Glider from the game of Life, rising from the left




Topic: #proprietary-code

Remote Access to Election-Management Systems


But of course. It's not a bug — it's a feature.

“Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States”
Kim Zetter, Motherboard, July 17, 2018

The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.

In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had “provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006,” which was installed on the election-management system ES&S sold them.

The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. …

ES&S customers who had pcAnywhere installed also had modems on their election-management systems so ES&S technicians could dial into the systems and use the software to troubleshoot, thereby creating a potential point of entry for hackers as well.

In May 2006 in Allegheny County, Pennsylvania, ES&S technicians used the pcAnywhere software installed on that county's election-management system for hours trying to reconcile vote discrepancies in a local election, according to a report filed at the time. And in a contract with Michigan, which covered 2006 to 2009, ES&S discussed its use of pcAnywhere and modems for this purpose. …

In 2006, the same period when ES&S says it was still installing pcAnywhere on election systems, hackers stole the source code for the pcAnywhere software …

Security researchers discovered a critical vulnerability in pcAnywhere that would allow an attacker to seize control of a system that had the software installed on it, without needing to authenticate themselves to the system with a password. And other researchers with the security firm Rapid7 scanned the internet for any computers that were online and had pcAnywhere installed on them and found nearly 150,000 were configured in a way that would allow direct access to them. …

In its letter to Wyden, ES&S defended its installation of pcAnywhere, saying that during the time it installed the software on customer machines prior to 2006, this was “considered an accepted practice by numerous technology companies, including other voting system manufacturers.”

That's the problem, all right. My guess is that installing remote-access backdoors is still a universal practice among makers of proprietary election-management devices, though perhaps “accepted” is no longer the right word for it. There's an obvious need for remote access in this day and age: Without it, how would the managers of elections be able to determine their outcomes?

#voting-machines #backdoors #proprietary-code

Most Software Failures Are Ignored


“Don't Worry about the Ethics of Self-Driving Cars”
Cathy O'Neil, Bloomberg View, April 6, 2018

The problem arises from the subtlety of most algorithmic failures. Nobody, especially not the people being assessed, will ever know exactly why they didn't get that job or that credit card. The code is proprietary. It's typically not well understood, even by the people who build it. There's no system of appeal and often no feedback to improve decision-making over time. The failures could be getting worse and we wouldn't know it.

A while ago, journalists were writing about how good Silicon Valley companies are with software and how surprisingly bad they are with hardware such as drones and spaceships. I think that's dead wrong. Not because startups have been building great delivery drones, but because there's absolutely no reason to think they're doing much better with software. We simply don't know how to look for their failures.

#software-quality #self-driving-cars #proprietary-code

Hashtag index

This work is licensed under a Creative Commons Attribution-ShareAlike License.

Atom feed

John David Stone (

created June 1, 2014 · last revised December 10, 2018