As midterms approach, election vendors' commitment to security scrutinized

Three private companies provide almost 90 percent of digital election systems used in the United States, with little public accountability. Some election experts believe these companies emphasize convenience over security, calling into question ballot integrity.

Mel Evans/AP
Election Systems and Software CEO Tom Burt (r.) tests company equipment at the National Association of Secretaries of State convention in Philadelphia on July 14. Experts say top election vendors are often more concerned with convenience than security.

The ultimate gatekeepers of United States election integrity may well be its weakest security link.

A trio of privately held companies sells and services more than 90 percent of US elections systems. But the companies have long stressed convenience for its customers over product security, security experts and elections officials said.

That complicates efforts to detect a repeat of Russia's 2016 election meddling, or other intrusions by sophisticated hackers.

The three companies – ES&S of Omaha, Nebraska; Dominion Voting Systems of Denver, and Hart InterCivic of Austin, Texas – face little public accountability and operate under a shroud of financial and operational secrecy despite their pivotal role underpinning American democracy.

They face scant federal oversight yet effectively run elections, directly or through subcontractors, in much of the nation – especially where tech expertise and budgets are thin. No federal authority accredits the vendors or vets them.

High barriers to entry and low profits discourage the very innovations that could enhance security, experts say.

"They cobble things together as well as they can" because building truly secure systems would likely erase their profits, said University of Connecticut election-technology expert Alexander Schwartzman.

Executives of all three of the top vendors refused to discuss their companies' finances and have resisted exposing their products to the scrutiny of independent researchers and Congress.

"These companies want to be gatekeepers of our democracy but they seem completely uninterested in safeguarding it," Sen. Ron Wyden, an Oregon Democrat, complained in a July congressional hearing.

The top three vendors call such concerns overblown, and say there is no indication hackers have penetrated any of their systems.

But authorities say serious election mischief may have gone unnoticed, and hackers could theoretically wreak havoc at multiple stages of the election process. They could alter or erase lists of registered voters to sow confusion, secretly introduce software to flip votes, scramble tabulation systems, or knock results-reporting sites offline with denial-of-service attacks.

On July 13, US special counsel Robert Mueller indicted 12 Russian military intelligence operatives for, among other things, infiltrating state and local election systems.

Election vendors have long resisted open-ended vulnerability testing by independent, ethical hackers – a process that aims to identify weaknesses an adversary could exploit. Such testing is now standard for the Pentagon and major banks.

Nevertheless, the vendors insist security is a priority. ES&S, for instance, said in an email that "any assertions about resistance to input on security are simply untrue" and argued that for decades the company has "been successful in protecting the voting process."

Experts point to numerous indications of sloppy software development and unfixed vulnerabilities.

"The industry continues to stonewall the problem," said Bruce McConnell, a Department of Homeland cybersecurity czar during the Obama administration. Election-vendor executives issue bland assurances but don't, for instance, offer "bug bounties" to researchers who look for software flaws, he said.

In July, ES&S told The Associated Press that it allows independent, open-ended testing of its corporate systems as well as its products. But the company would not name the testers and declined to provide documentation of the testing or its results.

Dominion's vice president of government affairs, Kay Stimson, said her company has also had independent third parties probe its systems but would not name them or share details.

Hart InterCivic, the No. 3 vendor, said it has done the same using the Canadian cybersecurity firm Bulletproof, but would not discuss the results.

ES&S hired its first chief information security officer in April. None of the big three would say how many cybersecurity experts they employ. Dominion's Ms. Stimson said "employee confidentiality and security protections outweigh any potential disclosure."

During this year's primary elections, ES&S technology stumbled on several fronts.

In Los Angeles County, more than 118,000 names were left off printed voter rolls. A subsequent outside audit blamed sloppy system integration by an ES&S subsidiary during a database merge.

No such audit was done in Kansas' most populous county after a different error in newly installed ES&S systems delayed the vote count by 13 hours as data uploading from thumb drives crawled.

University of Iowa computer scientist Douglas Jones said both incidents reveal mediocre programming and insufficient pre-election testing. And voting equipment vendors have never seemed security conscious "in any phase of their design," he said.

California, New York, and Colorado are among states that tend to keep a close eye on the vendors. States with cozier relationships have in the past let them use remote-access software to do maintenance on election systems, a widely discredited security faux pas.

And ES&S continues to sell vote-tabulation systems equipped with cellular modems, a feature experts say hackers could potentially exploit, entering election management modules and tampering with vote counts.

A few states ban such wireless connections. Maryland recently got rid of them and Alabama forced ES&S in January to remove them from machines.

Said John Bennett, the Alabama secretary of state's deputy chief of staff who worked the issue: "It seemed like there was a lot more emphasis about how cool the machines could be than there was actual evidence that they were secure."

This story was reported by The Associated Press. 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to As midterms approach, election vendors' commitment to security scrutinized
Read this article in
QR Code to Subscription page
Start your subscription today