Advertisement

Lawmakers, tech vendors fight over election cybersecurity efforts

Lawmakers ratcheted up the pressure on election technology vendors to be more responsive to federal officials. The companies said they're being as transparent as possible.
Sign that reads vote.

Amid ongoing reports of foreign digital meddling in domestic elections, U.S. lawmakers are butting heads with the nation’s largest voting technology companies.

Lawmakers ratcheted up the pressure Wednesday, criticizing the companies’ perceived disconnect from federal agencies and shining a spotlight on the historically unregulated industry. In emails to CyberScoop, the companies pushed back against those statements, highlighting their new and apparently ongoing partnerships with the Department of Homeland Security (DHS).

In December, DHS and the Election Assistance Commission (EAC) launched a non-binding, public-private working group with some of the top vendors involved, called the Sector Coordinating Council. The group is tasked with helping government and industry quietly collaborate on election security efforts.

A spokesperson for Nebraska-based Elections Systems and Software (ES&S) said nothing is more important to the company  “than ensuring elections are secure and accurate, and any conjectures to the contrary are simply false.”

Advertisement

“We welcome conversations about our practices,” the spokesperson said. “ES&S works closely with the DHS in support of the increased focus and attention on the security of our nation’s elections systems with the goal of ensuring that industry expertise is available to decision and policymakers at all levels.”

Another company, Dominion Voting — a Canadian company with a U.S. headquarters in Denver — similarly sought to defend itself.

“Dominion Voting officials working on company security initiatives have met with Senate Intelligence Committee staff to share perspectives and expertise, and we remain committed to doing so. We respect this effort with the utmost seriousness,” said a spokesperson. “[We hope] we can be part of a classified briefing at some point in the near future, we are actively working with the Department of Homeland Security’s Sector Coordinating Council, which we chair, on the creation of public-private information-sharing partnerships.”

Dominion Voting and ES&S were invited to testify at a hearing Wednesday in the Senate Rules and Administration Committee, but they both declined the invite, according to Politico.

Calls for more oversight

Advertisement

While these companies arguably are leaning forward more than ever before, critics say they are too resistant to cooperation with the cybersecurity research community as well as federal oversight. Today, experts say the issue can’t be ignored anymore.

Improving the voting technology sector’s security and relationship with the federal government has become critical because of the widely perceived cyberthreats facing future U.S. elections — potential attacks that could manipulate voting results and the systems underpinning them. In 2016, during the U.S. presidential campaign, the NSA detected Russian hacking attempts against a Florida-based election technology vendor named VR Systems, according to a leaked classified intelligence report published by The Intercept.

It’s unclear what sort of regulation the industry could face at the federal level in the future. Most of the rules and guidance that currently guide the sector are at the state and municipal level.

Since 2016, several prominent senators have been speaking out on the topic of election vendor security, including Sens. Ron Wyden, D-Or., Mark Warner, D-Va., and Amy Klobuchar, D-Minn..

“It is in my view inexcusable that our democracy depends on such hackable voting technology made by a handful of companies that have been able to evade oversight and in fact have actually been stonewalling the congress for years,” Wyden said during Wednesday’s hearing. “I wrote to the big voting companies about their cybersecurity … it is clear to me, Mr. Chairman, that these companies want to be gatekeepers of our democracy but they seem completely uninterested in safeguarding it.”

Advertisement

Stonewalling?

Last year, Wyden sent multiple individual letters requesting detailed information from six of the largest election technology vendors about their cybersecurity practices. The senator was unsatisfied with the depth of some of the companies’ answers, calling the overall response an attempt at “stonewalling.”

One of the experts who testified Wednesday, Peter Lichtenheld, vice president of operations for Hart InterCivic, directly responded to Wyden’s criticism.

“I also want to go off my written record for a minute to respond to Senator Wyden’s comments to address those specifically because Hart Intercivic is a integral voting system provider in the United States and we have been open,” Lichtenheld told lawmakers. “We don’t stonewall. We did answer the letter that Senator Wyden sent … our core values are about candor, which I am using right now, and integrity, which we feel is important.”

Hart InterCivic, a Texas-based business that boasts multiple active contracts with more than a dozen states to provide them with voting equipment, did not respond to a request for comment following the hearing.

Advertisement

Warner, who also serves as the vice chairman of the Senate Intelligence Committee, appeared unimpressed by the witnesses’ remarks. The panel included Lichtenheld, KNOWiNK CEO Scott Leiendecker and Democracy Live Inc. CEO Bryan Finney.

“I am very concerned that there’s a lot of chest thumping about how well we did in 2016 and I think we should be very cautious in terms of some of the claims that have been made and the ongoing threat that’s been confirmed by every member of the Trump intelligence community,” said Warner.

The Virginia senator said he personally witnessed Hart InterCivic’s unwillingness to work with government, recounting a story from 2017.

“I have to take exception, I followed some of the comments Senator Wyden made, I gotta take exception to your opening comments,” Warner said to Lichtenheld. “Because I can tell you the Commonwealth of Virginia after the 2016 elections did an extraordinary review, I pushed that review, I pushed to make such we would have that paper audit trail because we had statewide elections in 2017 … you’re one of our vendors yet your company refused to work with the Commonwealth of Virginia [to turn over machines for inspection].”

“The comment that you are transparent, the comment that you’re willing to work with all these systems, was not the case in the Commonwealth of Virginia,” Warner said.

Advertisement

Klobuchar, in an interview with Politico, shared that skepticism.

“I think we should try again, and I personally plan on sending them [ES&S and Dominion Voting] a number of written questions, since they wouldn’t come to the hearing,” Klobuchar told Politico. “We need government oversight … They have a responsibility, when there’s only three of them, to answer our questions.”

U.S. officials say that while Russian hacker were able to compromise voter registration databases in some states in 2016, there is no evidence that actual vote tallies were changed.

All three panelists admitted they expect to be a target for foreign, nation state-linked hacking groups.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts