Election Software CEO Arrested Over Suspected Poll Worker Data Theft

Election Software CEO Arrested Over Suspected Poll Worker Data Theft

The founder and CEO of Konnech, a company at the centre of many 2020 election denier conspiracy theories, was arrested on Tuesday under suspicion of data theft. Specifically, Eugene Yu is accused of storing Los Angeles County poll worker information on servers in China, in violation of Konnech’s contract with the county, according to a press statement from the LA County District Attorney’s Office. The story was first reported by The New York Times.

Yu was arrested in Michigan, where he lives, the statement said. The LA DA’s office wrote that it is “seeking [his] extradition to Los Angeles.” On top of the executive’s arrest, investigators also seized “hard drives and other digital evidence.”

Konnech is a small company that distributes PollChief, an election worker management software, to multiple municipalities around the U.S., including Los Angeles. The software helps to schedule and organise poll staffing. According to the company’s website, they have 32 clients in North America, the first of which was the City of Detroit. PollChief is also used in Allen County, Indiana, and Dekalb County, Georgia, according to an Oct. 3 report from the New York Times.

That article outlined how unfounded conspiracy theories alleging Konnech’s ties to the Chinese Communist Party have spread widely among election deniers. These theorists often “support” their claims simply by pointing out the ethnic background and national origin of some of the company’s 21 employees, and CEO Yu.

From the Times:

Using threadbare evidence, or none at all, the group suggested that a small American election software company, Konnech, had secret ties to the Chinese Communist Party and had given the Chinese government backdoor access to personal data about two million poll workers in the United States, according to online accounts from several people at the conference.

Konnech has denied any mishandling of information, and a spokesperson told the Times that all of its U.S. data is stored on domestic servers and that it has records on fewer than 240,000 poll workers. However, one day after the online publication of the Times’ story, Yu was arrested. Konnech did not immediately respond to Gizmodo’s request for comment.

In a statement to The Washington Post, the company wrote, “We are continuing to ascertain the details of what we believe to be Mr. Yu’s wrongful detention by LA County authorities.” The company further said that “any LA County poll worker data that Konnech may have possessed was provided to it by LA County, and therefore could not have been ‘stolen’ as suggested.”

In September, Konnech sued election denier group True the Vote for alleged defamation and the company was granted an emergency temporary restraining order by a judge in the case, according to the Times.

Worth noting: Regardless of whether or not some of Konnech’s data was stored on servers in China, LA County said that would’ve had no bearing on election results or vote counts. Though the DA’s office didn’t exactly specify what information was stored improperly.

“This investigation is concerned solely with the personal identifying information of election workers. In this case, the alleged conduct had no impact on the tabulation of votes and did not alter election results,” the county’s news statement said. “But security in all aspects of any election is essential so that we all have full faith in the integrity of the election process.”

“I want to thank my prosecutors and investigators for their commitment to eliminating cyber intrusions against government entities and local businesses,” LA District Attorney George Gascón said in the statement. “Data breaches are an ongoing threat to our digital way of life. When we entrust a company to hold our confidential data, they must be willing and able to protect our personal identifying information from theft. Otherwise, we are all victims.”

Yet the alleged data breach here is much smaller than the ransomware attack that hit LA’s Unified School District last month. Earlier this week, 500 GB of potentially sensitive data from the district was posted online. No arrests have been made in that case yet.