In wake of Mueller report, NC elections officials want answers from electronic pollbook vendor

The name of the firm is blacked out due to "personal privacy" exemptions.

Lawson said, based on the leaked intelligence report and a separate 2017 federal indictment, that VR Systems was a target of the GRU, the Russian military intelligence agency.

But if the company is in fact the one referenced in the Mueller report, Lawson said, it will be the first acknowledgement that hackers were actually successful in compromising the firm's network.

That's important because 17 counties use the company's EViD electronic poll book software on Election Day. The list includes Durham County, which in 2016 experienced software issues that forced poll workers to switch to paper poll books.

State Board of Elections spokesman Pat Gannon said VR Systems failed to immediately explain what happened. When Durham County hired a digital forensics firm to investigate, its report was inconclusive.

In those court filings, elections officials asked VR Systems if it "ever experienced a breach of security regarding EViD." The company's answer: No.

"If there was knowledge of any type of breach and the answer was a two letter answer - 'no' - we need to know why," Lawson said Thursday evening.

In his letter to VR Systems Chief Executive Mindy Perkins, Lawson asks the company to confirm whether it's the one named in the redacted report, whether VR Systems' past statements about its security remain accurate and how secure its systems are going forward.

"If they continue to expect to operate in North Carolina, it's necessary that the board understand their present security," Lawson said.

The company has already told the elections board it expects to respond by early next week.

In a public statement Thursday afternoon, VR Systems said Mueller's report included details "that have been known for several years about the spearphishing attempts made during the 2016 election period."

"Immediately after the spearphishing attempt, VR Systems implemented a comprehensive program to ensure integrity in elections," Chief Operating Officer Ben Martin said in the statement. "This included engaging a leading global cyber security firm to consult, test and monitor VR’s systems and servers and a host of best practices and training with employees and customers."

The statement stops short of acknowledging whether the company is the unnamed vendor in the Mueller report.

Electronic poll book software poses a particular vulnerability in the voting process, Lawson said, because inaccurate information or malfunctioning software can mean longer lines or provisional voting, which can delay the ballot-counting process and discourage voters.

In a statement Thursday evening, Gannon said elections investigators believe "user error" by Durham County poll workers contributed to the voting issues in 2016. But he said that's not conclusive, "in part because the agency lacks the necessary technical expertise to forensically analyze the computers used in Durham County, and other government agencies declined the agency’s requests to evaluate them."

Lawson said he hopes the company's response will provide clarity.

"That file has not been closed," Lawson said. "There are plausible explanations, but they do not fully explain why what happened happened."