cananian

It's fair to say I'm not a big fan of Diebold -- even before they sent me a cease-and-desist letter over my small part in exposing some of their illegal practices (for example, using uncertified voting machines for an election). Anyway here's their latest lunacy: Massachusetts (ie, Sec. State William Galvin) wisely decided to avoid Diebold when purchasing new machines to comply with the accessibility requirements in the Help America Vote Act (HAVA)... and in response Diebold sued the state. Here's some coverage:

• Voting device pact at issue (Boston Globe)
• Firm sues Mass. over contract for voting machines for disabled (AP, by way of the Boston Herald)
• And even that paragon of journalism, Slashdot: Diebold Sues Massachusetts for "Wrongful Purchase"

The best bit of the articles, to my mind, is this:

Galvin called the lawsuit "frivolous" and "sour grapes on the part of Diebold."

"We've gone through an exhaustive process consulting with the disabled community to find out what's best for them," Galvin told The Associated Press. "We certainly don't feel like we have an obligation to help (Diebold) market their equipment."

I'd have said "a company guilty of breaking election laws" instead of "Diebold", and "insecure and buggy equipment which threatens the bedrock of our democracy" instead of plain "equipment", but I think Sec. Galvin and I are on the same page here.

Incidentally, the AP article massacres the reasons why the AutoMARK was chosen, but it's a very good choice from a technical standpoint: it's a disabled-voter-friendly touchscreen machine that emits a bog-standard optical-scan ballot, so the standard election procedures and auditability of optical scan technology are uncompromised. Further, it integrates well with existing systems, so it's cost-effective to boot. In the past I've felt that Sec. State Galvin was not doing all he could to safeguard Massachusetts elections, but good decisions like these are slowly winning me over.

"Security aside, we are better than on track," she said at a news conference, detailing the technical steps that had been taken.

The big news: California Bans E-Vote Machines. All touchscreen machines, not just the Diebold TSx. This is incredibly positive news. Some more links:

• Panel to examine vulnerability of e-voting
• E-Vote Problems Overwhelm Feds

California's Voting Systems Panel has just voted unanimously that the Diebold TSx paperless electronic voting system be decertified for use in California. Although the final decision is up to California Secretary of State Kevin Shelley, he is expected to follow the recommendation of the board before April 30, 2004.

The Voting Systems Panel did not recommend against continued use of the Diebold TS electronic voting machines or use of optical-scan voting machines. The GEMs software is also not affected by this decision.

This is good news, but does not (yet) go far enough: the TS machines must work correctly and the GEMS centralized vote-couting software must count properly if the overall election is to be accurate. Either (much!) tougher standards (the current standards are, according to Diebold's lawyers, unenforceable) or else mandatory voter-verified ballots (and spot checks) are needed, in California and the nation at large.

Attorneys for Diebold Election Systems Inc. warned in late November that its use of uncertified vote-counting software in Alameda County violated California election law and broke its $12.7 million contract with Alameda County. ... [They realized Diebold] also faced a threat of criminal charges and exile from California elections.

Yet despite warnings ... Diebold continued fielding poorly tested, faulty software and hardware in at least two of California's largest urban counties during the Super Tuesday primary, when e-voting temporarily broke down and voters were turned away at the polls.

Other documentation obtained by the Tribune shows that the latest approved versions of Diebold's vote-counting software in this state cast doubt on the firm's claims elsewhere that it has fixed multiple security vulnerabilities unearthed in the last year. ...

"Diebold may suffer from gross incompetence, gross negligence. I don't know whether there's any malevolence involved," said a senior California elections official who spoke on condition of anonymity. "I don't know why they've acted the way they've acted and the way they're continuing to act. Notwithstanding their rhetoric, they have not learned any lessons in terms of dealing with this secretary (of state)."

I'm, honestly, extremely surprised by this. Since Diebold's software began to get scrutiny, I've heard nothing but assurances from Diebold that all these problems were either fixed before deployment or fixed now and not present in current election machines. From all appearances they were learning from their mistakes.

We now know they were just lying.

Further, at every e-voting panel or discussion, I hear proponents claim that "testing" is the answer to any and all vulnerabilities. "Certification" is the magic word used to reassure us that "not just any" software can be slapped into voting machines.

From the article: "The memos reflect an argument that the regulations by which California approves voting equipment for elections may never have been properly codified and are unenforceable." In other words, even as they were claiming "certification" was responsible for the safety of the machines, they internally were ignoring certification requirements based on legal advice that they were unenforceable.

AT THE VERY LEAST, let's make certification stringent! Push your congresspeople to fund the NIST-certification portions of the Help America Vote Act (see blog entry below). If we can't have real improvements, like mandatory voter-verifiable ballots, at least let us give teeth to the testing and certification process. At present it's the very worst form of security: a dog-and-pony show that reassures people and takes them off their guard without providing a single bit of actual security.

I spent yesterday observing voting in Arlington's 1st, 5th, 9th, 13th, and 15th precincts, which use Diebold optical scan machines and paper ballots. I'll post a full report in a few days.

Details on this from Lawrence Lessig, Ed Felten, and Joe Hall, who also points out how the memo contents have been used so far to reform California's election law.

And today's death penalty update: the FBI allowed known innocents to be put to death to protect secret informants in Boston. [In an update to an earlier entry in this blog, the FBI has said that it's the "training camps" for anti-war protestors that worry it to the point of infiltrating constitutionally-protected demonstrations. Next up: investigating those suspicious "spring training camps" of baseball players. After all --- some of them are from Cuba!] [More FBI misdeeds: the Judi Bari case.]

Back to Diebold: Dennis Kucinich has requested that the House Judiciary Committee investigate Diebold's abuse of the DMCA to suppress its memos. And, in the historical-offenses drawer: security problems with Diebold ATMs.

"What the F.B.I. regards as potential terrorism," Mr. Romero of the A.C.L.U. said, "strikes me as civil disobedience."

On the other hand, California's secretary of state has announced that they will be requiring a voter-verified paper trail on all electronic voting machines by 2006. More details from Ed Felton, Wired news, and the LA Times. And Dennis Kucinich has now joined the Diebold protest. It's nice to say that a US Representative and presidential candidate agrees that Diebold's cease-and-desist letter to me was over the line.

The RISKS forum has a collection of articles on voting machines in digest 23.01, 23.02, and 23.03: Grant Parish, Louisiana has an absentee ballot mixup in a close race, WinVote machines not counting one in a hundred votes (exactly what you'd expect from sophisticated ballot fraud; WinVote is run by former Diebold principals), also replaced machines in that election (earlier article) (Fairfax County, VA); the Boone County, IN overvote (MicroVote machines); a surprising risk even of voter-verified machines (Vote-Trakker machines, Southington, CT); two articles on the uncertified Diebold machines in Alameda County CA (earlier); risks of lever machines; incorrect instructions given on touchscreen machines in Pleasanton, CA; Irish Labour Party demands e-voting be suspended; and the Electronic Privacy Information Center's alert on the Congressional Research Service's report on Electronic Voting.

EPIC is also one of the sponsors of the conference, titled "Claim Democracy: Securing, Enhancing and Exercising the Power of the Right to Vote". It's in Washington, D.C. on the weekend of November 22-23.

In university round-up, we've got articles on the Diebold files from MIT (this article was on the front page of the student paper and brought me quite a bit of notoriety), Duke, UC Berkeley, and Harvard.

Gore Vidal weighs in on voting machines (scroll down).

I was also mentioned in the Washington Post on Thursday.

The EFF has archives of the Online Policy Group v. Diebold case; you should read especially their application for an injunction against Diebold.

Finally, my cease-and-desist letter from Diebold is now up on chillingeffects.org.

Kyle said the state would inventory the systems of other vendors and other counties once the Diebold investigation was complete. The state will also begin requiring all counties to maintain and submit logs of the hardware, firmware and software versions they use.

Starting in 2004, the state will also conduct random audits of voting systems to ensure that all software and hardware is certified. And in the future, the state will require CEOs of vendors to affirm under penalty of perjury that the company will not change systems without obtaining written approval from the secretary of state. Failure to do so may result in de-certification and possible criminal charges, Kyle said.

A company found violating election laws or regulations, he said, could be disbarred from certifying new equipment with the state for one year.

Kyle said the secretary of state would be announcing further proposals regarding e-voting in the near future.

It's widely believed by voting machine makers that Secretary of State Shelley, who has previously stated his preference for electronic voting machines to offer a voter-verifiable receipt with their machines, may announce plans within a week or so to require this on voting machines used in the state.

A voter receipt would allow voters to verify that their ballot has been cast correctly before depositing the receipt into a secure ballot box to be used in case of a recount.

Joseph Holder writes more about the serious security problems found with the Diebold Alameda installation. He also speculates that we might be seeing the true explanation for the -16,022 Gore votes in the 2000 Presidential election, originally speculated to be due to an unauthorized "second memory card".

As a patriotic American, I felt that people needed to know and that I had a duty to tell them about (the Diebold election system problems.) People need to see the primary documents to convince themselves that this stuff is real.

In other election-related news, Diebold misprogrammed voting machines in Macon, GA, causing them to miscount votes for write-in candidates. Further, elections were held in Alameda Country, CA on uncertified voting machines.

Howard T. Van Pelt, who was invloved in the management of two of the most successful election equipment companies in the industry's history (Computer Elections Systems [CES] and Global Elections Systems [Global], a company he co-founded) became president and chief executive officer in June 2001. [...] Most in the organization, particularly the senior management team, have had a multiplicity of experiences in delivering and implementing voting systems to most of the largest election juristictions in the Unitied States over the years. Their systems experienced includes punch cards (CES Votomatic), optical scan (Global Election Systems' [now Deibold Election Systems] AccuVote) and DRE (Global Election Systems' [now Deibold Election Systems] AccuVaote-TS).

And speaking of confidence, CNN has picked up on Diebold's certification troubles in California. Slowly this is working its way up through the media food-chain.

The segment I'm on (about electronic voting machines) starts 16 minutes in; and I am introduced around the 30 minute mark. Be sure to listen to David Dill and Dan Tokaji take questions from callers after the host bids me adieu (at 35 minutes in), as they both applaud the Diebold memo-mirroring effort.

The EFF has put out an Action Alert asking you to write your representative to support the "Voter Confidence and Increased Accessibility Act of 2003", which I've written about before. I wrote a letter to my Representative outlining some of the reasons this legislation is important. The EFF page makes writing and sending the letter easy --- please do this! Let's keep the Diebold fiasco from ever occurring again.

Judge Fogel did not immediately grant a temporary restraining order today to prevent Diebold from issuing more cease-and-desist notices, but did set an accelerated schedule to hear the EFF's countersuit against Diebold. November 17th (two weeks time) is the new court date. The Judge's order is online. An Associated Press article and a C|Net article about the EFF's countersuit.

In the "good news" department: California has halted certification of new Diebold machines after discovering that uncertified software may have been used in Alameda county. Note that the Diebold memos directly support this allegation, for example in a memo from Rodney Turner on August 31, 2000:

Hi Jeff, I have completed the computer for LA and Alameda. The computer for LA has GEMS 1-16-9 and the AVTS units have 3-13-1-4. The computer for Alameda has GEMS 1-16-10 and GEMS 1-16-9 ( there is a short-cut on the desktop for GEMS 1-16-9) the AVTS units have 3-13-1-4.

It's a Very Good Thing that the California Secretary of State has woken up and is starting to look into this. I'd recommend subpoena'ing the "authentic" copies of these memos from Diebold straight away. That's one of the nice powers you have in a criminal case.

Why on earth should (voters) have to trust me -- someone with a vested interest in the project's success? A voter-verified audit trail is the only way to 'prove' the system's integrity to the vast majority of electors, who after all, own the democracy.

I couldn't have put it better.

And as for Diebold? He says:

The only possible motive I can see for disabling some of the security mechanisms and features in their system is to be able to rig elections. It is, at best, bad programming; at worst, the system has been designed to rig an election.

As my contribution to democracy, today I sent my DMCA counterclaim to MIT, asserting my right to replace the Diebold memos on this website. Hopefully reinstatement will follow shortly.

Tomorrow (Election Day!) the EFF will seek a court order to "prevent abusive copyright claims from silencing public debate about voting, the very foundation of our democratic process."

And tomorrow evening David Dill and I will be on WBUR's On Point program sometime between 7 and 9pm EST. WBUR is Boston's local NPR station; I think the program is syndicated nationally, but your local NPR station may or may not pick it up. 90.9 FM for Boston folk. You can stream it on the internet everywhere else.

The RIAA filed 80 more lawsuits yesterday. And the SCO group has begun to infringe my copyrights on portions of the Linux kernel. In other news, I recently granted copyright for my original PPTP-linux client to the FSF, so they can prosecute other copyright infringement of my code. I also signed over my contributions to GNU Classpath and GNU libc. [The FSF's copyright assignment legalese is actually incredibly safe and friendly: they even allow you to reclaim your copyright if you eventually decide you'd rather resell the code or somesuch. Of course, the rights you've provided under the GPL persist, but it does allow you to go back and resell non-GPL'ed versions of the code if you like.]

I drafted a DMCA counternotice to MIT's Copyright Agent in response to Diebold's cease-and-desist letter. I'm getting it looked over by smart people right now =) and will post it when it is finalized. In the meantime, you may be interested in my advice on filing a DMCA counter-notice.

Steven Levy has an article on Diebold in the Nov 3 issue of Newsweek, and Tom Tomorrow has a great halloween costume suggestion. Dan Gillmor wrote about the Diebold activism in his Mercury News column today (second half of article).

Finally, I'm indebted to Jean-Marc Valin for an excellent suggestion.

Elsewhere, Wired News has another article about the "E-Vote Protest".

I'm still looking for more definitive legal reference, but here is the "layman's" version of the relevant argument. Glantz received an anonymous package of internal tobacco company documents and published them. Then, as described in the profile above:

When Brown & Williamson filed suit to force the return of the documents in February 1995, the stage was set for a First Amendment fight. Suddenly, the very freedom of a researcher and a university to disseminate information was on the line. "Basically, they were trying to keep books out of the library, and universities are here to spread information, not suppress it," Glantz says. He was summoned to a meeting at the university counsel's office, across Parnassus Avenue, which runs through the UCSF campus. "I was riding the elevator down and I was thinking, 'Time to walk the plank. They're going to toss me overboard.'"

[...]

But saying they'd rather fight than quit, the UC administrators backed Glantz. The university lawyers argued that the documents were a legitimate subject of study and that they were already public records because they had been written about so extensively in the New York Times and elsewhere. In June 1995, the California Supreme Court ruled in the university's favor. To spare strain on the library, the university published them on the Internet and sold copies on CD-ROM.

In the case of the Diebold memos, these documents have been extensively published on the web (see citations at http://www.why-war.com/features/2003/10/diebold.html) and elsewhere, including a book and at least one widely-syndicated AP article. More coverage will surely follow. I think the precedent holds.

As a temporary measure, I've taken down direct links to the lists.tgz archive. The BitTorrent tracker is still up, at http://cscott.net/Activism/lists.tgz.torrent --- this is not a hyperlink because of some braindead legal precedent in the 2600 DeCSS case. The torrent file will still work, although no actual content is hosted at cscott.net. Magic! [BitTorrent peers are still very welcome, though: everyone who downloads the file and leaves bittorrent running can contribute to ensuring this content remains available at this link. Let me know if you decide to help out this way.]

My pgp/gpg key is available at pgp.mit.edu; email me if you're interested in helping maintain this mirror.

Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

Then, bear in mind that GEMS programs 1.11.14 and 1.17.17 are certified -- and check out how many times they are installing 1.14.xx and 1.15.xx series and using them in elections! (Totally illegal: what this means is the software used in these elections was never looked at by ANYONE except a handful of programmers in Canada.) Pretty much throws the whole certification and testing argument out the window.

"I need some answers! Our department is being audited by the County. I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16022 when it was uploaded. Will someone please explain this so that I have the information to give the auditor instead of standing here "looking dumb"." [source]

"Johnson County, KS will be doing Central Count for their mail in ballots. They will also be processing these ballots in advance of the closing of polls on election day. They would like to log into the Audit Log an entry for Previewing any Election Total Reports. They need this, to prove to the media, as well as, any candidates & lawyers, that they did not view or print any Election Results before the Polls closed. However, if there is a way that we can disable the reporting functionality, that would be even better." [source] (emphasis added)

There is also some existing evidence that Diebold machines may have been skimming votes in the California recall election; someone with a better grasp of statistics ought to run this through a proper analysis.

VerifiedVoting.org has information about how you can help the "Voting Confidence Act" (HR2239) get passed. Let's make sure the shenanigans stop.

Concurrent with this glimpse of light, however, is a reminder that we are losing our right to peaceably assemble and our free speech rights as well. (Voting machine manufacturer Diebold is in on the free speech suppression too.) Read and be enlightened.

Some more troublesome stories: the California recall vote was performed on machines with serious known flaws. Elsewhere, an audit by the state of Maryland found several security problems with the Diebold machines they were planning to purchase... so they went ahead and bought them anyway. And timestamped files from a previous California election show that votes were downloaded off the machines before the polling place closed. What possible legitimate reason could there be for that?

Need I mention that Diebold executives are generous political donors? (Thanks to frankie on slashdot for that pointer.)

Have you heard about any of this before? Why isn't this getting mainstream news coverage?