that your company is not supportive of independent
testing," the letter reads.
of the world’s leading electronics and software companies have opened
their arms to the research community, maintaining active presences at
the largest security research conferences and inviting 'white hat'
hackers to probe their products to identify how they can improve product
security," the letter continued.
has been critical of security research
DEF CON, security researchers found vulnerabilities in the voting
machines of other vendors. Only ES&S is mentioned in the senators'
letter because of the company's dismissive approach to external security
before DEF CON's Voting Village challenge took place, ES&S sent a
letter to its customers —US states— playing down the importance of the
hacks and research that would be discovered at the event, claiming that
the "voting village environment does not operate under the same
conditions, rules, and regulations as your polling place."
National Association of Secretaries of State (NASS) joined ES&S in
its criticism of
DEF CON's Voting Village.
want answers by next week
the four US Senate Select Committee on Intelligence members are asking
ES&S to answer a few questions regarding its stance on independent
security audits, a stance the senators don't seem to understand.
Will ES&S commit to allowing election agencies to arrange
independent, qualified, good faith cybersecurity tests of ES&S
election systems and share results with the public? Further, will
ES&S work with agencies to conduct these tests? If not, why not?
2. Will ES&S commit to providing election agencies
with ES&S election systems at a reasonable cost, before entering
into a long-term contract with ES&S, so that they can arrange
independent cybersecurity testing? If not, why not?
3. Will ES&S commit to providing independent,
qualified, good faith cybersecurity researchers with ES&S election
systems at a reasonable cost so that the researchers can conduct
cybersecurity testing and share their results with the public? If not,
four senators have asked for a response until next week, Wednesday,
August 29. We will update this article with the company's response, if
month, ES&S admitted in
a letter to Senator Ron Wyden (D-OR) that they installed remote-access
software on election-management systems the company sold over a period
of six years, a big no-no in term of those devices' security.