Election Systems and Software is America's leading voting machine vendor, a category notorious for buggy, insecure software and rampant manufacturer misconduct. As the 2018 elections loom, voting machine companies are coming under scrutiny, and when veteran security reporter Kim Zetter asked them, on behalf of the New York Times, if their products shipped with backdoors allowing remote parties to access and alter them over the internet, they told her unequivocally that they did not engage in this practice.
But now, in a letter to Senator Ron Wyden [D-OR], they admit that they lied, and that they "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006."
ES&S did not respond on Monday to questions from Motherboard, and it's not clear why the company changed its response between February and April. Lawmakers, however, have subpoena powers that can compel a company to hand over documents or provide sworn testimony on a matter lawmakers are investigating, and a statement made to lawmakers that is later proven false can have greater consequence for a company than one made to reporters….
Wyden told Motherboard that installing remote-access software and modems on election equipment "is the worst decision for security short of leaving ballot boxes on a Moscow street corner."
Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States [Kim Zetter/Motherboard]