With experts warning about hackers and insider sabotage as Amazon expands into the business of elections, should American voters worry about officials putting all their eggs in one basket?
Amazon Web Services (AWS) has increasingly become involved with both “state and local elections,” noted Reuters inn an article titled “How Amazon.com moved into the business of U.S. elections.” “More than 40 states now use one or more of Amazon’s election offerings,according to a presentation given by an Amazon executive this year.” But security experts are concerned about how risky AWS’s decentralization of election data will be.
The research done by the outlet has been extensive, including “previously unreported company presentations and documents,” which Reuters has viewed, and also including “two dozen interviews with lawmakers, election administrators, and heads of election security and technology in nearly a dozen states and counties that use Amazon’s cloud.”
While AWS does not handle voting on election day per se, noted Reuters, “AWS - along with a broad network of partners - now run state and county election websites, stores voter registration rolls and ballot data, facilitates overseas voting by military personnel and helps provide live election-night results.”
Amazon’s increasing involvement in the elections process, as observed by Reuters, “could undermine what many officials view as a strength of the U.S. voting system: decentralization.”
While Precog Security co-founder David O’Berry said that moving to AWS is “a good option for campaigns, who do not have the resources to protect themselves,” Reuters warns, “putting data from many jurisdictions on a single system raises the prospect that a single major breach could prove damaging.”
Director of cyber risk research at cybersecurity startup Upguard Chris Vickery commented that this increasing involvement makes Amazon a “bigger target” for hackers and “increases the challenge of dealing with an insider attack.”
Vickery “uncovered at least three instances where voter data on Amazon’s cloud servers was exposed to the internet, which have been reported previously.” In 2017, for example, Vickery discovered that “a Republican contractor's database for nearly every registered American voter hosted on AWS exposed on the internet for 12 days,” and in 2016, he found out that “Mexico's entire voter database on AWS servers was leaked.”
Another damning example was when a “former Amazon employee” perpetrated a recent hack into Capital One Financial Corp’s data stored via Amazon’s cloud service. “The breach affected more than 100 million customers,” Reuters claimed, “underscoring how rogue employees or untrained workers can create security risks even if the underlying systems are secure.”
One AWS spokesperson told Reuters, “Over time, states, counties, cities, and countries will leverage AWS services to ensure modernization of their elections for increased security, reliability, and analytics for an efficient and more effective use of taxpayer dollars.”