Getting the facts straight
Every election reinforces the importance of voting as the foundation of America’s democracy. Nothing is more important to ES&S than maintaining the integrity of the voting process. By understanding the real risks to elections, we strengthen our ability to protect democracy.
Let’s get the facts straight.
ES&S voting systems are certified under strict federal standards and guidelines, including rigorous security, accuracy and reliability testing. They are evaluated against the best practices of the National Institute of Standards and Technology (NIST) security protocols and standards, as well as the Center for Internet Security’s (CIS) Critical Security Controls. Our systems have also undergone third-party penetration testing and vulnerability assessments to make sure they withstand the highest security standards. ES&S works closely with federal, state and local election officials, the U.S. Election Assistance Commission (EAC), the Department of Homeland Security (DHS), law enforcement and the election community at large to take all recommended steps to enhance election security.
Election jurisdictions follow a multi-layered approach to ensure all votes are counted as cast. Every state upholds established requirements for physical security and chain of custody to protect the security of their systems. These controls may include locks, seals, audit logs, witness signatures or other security measures. Pre-election logic and accuracy testing and post-election audits are proven processes that uphold the accuracy of elections. In addition, every state in the nation has a statutory process for legal challenges, recounts or contests to election results. Election authorities in each state determine their auditing processes according to state law.
Click here to learn more about how election accuracy is verified.
ES&S is a strong supporter of state and local administrations in their work to provide secure, accurate elections. Post-election audits are a legal process by which election officials verify that votes were counted accurately and is conducted by election officials according to state law. ES&S voting systems support these audits by providing election details (logs, cast vote records, reports, etc.) which election officials utilize for this purpose. ES&S supports the highest standards for security, including strict chain-of-custody protocols for equipment and all applicable laws, regulations and certification requirements.
ES&S voting equipment has been proven accurate and secure through thousands of hours of testing and thousands of elections nationwide. ES&S voting machines are certified by the U.S. Elections Assistance Commission (EAC) and undergo robust testing by NIST-accredited Voting System Test Laboratories (VSTLs) for accuracy, reliability, usability and security. Several states also engage independent firms to audit the security of voting machines as part of the certification examination process in their states. Along with additional independent testing engaged by ES&S and logic and accuracy testing performed by jurisdictions before every election, voters can be assured that ES&S voting systems perform as designed and certified, and ballots will be counted as cast.
Click here to learn more about the rigorous testing standards ES&S systems must meet for federal certification.
Voting machines have been hacked at staged demonstrations and in laboratories, but these environments do not reflect an actual election scenario where multiple layers of physical and cyber security are always in place. These measures include pre-election testing, locks, restricted access, tamper-resistant seals, chain-of-custody protocols, and voting machines which are locked down to ensure limited access, along with more advanced technology found in newer equipment.
Click here to read how researchers at the Rochester Institute of Technology were unable to change votes cast using the ExpressVote XL.
While the threats are very real, there’s no evidence that any vote in a U.S. election has ever been compromised by a cybersecurity breach. To date, the totality of security measures — such as tamper-resistant seals, audits, voting machines which do not connect to the internet (see modem note below), along with more advanced technology found in newer equipment — provides for an environment that would be difficult to compromise. An additional layer of security to U.S. elections is that voting systems are used and deployed in a decentralized manner across the nation’s more than 10,000 voting jurisdictions. This decentralization greatly diminishes the chance or impact of a large-scale attack. While there is no evidence of any hacking of any voting machine currently in use in an election, as threats become more sophisticated, so must voting machines and the nation’s entire voting infrastructure.
Click here to download CIS’s best practices for securing connected, non-voting election technology.
No. Modems are not present in ES&S DS200 machines in states where modeming technology is not permitted or certified. In a few states it is a legal practice to use cellular modems to transmit unofficial election results after the polls are officially closed and all voting has ended. In states where modem transmission is permitted, ES&S uses mobile private network connectivity, industry best practices, and numerous security safeguards to protect the transfer of these unofficial election night results. Final official results are physically uploaded at election headquarters prior to final certification. The physical ballots and printed results tapes are always protected.
Modem components are not resident on the DS200 by default, but rather a separate board that is only installed in DS200s in those jurisdictions where a state may permit their legal use. Additionally, DS200s without a modem component do not include the application or the network architecture required to support modeming and allow a modem to operate on the machine. It’s also important to note that today’s modern cellular modeming technology also requires a private network service provider such as Verizon.
ES&S values transparency and works closely with all levels of the U.S. government, academia and other experts to ensure the integrity of America’s elections. ES&S has invited and welcomed numerous experts and government officials, including critics, to see its operations firsthand and to discuss improvements. ES&S actively collaborates with the U.S. Department of Homeland Security, has all its equipment certified through the U.S. Elections Assistance Commission (EAC), and willingly takes part in many other collaborations with groups and individuals interested in protecting America’s voting system.
Yes, in multiple ways. ES&S voluntarily adheres to the Federal Testing Program conducted by the EAC, a federal agency created by the Bi-Partisan Help America Vote Act of 2002. Under the EAC, ES&S submits all its systems to VSTLs accredited by NIST. These labs perform stringent tests in accordance with the federal voting system standards. Layered upon the reviews conducted under the Federal Test Program, several states also engage independent firms to audit the security of voting machines as part of the certification examination process in their states. Additionally, ES&S frequently engages with cybersecurity firms to conduct independent third-party testing, including penetration testing and source code reviews. Among recent engagements, ES&S submitted our complete end-to-end voting configuration of software and hardware for testing by a Cybersecurity Infrastructure Security Agency (CISA) Critical Product Evaluation Program at one of the nation’s leading centers for research and development in energy, national security, science and environment, to perform third-party independent testing of both our hardware and software to ensure the resilience and security of our voting systems.
Does ES&S have a process in place to receive and respond to unsolicited vulnerability reports from cybersecurity researchers and other third parties?
Yes, ES&S utilizes its internal corporate information security staff to receive, evaluate and act upon, as necessary, unsolicited vulnerability reports from cybersecurity researchers and other third parties. In addition, ES&S maintains a link on its website for the purpose of receiving and responding to reports and/or inquiries related to security.
ES&S fully supports paper-based voting technology coupled with legal post-election audits. ES&S supports the creation or adoption of industry standards and guidelines which further strengthen the nation’s critical election infrastructure, and asked Congress to pass legislation establishing a more robust testing program. We know that improving the confidence of every voter requires a tight collaboration between federal, state and local election officials, the EAC, DHS, law enforcement, voting system manufacturers, and the election community at large. That’s why ES&S has taken multiple steps to bolster security, including forming partnerships with organizations to help us provide necessary and continuous improvements in election security. Some of these security partnerships include:
• Department of Homeland Security (DHS) Election Task Force
• FBI election crime unit
• U.S. Intelligence community
• DHS’s Cybersecurity and Infrastructure Security Agency (CISA)
• Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC)
• Information Technology Information Sharing and Analysis Center (IT-ISAC), Elections Special Interest Group (E-SIG)
• National Institute of Standards and Technology (NIST)
• Sector Coordinating Council (SCC)
Are you aware of any data breaches or other cybersecurity incidents in which an attacker gained unauthorized access to your internal systems, corporate data or customer data?
No, we are not aware of any cybersecurity incidents in which an attacker gained unauthorized access to ES&S internal systems or corporate data.
As standard practice, each release undergoes extensive security testing and ES&S provides a complete set of software components to the voting systems testing labs (VSTLs) for review. ES&S also conducts thorough security reviews of our entire supply chain to ensure that every component is trusted, tested and free of malware. Every single item and manufacturer are approved and under engineering revision control. That’s the advantage of an ES&S purpose-built system versus one with components bought off the shelf.
Click here to learn more about the supply chain and manufacturing of voting systems.
If I have a key that can open an ES&S machine lock, does that mean I can easily get into and hack the machine?
No. Doors and locks are just one of the deterrents to tampering with a voting machine. During an election, there are many security measures beyond doors and locks, including tamper-resistant, serial-numbered seals to ensure security. If a seal is broken, it can’t be replaced without detection. We also have multiple layers of encrypted security on the data, including unique encryption keys for every election. This ensures that all our voting machines will only accept USB flash drives programmed for that election and prevents tampering by unauthorized agents.
Barcodes are a trusted, tested, universal technology used in a variety of ways across many different industries to improve safety, accuracy, speed and efficiency. DMVs, pharmacies, hospitals, banks and food manufacturers all use barcodes. Vote counting machines (called tabulators) read barcodes in the same way they read the oval positions on a paper ballot—so a summary card with barcodes contains the same data as on a hand-marked ballot. Because barcodes offer a reliable way to accurately read information, the technology all but eliminates the possibility of human error (e.g. poorly marked ballots, misinterpretation of voter intent). Displayed along with human-readable text, summary cards with barcodes are fully auditable.
Click here to read more about how barcodes are read.
Click here to watch a video about how ballots are read.
ES&S views paper records as critical for auditing. In 2018, ES&S decided to no longer sell paperless voting machines as the primary voting device in a jurisdiction because it is difficult to perform a meaningful audit without a paper record of each voter’s selections. ES&S was the first tabulation provider to ask Congress to pass legislation requiring an auditable paper record of every vote cast. Using a physical paper record sets the stage for all jurisdictions to perform statistically valid post-election audits. Every single one of our universal voting machines produces a paper record that can be tabulated and audited.
I understand that ES&S election software operates on Windows. What does that mean for election security?
Election systems are hardened, meaning that the computer that runs Windows is locked down with allowed access only to the functions required to conduct an election. Unused ports are blocked, and unnecessary services are removed. This hardening means that work stations running on Windows platforms are protected from the types of risks more commonly associated with mainstream technologies. For systems that currently use Windows 7, ES&S and Microsoft will provide ongoing support for that software until jurisdictions can upgrade to our latest versions which now incorporate Windows 10.
More than a decade ago, ES&S, along with others in this industry and many other industries, provided software upon customer request for customer workstations—not voting machines—for troubleshooting purposes. While no known issues arose with this practice, ES&S has not provided this capability since 2007 and never provided it for voting machines.
ES&S is 100% American-owned by McCarthy Group and individual members of ES&S management. McCarthy Group originally partnered with the founders of ES&S in 1987 and for more than thirty years has supported ES&S as it has grown into the industry leader with solutions for each step of an election. ES&S’ stable partnership with McCarthy Group has enabled continuous investment in research and development, resulting in new and improved voting technology built with the highest standards of security that help election officials run secure and successful elections.
The elections infrastructure, like the nation’s power grid, is made up of public and private partnerships. As DHS says in describing critical infrastructure, there is a shared responsibility among multiple stakeholders because neither the government nor the private sector alone has the knowledge, authority, or resources to do it alone.