
US Senator questions ES&S CEO over remote access software on voting machines - rbanffy
https://arstechnica.com/information-technology/2018/03/do-your-voting-machines-connect-to-the-internet-us-senator-ask-ceo/
======
atonse
Between Elizabeth Warren and Ron Wyden, whether you agree with their politics
or not, I just love how they fiercely advocate for citizens and have a nuanced
view on a lot of consumer and privacy friendly issues. Easily my two favorite
senators, even more than ones from my own state (MD).

~~~
ocdtrekkie
Wyden is way too deep in with Google, anyone who shows up on this list is
particularly suspect: [http://valleywag.gawker.com/these-letters-reveal-which-
congr...](http://valleywag.gawker.com/these-letters-reveal-which-congressmen-
google-has-in-it-1663875664)

Specifically, the above are Congressmen who wrote letters begging the EU not
to go after Google for antitrust, all of whom have significant financial
investment from the company. I would say anyone on this list isn't an
"advocate for citizens".

Warren, on the other hand, has picked up a reasonable amount of money from
them, but her corporate contributions are a bit more balanced, Google's
further down on the list, and her words and actions speak for themselves:
[http://time.com/4390274/elizabeth-warren-apple-google-
amazon...](http://time.com/4390274/elizabeth-warren-apple-google-amazon-
competition/)

Warren's quite a bit further liberal than I am, but given the chance, she'd
probably get my vote over most other people on the political spectrum.

~~~
dv_dt
Congress has basically given themselves the permission for insider trading...

[https://represent.us/action/insider-
trading/](https://represent.us/action/insider-trading/)

------
asn0
Click-bait. Important issue, but there's no grilling going on here.

> US Senator Ron Wyden (D-Ore.) sent ES&S Chief Executive Tom Burt a letter

------
cmiles74
TLDR: NYT Magazine found remote access software installed on the machines,
installed by vendor. Vendor issues statement saying that they never would do
such a thing.

~~~
coldcode
Always trust the vendor. At least I had a CIO say that repeatedly. Same CIO
was fired eventually for taking kickbacks. Sorry, I never trust the vendor.

------
mnm1
This has been a vital issue now for almost two decades and clearly no one
cares that voting machines can be hacked. If they did, we wouldn't be using
them at all. This shit has been going on so long, I simply assume elections
that are held with such machines are held with such machines intentionally so
the results can be manipulated. There is no reasonable reason for a system to
use such machines when tried and true methods exist except to manipulate the
election. It's not like these machines were installed by mistake. They were
deliberately installed with one and only one purpose in mind.

------
dahdum
I like how their statement leaves wide open the possibility that _after_ the
sale of the machine, they install and use the remote software themselves. Say
as part of a support package.

------
shkkmo
I'm a bit confused...

"The article challenged the oft-repeated assurance that voting machines are
generally secured against malicious tampering because they're not connected to
the Internet."

Having remote access software pre-installed has nothing to do with being
connected to the internet (aside from the fact that remote access software
won't work without the internet).

These machines should not have ethernet plugged in and should have any wifi
card completely disabled. It shouldn't matter if remote access software is
installed.

------
Twirrim
It seems like there's a gap in the logic here.

They're taking it as read that if a remote access / administration application
is installed, the voting machine must have connectivity.

Well yes, if the application was to work it _would_ require remote access, but
you can install all sorts of software on a machine without it having
connectivity.

~~~
murph-almighty
>you can install all sorts of software on a machine without it having
connectivity

Yeah but airgapped machines are a hell of a lot harder to tamper with. Someone
is more likely notice if a malicious actor plugged a flashdrive into a machine
than if someone ssh'd into the machine.

------
beams_of_light
Are you kidding me? PC Anywhere on our voting machines??

I can't take much more. We're truly becoming an Idiocracy.

