• United States



Senior Editor

One election-system vendor uses developers in Serbia

News Analysis
Oct 05, 20163 mins
Election HackingSecurity

Election-system development is not unlike other software development

Election 2016 teaser - Lack of trust in a broken election or divided vote

Voting machines are privately manufactured and developed and, as with other many other IT systems, the code is typically proprietary.

The use of proprietary systems in elections has its critics. One Silicon Valley group, the Open Source Election Technology Foundation, is pushing for an election system that shifts from proprietary, vendor-owned systems to one that that is owned “by the people of the United States.”

But today, election system makers can operate in much the same manner as any vendor to build code; that includes using overseas developers.

One major election technology company, Dominion Voting Systems (DVS), develops its systems in the U.S. and Canada but also has an office in Belgrade, Serbia. It was recently advertising openings for four senior software developers in Belgrade.

“Like many of America’s largest technology companies — which develop some of the software for their products in places like Asia, India, Ireland and the Mideast — some of our software development is undertaken outside the U.S. and Canada, specifically, in Serbia, where we have conducted operations for 10 years,” said firm spokesman Chris Riggall, in an email.

[ MORE FROM THIS SERIES: See CSO’s package of stories on election hacking ]

Dominion said it takes measures “to ensure the accuracy, integrity and security of the software we create for our products.”

“First, all of our software is developed in-house by DVS employees and this work is not outsourced to third parties. Second, we rigorously pre-screen all new hires to identify any potential security concerns among any personnel involved in product development. Third, we conduct extensive internal testing of all new software to evaluate the functionality, accuracy and security of the code designed for our systems,” said Riggall.

[ For more, see Hacking the Election: Myths and Realities ]

The software “is subjected to rigorous review, analysis, testing and certification by election authorities at the federal, state and local level, including the federal Election Assistance Commission,” said Riggall. The election system purchasing is managed by states and local governments. Once the code is certified, any changes require a new round of certification testing by election authorities, he said.

Alan Paller, president and director of research at the Sans Technology Institute, read Dominion’s statement and said the “general care this vendor shows in this statement gives me no reason to believe there’s any greater risk there than in any other company that manufacturers voting systems.”

Paller said that “one shouldn’t feel complacent about maintaining software development and manufacturing all within the United States because foreign agencies have successfully placed technically competent spies on the payroll of American technology companies.”

But Suzanne Mello-Stark, a forensic computer scientist at Worcester Polytechnic Institute with a focus on voting machines, wants software and hardware transparency in voting systems.

“The systems are proprietary and we don’t know what the code looks like,” said Mello-Stark.

Next: If the election is hacked, we may never know