The expansion by Amazon Web Services into state and local elections has quietly gathered pace since the 2016 U.S. presidential vote. More than 40 states now use one or more of Amazon's election offerings, according to a presentation given by an Amazon executive this year and seen by Reuters.
So do America's two main political parties, the Democratic presidential candidate Joe Biden and the U.S. federal body charged with administering and enforcing federal campaign finance laws.
While it does not handle voting on election day, AWS - along with a broad network of partners - now runs state and county election websites, stores voter registration rolls and ballot data, facilitates overseas voting by military personnel and helps provide live election-night results, according to company documents and interviews.
Voting itself does not happen via Amazon. Voting machines in most states are not connected to any cloud service.
But elections require a raft of other technologies to keep track of voters and provide information. Amazon often works with specialized partners, who actually do the bidding on government contracts and include Amazon as a preferred vendor.
North Carolina chose Amazon Web Services over Microsoft's Azure to deliver election night results reporting because it "was simple to set up (and) very low in cost," the State Board of Elections said. Before it worked with Amazon, North Carolina spent "thousands of dollars" on a similar service. Amazon charged them less than $100 during elections in 2016 and 2018 for the same service, the State Board of Elections said.
One of the main security concerns with election systems involves voter registration data, which Russian hackers breached in at least Arizona and Illinois in 2016, according to the FBI.
Such databases generally include voter ID information such as partial social security numbers, addresses, voting history, party affiliation, whether an early ballot was sent, early primary ballots for independent voters, provisional ballots, and hand-written signatures of voters and absentee ballots, according to an analysis of RFP's (request for proposal) from states looking to move such databases to the cloud.
Vickery, the director at Upguard, uncovered at least three instances where voter data on Amazon's cloud servers was exposed to the internet, which have been reported previously.
For example, in 2017, he found a Republican contractor's database for nearly every registered American voter hosted on AWS exposed on the internet for 12 days. In 2016, he found Mexico's entire voter database on AWS servers was leaked. reut.rs/30J35be
Amazon said the breaches were caused by customer errors, adding that while AWS secures the cloud infrastructure, customers are responsible for security of what goes in the cloud.
