On October 7, 2022 during the Electoral Board meeting in Prince William County, General Registrar Eric Olsen briefly addressed the County’s position on the arrest of the CEO of Konnech.
On Sep 9, 2022, Elizabeth Block of the Election Integrity Working Group in Prince William sent an advisory on Konnech to the General Registrar.
The official announcement by the Prince William County Elections Office on the Konnech matter is below. It did not come until a few days after the arrest of Konnech’s CEO on October 4, 2022:
Our office used a cloud-based Web interface called PollChief developed by Konnech that manages election officer data. Under our contract, the servers were stated to be in the United States (in Michigan and California).
On Oct. 5, 2022, we learned that the director of Konnech was arrested on charges related to allegedly housing data on servers in China. We have suspended using this product and are erasing any data contained on their server to avoid any further data issues.
We want to clarify a few things related to this product:
PollChief is not software loaded on a computer, but a website we use.
PollChief houses only election officer information (names, address, DOB, and contact information).
PollChief contains no financial data or social security numbers.
PollChief is not connected to the state voter registration system or voting equipment in any way.
We are sorry for any inconvenience for our officers. Hundreds of counties around the country use this software and if the allegations are true, the security and/or location of the servers used was misrepresented to us.
Unlike Fairfax and Loudoun Counties, which responded immediately regarding their termination of their contracts with Konnech, the Prince William County Electoral Board had no comment. There also was no mention of a termination of contract by Prince William County, but used the words “suspended the use of this product.”
Every ounce of data held on a server in China is the property of the Chinese Communist Party.
Several risks are still present due to the disclosure of the names, addresses, phone numbers and emails of the Election Officers and any other staff listed in Poll Chief since it was introduced. If the Pollchief Asset Management System was used, that introduced additional risk. In Prince William this is not the case.
Suspicions are they are looking to gain credentials of election equipment and VERIS access, perhaps being less interested in the average election officer but those with such credentials, polling place layouts, and the like.
The fact that these individual’s PPI such as SSN and full DOB are not included in Poll Chief is helpful but from a cyber security perspective largely irrelevant, because the primary cybersecurity threat is the identification of potential targets for insider threats.
A summary of insider threats is here, at the Virginia Information Technology Agency website: https://www.vita.virginia.gov/information-security/awareness/information-security-tips/september-2021.html
Michael Watson, CISO at VITA, is a capable expert and has spoken about insider threats as his greatest concern in cyber security. His LinkedIn page is here if you would like to contact him: https://www.linkedin.com/in/watsonmj/
Statement by True the Vote on the Konnech arrest.
Konnech was paid with government grants to develop various software to assist with voting. Konnech also wrote the software that enables the Uniformed and Overseas Citizens Absentee Voting (UOCAVA). The citizens living abroad category, part of the non-military UOCAVA voters, and these ballots had very heavy influx in 2020. For a recent update from Jovan Hutton Pulitzer, on 10/13/22, starting at about 20 minutes, is at https://rumble.com/v1nvarw-arrest-over-election-crime-highlights-huge-loophole-and-discrepancy.html