LECTI Election Systems Software

Systems Softwa re

 



October 15, 2019

By Email Delivery

McFadden
NBC News

Dear 

Thank you for your recent visit to and for allowing us the opportunity to share with you and your
viewers how our employees work passionately every day to ensure accurate, secure and accessible elections.
During your visit, you requested some additional information, and I am happy to deliver that to you today.

Ownership

is proud to be 100 percent American owned and operated, and we believe that fact is as important to the
voting public as it is to us. As stated during our interview, each person who owns any shares of is an
American citizen.

is a privately held company. Shareholders are limited to members of management and McCarthy
Group. Each employee who owns shares is an American citizen, and each shareholder of McCarthy
Group is either an American citizen or is a trust or limited liability corporation exclusively owned by
American citizens.

and McCarthy Group would welcome NBC choosing an independent auditor to examine ownership to
af?rm that each individual investor is an American citizen. would be happy to incur the cost of this
audit as well, and for NBC to share the results. We are suggesting this approach because McCarthy Group
bylaws prevent it from disclosing individual owner names. Disclosure would require the approval of every
single investor in McCarthy Group. Earlier this year, McCarthy Group disclosed the names of the only two
investors who own more than 5 percent of McCarthy Group. McCarthy Group sought the consent of these two
individual investors at the request of the State of North Carolina, and provided this information to NBC
as well.

McCarthy Group first partnered with the founders of in 1987. This long-term partnership has enabled
to invest continuously in our products, which in the end, help election of?cials run secure and
successful elections. However, management independently directs the operations of No one at
McCarthy Group directs management regarding the company?s operations. board acts as a
governing board, not a working board or a managing board. It operates at arm?s length from daily
operations. The board of directors, which meets quarterly with management, consists of Mike
McCarthy and Matt Breunsbach, both of McCarthy Group, and former CEO Aldo Tesi.

Supply Chain and Manufacturing

inspects and manages its entire supply chain, taking great care to ensure that every component procured
is trusted, tested and veri?able.

First, please know that:

All tabulation software is developed and compiled exclusively in the USA.

All ?nal hardware con?guration and assembly is performed exclusively in the USA.

Next, we?d like to share more details on our supply chain management and security:

has a global supply chain to procure and produce components used in our purpose-built
equipment. Many companies in our supplier network are used by major technology firms as well as the
telecommunications and automotive industries.

Once the hardware components are delivered to Omaha, we perform several important steps including:
0 Final hardware assembly and con?guration

0 Veri?cation that the ?rmware on the ?active? components within the hardware is exactly what
we expect it to be and not altered in any way

0 Final end-to-end QA test

The Federal Election Assistance Commission (EAC) has performed a successful onsite audit of our
overseas manufacturing site.

conducts thorough security reviews of our supply chain including supply chain risk assessments
and on-site visits of our suppliers to ensure that components are trusted, tested and free of malware.

Every unit is individually serialized for complete traceability. We conduct frequent audits and
document proof that we are producing the product-to-design speci?cations.

partners with U.S.-based manufacturing companies who utilize security measures such as
Customs Trade Partnership Against Terrorism (CTPAT) and Authorized Economic Operator (AEO) to
support supply chain security. These manufacturers also use industry-authorized distributors and
quali?ed suppliers for all materials used in the manufacturing of products. This applies
regardless of country of origin. In response to your question regarding any items that originate from
China, please note that some components (such as surface mount capacitors, resistors, inductors and
?xed logic devices) may be sourced from China-based manufacturers.

Our machine components are produced in ISO-9001 manufacturing facilities and the entire voting
system is managed by a secure engineering change order control process. Any changes to the voting
system follow a formal closed-loop process, and must be internally and externally reviewed, veri?ed,
tested and approved before they can be incorporated.

products are EAC-certi?ed and are built in accordance with federal standards, including
National Institute of Technology (NIST) security protocols and standards and the Center for Internet
Security (CIS) Critical Security Controls.

systems are tested by independent, federally accredited, laboratories. In addition, this year
submitted our end-to-end voting system to the Idaho National Labs (INL) for extensive
penetration testing. Any suggestions the INL makes for improvement will be incorporated into future
voting system releases.

As standard practice at each hardware and software release undergoes thousands of hours of
performance and security testing, which includes running millions of test ballots. Following this extensive
internal testing, provides a complete voting system to the federal testing laboratories for their testing in
accordance with a test plan approved by the EAC. We also provide the federal testing laboratories with both
hardware and software bill of materials, so they can also test the completeness and accuracy of the components
in use.

 

In addition to these stringent quality controls, is participating in discussions with the Department of
Homeland Security?s National Risk Management Center (N RMC), NIST and CIS regarding the development
of guidelines and best practices to ensure that we stay on top of managing new or emerging risks associated
with supply chain components.

Hardened, secure election systems

Elections systems across the country adhere to a high level of security standards, and chief among them is the
requirement that certi?ed systems are not connected to the internet. Please see the attached for more
detailed information about how election systems are protected for those jurisdictions that elect to modem
unof?cial election results. To take a quote directly from Robert Graham, CEO of Errata Security, who was
quoted in the Motherboard article we discussed during your visit, ?If they did everything correctly [with the
systems] as they say they do, there is no danger. These are all secure technologies that if [configured]
correctly work just fine.?

Collaboration for the future

has taken numerous steps over the last four years to strengthen our nation's voting systems. We work
closely with federal, state and local authorities, and have formed strategic partnerships with DHS, the Elections
Infrastructure Information Sharing and Analysis Center and the Information Technology
Information Sharing and Analysis Center (IT-ISAC) to take advantage of the signi?cant cyber threat sharing
channels these groups support.

We also hold frequent meetings on Capitol Hill to share facts with Congress about the secure operation of
elections systems. We have asked Congress to pass legislation that mandates the use of paper ballots, the
conduct of post-election audits, and the adoption of more formal and programmatic security testing for voting
systems. For your reference, I have attached an op-ed penned by our CEO, as well as our comprehensive
response to questions posed to us earlier this year by four ranking US. Senators, which address the many in-
depth measures we have taken to bolster election security.

takes our role in democracy very seriously. It?s why during each general election, nearly 600 
support personnel fan out to jurisdictions across the US. to support elections nationwide. But better elections
don?t mean dedication only during a general election. We constantly work to provide better elections every
day. Confidence in elections is the bedrock of US. democracy, and we are proud to do our part in ensuring that
every eligible vote was counted as cast.

Yours truly,

oil??. ?(ll/JV
Kathy Rogers, Sr. ice President of Government Relations
Election Systems Software