The Russia connectionLawmakers seek answers from election equipment vendors on security of voting machines
The U.S. intelligence community has confirmed that Russia interfered with the 2016 elections; Russian actors attempted to hack a U.S. voting software company and at least twenty-one states’ election systems. Recent reports indicate that U.S.-based firms operating on U.S. government platforms gave Russian authorities access to their source code. Lawmakers are inquiring about the security of the voting machines of the major American vendors, and whether these vendors have been asked to share the source code or other sensitive or proprietary details associated with their voting machines with Russian entities.
U.S. Senators Amy Klobuchar (D-Minnesota) and Jeanne Shaheen (D-New Hampshire) sent a letter to the three largest election equipment vendors- Election Systems & Software, LLC; Dominion Voting Systems, Inc.; and Hart InterCivic, Inc. — inquiring about the security of their voting machines and whether their companies have been asked to share the source code or other sensitive or proprietary details associated with their voting machines with Russian entities. Recent reports indicate that U.S.-based firms operating on U.S. government platforms gave Russian authorities access to their software. In order to sell their software within Russia, these companies allowed Russian authorities to review their source code for flaws that could be exploited. While some companies maintain this practice is necessary to find defects in software code, experts have warned that it could jeopardize the security of U.S. government computers if these reviews are conducted by hostile actors or nations. U.S. tech companies, the Pentagon, former U.S. security officials, and a former U.S. Department of Commerce official with knowledge of the source code review process have expressed concerns with this practice.
“Foreign access to critical source code information and sensitive data continues to be an often overlooked vulnerability. Further, if such vulnerabilities are not quickly examined and mitigated, future elections will also remain vulnerable to attack,” the senators wrote. “The 2018 election season is upon us. Primaries have already begun, and time is of the essence to ensure any security vulnerabilities are addressed before the 2018 and 2020 elections.”
The full text of the senators’ letter is below:
Dear Mr. Braithwaite, Mr. Burt, and Mr. Poulos:
Recent reports of U.S. IT and software companies submitting to source code reviews in order to access foreign markets have raised concern in Congress given the sensitivity of the information requested by countries like China and the Russian Federation. As such, we write to inquire about the security of the voting machines you manufacture and whether your company has been asked to share the source code or other sensitive or proprietary details associated with your voting machines with the Russian Federation.
