A gaping hole in US election security seems to be that foreign investors can purchase companies charged with providing voter registration software and other election-related services. And nobody seemed to be aware of this — or care enough to do something — until now.
A months-long WhoWhatWhy investigation into Russian ties to Maryland’s election administration seems to have raised alarm bells in Congress. Maryland Democratic Senators Chris Van Hollen and Ben Cardin have joined Maine Republican Senator Susan Collins in sponsoring a bill to ban foreign control of election vendors.
The legislation would address gaps in federal law that made it possible for Russians to hold major investments in companies which service elections in the US. If passed, the Protect Our Elections Act would require states to ensure that election-service providers are owned and controlled domestically.
“We cannot allow Russia or any other foreign adversaries to own our election systems,” Van Hollen said of the proposed bill. “This isn’t just a hypothetical issue.”
How is it that a foreign adversary — like Russia — could get this close to a US election system?
Van Hollen should know. His action was triggered in part by a troubling story from his own state that has also been the subject of an ongoing WhoWhatWhy investigation.
In July, the FBI notified Maryland’s State Board of Elections (SBE) that a vendor supplying services to the SBE through a contract with the state’s Department of Technology had been acquired — three years ago — by a company whose primary investor has Russian ties.
SBE deputy election administrator Nikki Charleson told WhoWhatWhy that the agency was aware of the 2015 acquisition. However, until July, no one — not even SBE— knew that the investor was foreign, let alone Russian.
The new legislation proposed in the Senate would impose fines up to $10,000 on domestic companies that serve US election systems and fail to disclose connections to foreign nationals that involve control or ownership.
WhoWhatWhy has been asking state and federal agencies for months: How is it that a foreign adversary — like Russia — could get this close to a US election system? And how can this be avoided in the future?
Not a single agency contacted by WhoWhatWhy could give satisfactory answers to these questions.
What the FBI Learned
Here’s what the FBI discovered in July:
In 2015, ByteGrid Holdings, LLC, purchased Sidus BioData, the company originally hired to manage voter registration software for Maryland’s State Board of Elections. What officials did not know at the time was that ByteGrid’s main investor, AltPoint Capital Partners, is largely funded by a close ally of Russian President Vladimir Putin, a billionaire oligarch by the name of Vladimir Potanin.
AltPoint’s founder and managing partner also has a Russian connection. Russian-born Guerman Aliev changed his name to Gerald T. Banks and is now an American citizen. Banks’s company is the main investor behind ByteGrid, which hosts Maryland’s voter registration, candidacy and election management systems, as well as its unofficial election-night-results website. ByteGrid also owns and manages two data centers where voter information is stored.
At the time, FBI reassured lawmakers that there had been no breach in the security of election systems.
Following the FBI’s July announcement, Maryland legislators asked the Maryland state’s attorney general to investigate. The state agency says it does not confirm nor deny its investigations.
Senators Van Hollen and Cardin then asked the Committee on Foreign Investment in the United States (CFIUS) to intervene. This high-level interagency committee has the authority to both review foreign transactions for national security implications and investigate such matters. But CFIUS has not concluded its investigation, nor will it even confirm that one is underway.
In a statement to WhoWhatWhy, a Treasury Department spokesperson for CFIUS said, “By law, information filed with CFIUS may not be disclosed by CFIUS to the public. Accordingly, the Department does not comment on information relating to specific CFIUS cases, including whether or not certain parties have filed notices for review.”
A CIFUS spokesperson also declined to state whether current federal laws bar foreign-backed companies from being involved in US elections.
‘All-American Management Team’ Funded by Russian Oligarch
WhoWhatWhy asked Annie Eissler, ByteGrid’s chief marketing officer, whether the company was required to inform the SBE of its foreign investor.
Without answering the question, Eissler stated that ByteGrid is a “US-based compliant hosting solutions company, led by an all-American management team, using the latest technology and security to support the needs of organizations in a variety of sectors.”
At the time ByteGrid purchased Sidus, Russian nationals had already begun interfering in US elections. And on the same day the FBI announced the Russian tie to Maryland’s election system, 12 Russian intelligence officers were indicted by the Department of Justice for infiltrating the computers of Hillary Clinton’s campaign headquarters and the Democratic National Committee and Democratic Congressional Campaign Committee during the close race against Donald Trump.
The 12 men were charged with stealing user names and password credentials that allowed them to hack into the computer systems and harvest tens of thousands of messages and documents. These hacked emails were later leaked piecemeal to the media, generating thousands of negative stories in the crucial weeks prior to the election.
Two members of Maryland’s delegation to the US House of Representatives, Democrats Jamie Raskin and Dutch Ruppersberger, are sponsoring legislation that mirrors the Senate bill’s intent: to secure US elections from foreign interference.
“It is critical that our election infrastructure can be trusted when citizens walk into the ballot box and participate in our sacred system of democracy,” Ruppersberger told WhoWhatWhy. “We must ensure that foreign adversaries and their bearers cannot corrupt this process.”