Anonymous ID: a34a81 Nov. 6, 2020, 5:09 p.m. No.11510468   🗄️.is đź”—kun

Meanwhile, weak state or federal guidance leaves many cybersecurity companies doing whatever they want, according to Joshua M Franklin, president and co-founder of Outstack Technologies, a cybersecurity company that helps protect campaign and election infrastructure.

 

Joshua M Franklin

“There are no technical standards or best practices from the US federal government on the security of voter registration systems,” Franklin said. “One to two pages [of guidelines] don’t cut it. Similarly, we are missing technical security specifications that election night reporting or blank ballot distribution systems must meet.”

 

Like voting machine vendors, companies providing voter registration and election-night reporting services have their own history with security lapses and false statements. Very little is known about the contracts and relationships between states and vendors such as PCC and Scytl that provide voter registration or other online election services.

 

When it was discovered three days before the 2018 midterms that poor cybersecurity left Georgia’s voter registration system vulnerable to being altered, it was unclear whether the state or the company were responsible for the failures. Computer security experts tested the systems of two other states also listed as clients by PCC. One of the coding problems also existed in North Carolina and Washington, though the way the states structured their websites muted the potential hazard faced in Georgia.

 

The North Carolina state board of elections says that it never contracted with PCC. Instead, it contracted with Quest Information Systems, which was bought by PCC’s parent company, GCR, Inc, then folded into PCC seemingly without notifying several clients. Further, those services did not amount to work on the voter registration system, as PCC’s website claimed, and North Carolina is no longer a client in any capacity to either company. The apparent error on North Carolina’s voter information site – which never posed a threat to the state’s voter registrations or elections integrity, mostly because the state does not do online voter registration – has since been fixed.

 

Information on which states PCC contracts with is hard to come by, with the best data seemingly on PCC’s own website. PCC claims that its technology is responsible for the registration for nearly 25% of US voters.

 

https://www.theguardian.com/us-news/2019/apr/22/us-voting-machine-private-companies-voter-registration