America’s largest (and arguably most problematic) voting machine vendor is ES&S, not Dominion Voting

In September 2020, a Texas examiner’s report said there was a “ bug” in ES&S’s hash verification script. What happened after is unknown.

By Jennifer Cohn

First, a cautionary note. Close partisan associations and corruption involving voting machine vendors are inappropriate, and significant discrepancies between polling and official outcomes are unnerving and fair game for reporting, as are voting-system vulnerabilities and the many electronic “glitches” that occur in elections. But they do not prove fraud. Moreover, we cannot typically prove that election outcomes are wrong without conducting robust manual audits using hand marked paper ballots (with an exception for voters with disabilities). This is why the Democrats proposed the SAFE Act, which would have required robust manual audits for all federal races this year and banned most of the touchscreen voting machines currently in use. It also would have banned internet connectivity to voting systems. But the GOP killed the SAFE Act.

Republicans nonetheless have the audacity to complain after the election about lack of security and transparency, knowing full well that they are primarily responsible for these problems, that they did better (not worse) than polls predicted, and that they went out of their way to block manual recounts in the presidential elections of 2000 and 2016.

Meanwhile, Republicans have directed their belated election-security ire almost exclusively at Dominion Voting. They have conspicuously given short shrift to America’s largest and arguably most corrupt voting machine vendor, Election Systems & Software, LLC (ES&S), whose systems in Texas had a software “bug” as of September 2020 that could in theory have enabled ES&S or others to install unauthorized software. (For unknown reasons, the Texas Secretary of State waited until December to post the September report.) The GOP’s cherry picking is dangerous because it could give ES&S even more corrupt control over U.S. elections than it currently has.

The GOP’s apparent blind spot for problems involving ES&S is curious. Before the GOP began screaming “Dominion, Dominion, Dominion,” most of the negative press about the elections industry in the U.S. had for years focused on ES&S. And for good reason.

ES&S, which was previously called American Information Systems (AIS), was founded in the 1970’s by two brothers, Bob and Todd Urosevich, in Omaha, Nebraska. According to Mother Jones, ES&S received its initial financing from the families of Religious Right activist billionaires Howard Ahmanson, Jr. and Nelson Bunker Hunt. (As far as I know, they do not currently have a stake in the company.) Ahmanson and Hunt were both heavy contributors to the Chalcedon Foundation, Christian Reconstruction’s main think tank. According to ABC News, Hunt also co-founded a secretive networking group for the Religious Right and right-wing billionaires called the Council for National Policy (CNP) to which Ahmanson belonged as well.

Based on the CNP’s 2014 directory (published by the Southern Poverty Law Center) and reporting in the New Yorker, recent CNP members include Kelly Anne Conway, Steve Bannon, and the Mercers, all alumna of the now defunct data analytics firm called Cambridge Analytica, which infamously accessed voters’ personal Facebook data without their permission on behalf of the 2016 Trump campaign.

According to the CNP’s 2014 vision statement, the group’s goal is to “reestablish” what it calls “religious and economic liberty” under the US Constitution by 2020. I wrote an article about the CNP here:

From 1992 until 1996, ES&S’s chairman was Chuck Hagel, a Republican, who resigned from ES&S a few days before announcing his intent to run for the U.S. senate. During the campaign, Hagel courted the Religious Right by declaring that he opposed abortion even in the case of rape and incest. Polls from three days before the election called the race a “dead heat,” but Hagel “trounced” his opponent by “fifteen points.” His opponent did not seek a recount.

Hagel was the first Republican to win a Nebraska senate race since 1972. According to the Daily Kos, Hagel “miraculously won virtually every demographic group in the state, including large African American communities that had never previously voted Republican.” Nebraska officials reportedly told The Hill that “machines made by AIS [Hagel’s company] probably tallied 85 percent votes cast in the 1996 vote.”

To this day, ES&S is controlled in whole or part by the McCarthy Group, a private equity firm whose chairman, Mike McCarthy, was Hagel’s campaign treasurer. McCarthy is a also a member of ES&S’s board of directors.

In 2002, as previously reported by Black Box Voting author Bev Harris, Democrat Don Siegelman’s victory in the Alabama governor’s race was overturned due to an alleged glitch involving ES&S machines: “Six thousand three hundred Baldwin County electronic votes mysteriously disappeared [from Siegelman’s total in a single precinct] after the polls had closed and everyone had gone home.” According to Siegelman, Karl Rove’s client, the Alabama Attorney General, immediately seized the paper ballots to prevent a recount and illegally certified Riley’s win. Harris says that Mark Kelley of ES&S offered the following non-explanation: “Something happened. I don’t have enough intelligence to say exactly what.”

What occurred next — the political prosecution of Siegelman by the wife of his opponent’s campaign advisor — is one of the dirtiest and most upsetting episodes in American political history. It is detailed, along with the election night “glitch,” in the documentary, Atticus v the Architect, which is free for Amazon Prime customers. (In my opinion, everyone should watch it.)

In 2006, in Sarasota, Florida, touchscreen voting machines supplied by ES&S showed that “More than 18,000 voters…, or 13 percent of those who went to the polls,” had declined to vote in a hotly contested Congressional race...” By contrast, “only 2 percent of voters in one neighboring county within the same House district and 5 percent in another skipped the Congressional race…”

More than 100 voters told the campaign of Democrat Christine Jennings, who officially lost by just 373 votes, that “their votes for her did not show up on the summary screen at the end of the touchscreen voting process, and that they had to re-enter them.” Jennings’s attorneys said they “feared that not everyone had noticed the problem or realized that they could re-enter the vote.” The firestorm over these “vanishing votes” caused Florida to eventually ban touchscreen voting (except for voters with disabilities) and switch to paper ballots and scanners.

The same year, Debra Bowen, who was California’s Secretary of State at the time, sued ES&S for selling at least five California counties a version of its AutoMark ballot marking system that hadn’t yet been tested or certified for use in the state or the country. Bowen said at the time that ES&S had “ignored the law over and over again and it got caught…” ES&S later paid $3.25 million to settle the case.

Also in 2007, a team of researchers at the University of Pennsylvania Department of Computer Science found “numerous exploitable vulnerabilities in nearly every component” of ES&S’s optical scanners (for counting paper ballots) and direct record electronic (DRE, usually touchscreen) voting machines.

The same year, Jennifer Brunner (D), who was Ohio’s Secretary of State at the time, commissioned an analysis called the Everest report, which also found significant vulnerabilities in ES&S systems. The report concluded that those vulnerabilities “demonstrate the capability for attackers to execute arbitrary code on many of the components given access to them. Further, specific scenarios were identified where attackers who successfully gained access to the systems and exploited identified vulnerabilities could likely impact the results of elections.”

In 2008, during the Republican presidential primary in Cochise, Arizona, an ES&S “computer glitch” caused Mitt Romney to be erroneously declared victorious over John McCain (an error that was later corrected). After the election, Cochise county election officer, Tom Schelling, stated that “[i]t was a cumulative (computer) error that just kept adding the results for five polling places every time new figures were added.”

Several days before the 2012 election, as reported by Brad Friedman, Ohio attorney Bob Fitrakis learned that Ohio Secretary of State John Husted, a Republican, had quietly allowed ES&S to install uncertified patches on ES&S machines in thirty-nine of Ohio’s eighty-eight counties.

According to the Washington Spectator, although the court refused to grant relief so close to the election, she told Fitrakis “You can always ask for a recount [after the election]; if I draw that case I’m happy to look at it and maybe make a determination of who should pay for it.” He apparently found it unnecessary to request a recount after the election because Barack Obama defeated Mitt Romney. White hat hackers from the group Anonymous claimed to have derailed a plan orchestrated by Karl Rove to hack the election in Ohio that year, but they never provided proof. On election night, Karl Rove had his infamous on air meltdown on Fox News when he would not accept that Obama had won the state.

Beginning in 2015, ES&S began quietly installing cellular modems in precinct ballot scanners in some counties in swing states such as Florida and Michigan. At some point, it added them in some counties in Wisconsin, Illinois, and beyond. As reported by Kim Zetter earlier this year, these modems connect both the scanners and the receiving end systems to the internet, but officials claimed otherwise. ES&S systems containing modems were never certified by the Election Assistance Commission, but ES&S falsely implied to its customers that they were, as further reported by Zetter this year.

It was on ES&S’s watch that 127,000 votes vanished from Diebold machines in predominantly African American precincts in Georgia during the 2018 midterm elections, as reported in the Root. (By then, the Department of Justice had forced ES&S to dissolve Diebold, its subsidiary, on anti-trust grounds, but ES&S had kept most of its contracts.)

Likewise, votes from predominantly African American precincts in Memphis vanished from Diebold machines serviced and maintained by ES&S in 2015, as initially reported in Bloomberg and as I discussed earlier this year with Bennie Smith, the election commissioner who made the discovery. Neither situation was ever explained.

Since 2013, ES&S has donated $30,000 to the Republican State Leadership Committee whose mission is to elect Republicans to state office. It may also have donated to the Democratic corollary of RSLC, but I’ve been unable to confirm this. A few years ago, ES&S donated to Senate Majority Leader Mitch McConnell (R), who then killed proposed election-security legislation.

ES&S has also provided secret donations and other gifts to state and county election officials who, in the past few years, have then chosen ES&S’s insecure new touchscreen systems for use by most in-person voters.

By choosing these new ES&S touchscreen systems, which are called ballot marking devices, officials ignored the advice of election-security experts who recommended hand marked paper ballots instead. In Northampton County, Pennsylvania, where an ES&S representative had assured election officials that “miscalibration” would not be an issue with its new touchscreens (“Scouts honor,” he said), dozens of the county’s new ES&S touchscreens were miscalibrated during an election in 2019. Similar problems occurred in neighboring Philadelphia, whose decision makers (which included a Democrat and a Republican) had each received donations from ES&S lobbyists before choosing the system. I compiled much of the national news regarding ES&S corruption and its new touchscreen voting machines here:

This article by Greg Gordon at McClatchy exposed ES&S’s corrupt advisory board for county and state officials — including officials in South Carolina, Pennsylvania, Texas, and New York — which recently disbanded due to the media fallout from Gordon’s piece. One former board member was South Carolina’s election director Marci Andino. In 2018, South Carolina reported that “Andino had accepted nearly $20,000 in expenses during her decade as an adviser for ... [ES&S].” The state went on to buy new ES&S systems for use throughout the state.

In 2017, a cybersecurity firm called Upguard discovered that ES&S had leaked 1.8 million Chicago voter records. ES&S, which acknowledged and corrected the leak, said the data “contained names, addresses, birthdates, partial social security numbers and some driver’s license and state ID numbers stored in backup files on a server.”

In 2018, as reported by Zetter, ES&S finally admitted, despite prior denials that it had installed remote access software in election management systems (which include county tabulators that compile precinct totals) sold between 2000 and 2006. ES&S later told NPR that it had 300 remote-access customers. It refused, however, to identify those customers. It claims the software has been removed but won’t say when it was removed.

The same year, “NBC News examined publicly available online shipping records for ES&S for the past five years and found that many parts, including electronics and tablets, were made in China and the Philippines, raising concerns about technology theft or sabotage.” Although ES&S often boasts that it is an American company, its central scanners are designed by a German company called Datawin.

Earlier this year, as first reported by Zetter and then by NBC News, a team of researchers led by Kevin Skoglund discovered that thirty-five of ES&S’s receiving-end systems had been left online for months and, in some cases, perhaps years. This included the swing states of Michigan, Florida, and Wisconsin.

Most recently, a “bug” identified in a September 2020 Texas examiner’s report involving ES&S’s “hash verification script” could have allowed ES&S to install (without detection) unauthorized software in its DS200, DS850, DS450, ExpressVote & ExpressVote XL voting systems.

I do not know whether or not this occurred (installation of unauthorized software) or how many states and how many elections were potentially impacted by this bug. But the equipment listed in the Texas report is used throughout the U.S. There is no indication on the Texas Secretary of State’s website as to how, if at all, this bug was addressed. I have submitted a public records request seeking answers. If there was a certified update addressing this bug, I have been unable to find any reference to it on the Election Assistance Commission’s website.


Meanwhile, for many years, America’s second largest voting machine vendor was Global Election Systems (later called Diebold Election Systems and then Premier Election Systems). Global was related to ES&S in that Bob Urosevich, who co-founded ES&S with his brother Todd, joined Global in 1997 and was named president of the company in September 2000, while Todd remained at ES&S as a vice president.

In September 2000, with Bob Urosevich at the helm, Global bought an election company for $4 million from a convicted embezzler named Jeffrey Dean whose crimes involved sophisticated computer tampering, a discovery made by Black Box Voting author Bev Harris. An SEC filing obtained by Harris shows that, as a result of the acquisition, Dean became Global’s largest shareholder. Dean was also a Global vice president where he oversaw computer programming. A few months after he joined Global, a convicted cocaine trafficker who he met in prison, John Elder, joined the company to oversee the printing of paper ballots and punch cards for several states. This, too, was discovered and first reported by Harris.

It was a Global machine that inexplicably subtracted 16,000 votes from Al Gore’s vote total in 2000 in Volusia County, Florida, an election that Bush reportedly won by just 537 votes in Florida. The error was corrected before the result was certified, but the Supreme Court blocked a statewide recount, so we don’t know if other such errors might have occurred.

A Republican whistle-blower named Clint Curtis later testified to the House Judiciary Committee that Representative Tom Feeney, a former running mate of Florida Governor Jeb Bush, had asked him to design a vote-flipping program for that election. He passed a polygraph. But although some House Democrats took him seriously, the media did not. His claim could not be independently corroborated because too much time had passed, and the software was proprietary anyway.

In 2002, Global was acquired by ATM manufacturer Diebold, Inc. and changed its name to Diebold Election Systems. Although Diebold claimed to have parted ways with Jeffrey Dean, Bev Harris obtained internal Diebold memos, which showed that Dean had maintained a consulting relationship with the company. (I don’t know when Dean left the elections business, but I’m told that he likely has.)

The first state to deploy touchscreens statewide was Georgia, which chose Diebold as its vendor. That election resulted in several poll-defying Republican wins, including Saxby Chambliss’s defeat of Max Cleland, who was a popular incumbent and war hero. The defeat of Democrat Roy Barnes by Sonny Perdue, a confederate flag defender, was another stunning upset in that election. A manual recount was impossible because the machines were paperless. I wrote extensively about that election here:

Diebold whistleblowers later told the media that the company had installed uncertified software patches in Georgia before the 2002 election, although Diebold denied it. (I saw a Raw Story article the other day that referenced documents proving the Georgia Secretary of State was aware of the uncertified patches, but it’s since been removed.)

Diebold, Inc.’s chief executive officer, Walden O’Dell, was a member of George W. Bush’s Rangers and Pioneers, which the New York Times described as “an elite group of loyalists who have raised at least $100,000 each for the 2004 race.” In 2003, O’ Dell achieved infamy for sending a letter to other potential donors in which he stated that he was “‘committed to helping Ohio deliver its electoral votes to the president next year…’”

In August 04, as first reported by and later by me for the New York Review of Books, the DHS issued a Cyber Security Bulletin re: Diebold’s ‘GEMS’ central tabulator, stating that ‘a vulnerability exists due to an undocumented backdoor account, which could [allow] a local or remote authenticated user [to] modify votes.’”

The same year, a team of test hackers in Maryland from RABA Technologies “was able to remotely upload, download, and execute files with full system administrator privileges. Results could be modified at will, including changing votes from precincts.” The team was reportedly “able to change votes and exit the system without a trace of their visit.”

Also in 2004, Diebold received negative publicity for installing uncertified software in seventeen California counties.

According to the Guardian, the embezzler at. Global/Diebold “programmed one third of the machines in thirty-seven states used in the 2004 presidential election between George W. Bush and John Kerry.

In the key 2004 battleground state of Ohio, two counties used Diebold voting machines; most of the eighty-seven counties used machines supplied by Triad, which was owned by Brett Rapp — a consistent (though modest) donor to Republican causes — and ES&S. All three vendors had Republican ties, and all three sold systems during that time frame with remote access software installed in county election management systems, which typically include county central tabulators for compiling precinct totals (though it is unknown if the ES&S and Diebold systems supplied to Ohio included such software). Exit polls suggested that Kerry would solidly defeat Bush, but official results handed the victory to Bush instead. Kerry conceded without a fight.

U.S. voters were told to ignore the exit polls in 2004 even though the Bush administration itself had helped fund exit polls for Ukraine’s presidential election that year and had cited those exit polls as a reason to pressure Ukraine into re-doing the election because official results had conflicted with them. Ukraine did re-do its election that year. The second time around, the official result in Ukraine harmonized with the exit polls, which had predicted that pro-West candidate Viktor Yuschenko, who had been poisoned with dioxin during the campaign, would defeat pro-Russia candidate Viktor Yanukovych. (I’ve seen no indication that Ukraine’s election used Global/Diebold, ES&S, or Triad machines.)

Back in the U.S., in November 2006, a group called Epluribus published proof that Ohio’s reported results in 2004 were published not by the Ohio Secretary of State but by Smartech in Chattanooga, Tennessee, which also hosted the Bush White House’s emails and was owned by a Republican operative named Jeff Averbeck. Although not proof of fraud, the revelation was understandably alarming to those who already had concerns about the 2004 election. (In June 2020, Smartech’s parent company, Airnet, signed a contract with the state of Georgia, whose upcoming run-off races will decide control of the US senate, although I’ve seen no indication that the contract involves elections. It was soychicka on Twitter who alerted me to the Georgia/Airnet contract.)

In May 2007, Florida State University’s Security and Assurance in Information Technology (SAIT) laboratory “released a scathing report in which they describe[d] a glitch in Diebold’s optical-scan firmware that enabled a ‘type of vote manipulation if an adversary can introduce an unofficial memory card into an active terminal prior to an election. Such a card can be preprogrammed to essentially swap the electronically tabulated votes of two candidates or reroute all of one candidate’s votes to a different candidate.”

In 2009, ES&S acquired Diebold (which had changed its name to Premier Election Systems), making the relationship between the two companies official and giving ES&S control of approximately 70 percent of the market.

When Senator Chuck Schumer (D) caught wind of the acquisition, he asked the Department of Justice’s anti-trust division to investigate.

In 2010, the DOJ forced ES&S to dissolve Diebold and sell some of Diebold’s assets because the combined company had accounted for 70% of US election equipment. That year, a Canadian company called Dominion Voting bought Diebold’s intellectual property rights and warehoused equipment.

According to a 2017 analysis by the Wharton Business School, ES&S now accounts for about 44 percent of US election equipment, and Dominion 37 percent. But these numbers may mislead. The analysis placed all Diebold equipment in the Dominion column because Dominion purchased all of Diebold’s intellectual property rights. ES&S, however, retained most of Diebold’s servicing and maintenance contracts, which is where most of the control over elections comes from.

This Verified Voting map from a few years ago shows in orange all states that use ES&S election equipment in at least some counties — either precinct machines or central count scanners. (Georgia has since switched to Dominion, perhaps due to the vanishing black votes scandal with ES&S/Diebold in 2018.) As you can see, ES&S’s influence over U.S. elections is staggering. (I would provide an updated map but the last time I checked, Verified Voting’s tool no longer included this function. I believe the only major change is Georgia’s switch to Dominion from ES&S. I’m told that California may no longer use ES&S at all — up until a few years ago, they still used ES&S for vote by mail in some places.)

Which raises the question again. Why are Republicans ignoring ES&S? Texas’s corrupt attorney general, Ken Paxton, recently went so far as to try (unsuccessfully) to overturn other states’ elections.Meanwhile, he has ignored that ES&S voting systems in his own state had a security “bug” as of September 2020 that could in theory have allowed the installation of unauthorized software.

As noted, the Texas Secretary of State’s website has thus far not reported on how, if at all, this “bug” was addressed. Perhaps this is something that deserves our attention.

You can identify what voting machine vendor is used in your county by using Verified Voting’s Verifier tool. Please note, however, that I believe the Verifier (like the Wharton report) puts all Diebold equipment in Dominion’s column because Dominion has the intellectual property rights, even though ES&S kept the servicing and maintenance contracts for most Diebold systems, and the contracts are what gives a vendor control.

This Brennan Center Voting System Failure Database is an excellent resource for more examples of voting-machine problems.

This report by Fair Fight Action regarding ES&S is very comprehensive and helpful as well. It appears that Fair Fight Action is continually updating it.

Updated 12/25/20

I supplemented this piece to include the 2002 Alabama gubernatorial race, the Diebold whistleblowers who claimed the company had installed uncertified software patches before the 2002 election in Georgia, the 2004 DHS cybersecurity bulletin re: Diebold’s “back door,” the use of Diebold machines in the 2004 presidential election, the use of Triad machines in Ohio in 2004, Rove’s 2012 on air meltdown and Anonymous’s claim about that election, the reference to Diebold changing its name to Premier, and multiple graphics.

Updated 12/27/20

I supplemented this piece to include a discussion of exit polls in the US 2004 presidential election, Ukraine’s 2004 election, and Smartech’s involvement in the 2004 election in Ohio. I added a few more graphics as well to break up the piece, which is long!

Attorney and Election Integrity Advocate #ProtectOurVotes #PaperBallotsNow @jennycohn1

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store