American manufacturer admits ‘remote-access’ software installed in EVMs


Electronic Voting Machine (EVM) hacking is a term which has been used widely in Indian politics. Various political parties are often heard alleging that the EVMs have been hacked. However, the Election Commission has time and again rubbished the hacking allegations.

Adding to the ongoing controversy is a new revelation by American EVM maker company, Election Systems and Software (ES&S).

ES&S has reportedly admitted that the company sold remote controlled voting machines in the past. ES&S, in a letter sent to American Senator Ron Wyden, said that remote controlled machines were sold to the local government between 2000 and 2006. According to the letter sent by the company to the senator, there was remote access software in the voting machine for a period of 6 years.

Web portal Motherboard claims to have a copy of this letter and now some serious questions related to the security of the voting machine are being raised.

According to ES&S, between 2000 and 2006, some customers were given remote connection software such as ‘pcAnywhere.’ Between 2000 and 2006, the company was the prime manufacturer of the voting machines in the US. According to the report, in 2006 about 60% votes were cast by ES&S machines.

This software was not in the voting machine, but in the management system terminal which is used to manage the voting machine. The remote software ‘pcAnywhere’ was discontinued in 2007 when the American Election Assistance Commission started implementing the new guidelines for the Election Management Terminal.

The company said that pcAnywhere did not have a connection with hacking software. But cyber security journalist and author Kim Zetter, who got the letter, said, “pcAnywhere is not bulletproof in terms of security. In 2012, hackers had disclosed that they stole the pcAnywhere source code in 2006. After this, Symantec, pcAnywhere software maker, asked customers to remove the old version of pcAnywhere software.”

ES&S said in a statement given to The Verge said, “Between 2000 and 2006, the company had given pcAnywhere Remote Connection software to some customers for technical support, but this software was not for any voting machine. After the EAC guideline, the company stopped giving pcAnywhere in 2007 and no ES&S customer used it.”

Janta Ka Reporter has actively covered the EVM hacking saga in India and earlier exposed the nexus between the beneficiaries of Gujarat Gas Scam and the manufacturer of microchips used in EVMs.

Earlier, American microchip manufacturer, Microchip Inc, acknowledged that their products were open to hacking, tampering and cloning. That, as per the manufacturer’s deposition in the US Court of Law, sharing of machine code (object code) is akin to sharing source code of a computer programme. The EC’s claims that the source code is protected is, therefore, also false.