Election Software Firm Gave ‘Superadministrator’ Privileges to Contractors in China

0
1051

Eugene Yu, a Chinese immigrant, and CEO of Konnech was arrested on October 4. He is believed to have been “assailled as part of an investigation into possible theft of personal information of [Los Angeles County] election workers.”

Another shocking aspect of the story was the announcement by George Gascon, the LA County District Attorney, that the arrest and extradition had been announced and that investigators from Gascon’s office were working on the case.

Konnech offers a software program called PollChief that schedules election workers, and helps with logistics and supply chain procedures. In 2019, LA County signed a contract to Konnech. A sole-source contract of more than $2million was also finalized in 2020. The contract required Konnech to comply with federal and state law as well as various information security procedures. An investigator from the LA County District Attorney’s Office described these in a complaint that was submitted to support Yu’s arrest warrant.

This complaint is dated October 13, 2022 and contains additional information. It does not contain any confidence in the security or integrity of our election information.

Despite Eugene Yu’s assertion in a verified court pleading “all Konnech’s U.S. customers data is secured and stored only on protected computers located in the United States,” Los Angeles County DA’s Office found the following:

“…Konnech employees, known and unknown, sent personal identifying data of Los Angeles County election workers and to third-party developers who helped with Konnech’s internal software ‘PollChief.’

The personal information of US election workers was deliberately sent to China, not out of the country. This is possible in violation of the anti-independent contracting AB5 state law.

As many suspected, Chinese “contractors”, code for CCP operatives, have full access not only to the personal identifying data of Los Angeles County election workers (emphasis mine).

This is more than a security problem. We know that it occurred through August 2022 at the most. The City of Minneapolis initially denied that Konnech had compromised the personal identifying information of its poll workers, but officials may reconsider that statement after the above.

PollChief software also provides the ability to manage “election workers” and vote.
Locations (including Vote Centres, Drop Boxes and Check-in Centers),” which means that election officials can use this software to assign employees to collect ballots from drop boxes, deliver them to the offices, and it uses GPS and location data to locate the closest employee to the drop box. It also tracks their location for chain of custody purposes. It is possible, however, that the app could be used for ballot harvesting or delivery purposes, as others have suggested.

Coincidentally Yu was also detained and a search warrant executed. Mr. Nabergoi also sent Konnech employees an email informing them about a slight modification in the procedure.

Luis Nabergoi (project manager for Konnech’s contract with County of Los Angeles) sent an email to Konnech employees on October 4, 2022. He stated that Konnech was “moving into a new stage of company maturity” and that security privacy and confidentiality of client data …” Nabergoi also stated that personal identifying information would not be used in fixing Konnech’s PollChief software.

What is being “fixed?” What is the purpose of any information being sent directly to China? Why is George Gascon’s office investigating this? Why aren’t federal agencies involved? This is not just for Los Angeles County; Konnech’s PollChief software can be used all over the country.

Although many jurisdictions have ended their contracts with PollChief and Konnech, the decision to deal with this data breach should be made by each jurisdiction. It is imperative that this software be removed from all official and unofficial use within the United States.