Two Democratic senators sent a letter to U.S. voting machine manufacturers asking the companies if they allow Russian entities to review the source code of their products.
Sens. Amy Klobuchar, D-Minn., and Jeanne Shaheen, D-N.H., sent the letters to three largest election equipment vendors in the United States: Election Systems & Software, Dominion Voting Systems and Hart Intercivic.
The senators said Russian source code review could help that country hack American election technology. Numerous American companies including Cisco, IBM and SAP allow the Russian government to review their source code to comply with the country’s regulations and gain entry into the country’s markets.
“Foreign access to critical source code information and sensitive data continues to be an often overlooked vulnerability. Further, if such vulnerabilities are not quickly examined and mitigated, future elections will also remain vulnerable to attack,” the senators wrote. “The 2018 election season is upon us. Primaries have already begun, and time is of the essence to ensure any security vulnerabilities are addressed before the 2018 and 2020 elections.”
Earlier this week, Sen. Ron Wyden, D-Ore., sent a letter to Election Systems & Software asking about remote-access software installed on their products.
Reached for comment, the ES&S media team said the company “has not received an inquiry from the two Senators … When and if we do receive a letter we will respond accordingly, and we will certainly make that response publicly available.”
Shaheen has repeatedly sounded the alarm on cybersecurity threats she says are posed by the Russian government, including the Moscow-based Kaspersky Lab.
“Russia’s requests for source code reviews have increased,” the senators wrote. “According to eight current and former U.S. officials, four company executives, three U.S. trade attorneys, and Russian regulatory documents, between 1996 and 2013 Russia conducted reviews for 13 technology products from Western companies, but has conducted 28 such reviews in the past three years alone.”
The Department of Homeland Security says Russian hackers scanned election systems for vulnerabilities in 21 states during the 2016 election. The U.S. intelligence community has repeatedly warned that those same actors will return for the 2018 and 2020 elections.
The specific questions posed by the senators are:
- Have you shared your source code or any other sensitive data related to your voting machines or other products with any Russian entity?
- To your knowledge, has any of the software that runs on your products been shared with any Russian entity?
- What steps have you taken or will you take in order to upgrade existing technologies in light of the increased threat against our elections?
You can read the full text on Klobuchar’s website.
Update: Added ES&S’s comment.