That’s what The NY Times says was discovered in Pennsylvania’s vote tabulation machines in 2018. (Pennsylvania uses voting machines produced by the same company North Carolina’s voting machines are.)
In August 2019, a number of ES&S voting machines were found to still be connected to the Internet. ES&S admitted to installing remote access software on “some” of its machines.
A congressional probe led by Oregon senator Ron Wyden (D) found that ES&S products “reportedly rel[y] on remote access software.”:
[…] ES&S officials told the NYT Magazine that none of its employees had any knowledge of company machines being sold with remote-access software. The article, however, leaves little doubt that in at least some cases ES&S employees arranged for the equipment to come pre-installed with the software or for it to be installed after purchase. The practice has serious consequences for the security of the equipment, since anyone who can obtain login credentials or exploit vulnerabilities in the software can gain control over systems and potentially alter voting tallies.[…]
More questions around these machines arose prior to the 2020 vote:
[…]ES&S markets its machines to include an optional modem, which can connect them to the internet. Modems allow election officials to get quick preliminary results, and also help ES&S maintain the machines.
The US Election Assistance Commission (EAC) is a federal organization that acts as a clearinghouse for voting equipment. According to a letter sent to the EAC on Jan 7, though only models without the modem are approved by the EAC, ES&S continues to market one model of its machines, the DS200, in ways that obfuscate the fact that modem-equipped models are not EAC-approved.[…]
Since the report broke, several states, such as North Carolina andFlorida(pdf), have either adopted or continue to use ES&S equipment, despite warnings of the machines’ security vulnerabilities. Some believe the EAC, an agency that is consistently understaffed and underfunded, lacks the authority to protect voters in this year’s election. “Perhaps not surprisingly, the last two major meetings of the EAC and local election officials about the certification process have resulted in screaming matches over the slow pace of progress,” according to a ProPublica story published on Oct 28.[…]
What are we to think when the NC state board of elections is warned and warned and warned about these machines, but continues to allow them to be used in the state’s elections?
Could this question about modems and remote access software be the *justification* for all of the redactions ES&S made to its official pitch for North Carolina’s business?