Senate Intelligence Committee members raise concerns about voting system vulnerabilities

Senate Intelligence Committee members raise concerns about voting system vulnerabilities
© Getty Images

A bipartisan group of lawmakers on the Senate Intelligence Committee raised concerns Wednesday about the election voting systems provided by one of the largest vendors in the United States, questioning whether the company is doing enough to safeguard itself from hackers. 

Four committee members wrote in a letter they were disappointed that Election Systems & Software (ES&S) has not agreed to undergo independent testing to determine the security level of its systems.

The letter comes after an annual hacking conference earlier this month appeared to reveal security vulnerabilities in ES&S voting systems.


"We are concerned that ES&S and other election system providers may not be prepared for the growing threats to our elections,” Senate Intelligence Committee Vice Chairman Mark WarnerMark Robert WarnerSchiff: Evidence of collusion between Trump campaign, Russia 'pretty compelling' The Hill's 12:30 Report — Presented by Kidney Care Partners — Lawmakers scramble as shutdown deadline nears Steel lobby's PR blitz can't paper over damaging effects of tariffs MORE (D-Va.) and Sens. Susan CollinsSusan Margaret CollinsGOP Green New Deal stunt is a great deal for Democrats On unilateral executive action, Mitch McConnell was right — in 2014 Congress must step up to protect Medicare home health care MORE (R-Maine), James LankfordJames Paul LankfordGOP advances rules change to speed up confirmation of Trump nominees GOP senator calls Omar's apology 'entirely appropriate' New battle lines in war over Trump’s judicial picks MORE (R-Okla.), and Kamala HarrisKamala Devi HarrisHarris, Booker call for judgement on Jussie Smollett case to be withheld until investigation is completed Harris calls idea of Trump trusting Putin over US intel ‘height of irresponsibility and shameful’ Barack, Michelle Obama expected to refrain from endorsing in 2020 Dem primary: report MORE (D-Calif.) wrote in a letter to the company.

The senators criticized ES&S for its refusal to allow independent testing of its systems at the popular DEFCON convention, where hackers attempted to find ways to exploit voting technology.

"We are disheartened that ES&S chose to dismiss these demonstrations as unrealistic and that your company is not supportive of independent testing," the lawmakers wrote in their letter to CEO Tom Burt. "We believe that independent testing is one of the most effective ways to understand and address potential cybersecurity risks.”

Sen. Ron WydenRonald (Ron) Lee WydenKremlin seeks more control over internet in Russia Wisconsin governor to propose decriminalization of marijuana High stakes as Trump, Dems open drug price talks MORE (D-Ore.), a member of the Intelligence panel, separately slammed ES&S on Wednesday for failing to provide answers to basic questions about its cybersecurity practices.

“It is inexcusable that American democracy depends on hackable voting technology made by a handful of companies that have evaded oversight and stonewalled Congress. That must end,” Wyden said during a Senate Rules Committee hearing, according to a transcript of his remarks.

Wyden and other lawmakers became alarmed by some of the company's practices after The New York Times reported in February that ES&S had installed remote access software onto the voting technology it sold. The company later admitted to installing such software on a "small number" of election management systems between 2000 and 2006.

ES&S quickly pushed back on the lawmakers' claims that they do not independently test their products. 

"Any assertion that our products are not thoroughly and independently tested is erroneous," the company said in a statement. "In fact, ES&S products are certified by the U.S. government, which conducts testing independent of our own testing. In addition, our products are tested by a number of third-party experts."

The election systems company offered to meet with each senator to discuss how they could take further measures to ensure U.S. elections are secure.

"We look forward to fully addressing each question expressed in their letter, and extend an invitation to each Senator to meet with us to discuss all of the protective steps we have taken and continue to take to ensure the integrity of America’s democracy," the statement continues.

The criticism from the senators comes amid heightened fear that foreign adversaries may seek to interfere in the 2018 midterm elections and other subsequent U.S. elections.

“As members of the United States Senate Select Committee on Intelligence, we agree with the conclusion of the Intelligence Community: America’s elections are the target of unprecedented attacks by foreign adversaries,” the four senators wrote in their letter to Burt. “Free, fair, and trusted elections are the bedrock of our democracy, and safeguarding our elections is an urgent national security priority."

Microsoft announced earlier this week that it had shut down six websites created by a hacking group known as "Fancy Bear," which has been linked to Russia's intelligence agency. The hackers targeted two conservative think tanks that have been critical of the Kremlin, in addition to targeting the U.S. Senate, though Microsoft said the attacks were not specific to a "particular" office or senator.

Fancy Bear is an active, powerful hacking group whose attacks have included the successful hack of the Democratic National Committee (DNC) in 2016.

Special counsel Robert MuellerRobert Swan MuellerSasse: US should applaud choice of Mueller to lead Russia probe MORE, who is investigating Russian interference in the 2016 election, indicted a dozen Russian intelligence officials for their involvement in the DNC hack.

-- Updated 5:35 p.m.