Slashdot Mirror

← Back to Stories (view on slashdot.org)

Diebold Issues Cease and Desist to Indymedia

Posted by michael on from the speak-no-evil dept.

h0mee writes "Diebold, manufacturer of election equipment, has issued a Cease and desist notice to the upstream provider of San Francisco Indymedia for having links to mirrors of a leaked internal diebold memo. More than just a case of a leak, Diebold has been raising a lot of questions about the fairness and security of elections in the United States. (Perhaps it's time for peer reviewable software like gnu.free? ;)"

10 of 421 comments (clear)

  1. Support Indymedia! by quigonn · · Score: 4, Interesting

    Indymedia is a very important platform in the current world where most people are influenced by mass media. So, support them by giving them webspace outside of the USA, so that they will be able to continue exercising their right to free speech!

    --
    A monkey is doing the real work for me.
  2. Simple System by sjlutz · · Score: 2, Interesting

    How about just an electronic voting system that has redundancy. Example:
    1) User votes for who they want to and it is recorded
    2) Machine prints out card with users vote
    3) Card is checked by user for accuracy
    4) Card is then re-inserted into machine to generate the backup tally.

    If the tallies from 1 and 4 don't match, the cards are "certified" and then rerun.

    1. Re:Simple System by ca1v1n · · Score: 2, Interesting

      I am reminded of an old adage, paraphrased here because I cannot find the exact text. "When headed to sea, take 1 compass or 3, but never 2."

      To make matters worse, having a card printed out allows for chain voting. This is a scheme in which one voter sneaks their card out of the polling place, shows it to someone who pays them for their vote, and hands it to the next person who drops it in after they're done voting, and brings their card to get paid, and so it goes and so it goes. The first person can sneak it out rather trivially, because even if they're required to dump a card in a box, they can dump in a dummy card. No one can check their card for anonymity reasons. If you have some method of "holding" a vote until a card with some identifier is dropped in (and cancelling it if it's not soon, to avoid chain voting) then someone who screws up will have their vote cancelled and no way of getting to try again, unless those holds are associated with identity, in which case anonymity is violated. Letting voters screw up has already been established to be an unfair disenfranchisement.

      Brazil uses electronic voting machines that cost a small fraction of what Diebold is selling, display photos of the candidates (critical for the illiterate), have batteries that can last them all day(for elections deep in the amazon where poewr is not), and were developed by two of their top research institutions in an open fashion. They used paper receipts at first, but after some chain voting scams were uncovered, they did away with them, deciding that the machines were trustworthy enough and reliable enough that it was a gain overall.

      Did I mention that these machines cost a small fraction of the Diebold machines?

      --
      WARNING: there is a trojan on your
  3. Re:Open Sofware Not The Only Solution by ichimunki · · Score: 2, Interesting

    True, a GPL'd solution could do this as well, but when we start saying that no commercial product will work, we start to look like zealots who's primary goal is to get Free Software out everywhere.

    There is no conflict between Free Software and commercial products. In fact, it's very likely that any Free Software-based voting system would be a commercial product. The point here is that voting machines are a major component in the engine of democracy and that there is absolutely no reason why they should contain secret code or mechanics. Further, it's a horrible idea from a practical standpoint to allow a single vendor to have this sort of lock on that market. Just wait 'til Diebold has sold these machines to pretty much every precinct and then the machines start to require repairs. Can't wait to see those bills myself!

    --
    I do not have a signature
  4. Re: Diebold machines by blibbleblobble · · Score: 4, Interesting
    Quote from the leaked email
    "It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

    Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor.

    There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever."

    Oh come on! It's as if the last 30 years of cryptographic knowledge never happened. Of course it's possible to digitally sign electronic data, and nobody with a clue about electronic voting would even consider not doing it.

    These people are supplying voting machines, and they don't even know how to create tamper-evident databases? They even have the gall to assume their competitors are using the same simpleton technology as they are.

    I suggest that anyone involved with these systems read Peter Wayner's Translucent Databases for a primer on how databases can be made secure, even against those who know the root password. [not that Diebold machines seem to have a root password]

    For further reading, Diebold might want to read some of Bruce Schnier's books, which are an interesting read on what can be done with cryptography, and what are its limitations. They might even consider hiring a competant expert, e.g. some of Schneier's peers.

    p.s. I claim the quote above as fair use, under english copyright law.
  5. Let's put the patriot act to good use... by Genda · · Score: 2, Interesting

    Inform Diebold that vote tampering will now be considered a form of terrorism and treason... punishable with sanctions up to and including the extreme and permanently extreme.

    Add further that experts in technology from each of the parties represented in the election (including itty-bitty parties), will be appraising the results and the process by which votes have been counted.

    Let them know that fraud will result in harsh and immediate reprisals against the company and more importantly it's CEO and Board.

    Since screwing with the future integrity of our country and it's government doesn't apparently seem to bother them, maybe the threat of "parting them out" to an organ/tissue distribution center (so that the slimy buggers might actually serve a worthwhile purpose) would result in behavior vaguely resembling honorable and trustworthy.

    If you want to make voter fraud unthinkable, just make the penalty for voter faud unthinkable.

    Genda Bendte

  6. Things to do by Animats · · Score: 2, Interesting

    Print out the site. Send it to your Congressman. Ask that it be added to the Congressional Record as an "extension of remarks".

  7. Re: Diebold machines by budgenator · · Score: 2, Interesting

    Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

    Oh really is the above aluding to :
    A. election-fraud.
    B. just plain bad software from Diebold.
    C. piss-poor administration by some local-yocal election officials
    D. All of the above

    --
    Apocalypse Cancelled, Sorry, No Ticket Refunds
  8. Election theft - not a crime any more? by Anonymous Coward · · Score: 1, Interesting

    These guys are acting like stealing an election isn't a crime any more - maybe because they were so successful in the last US presidential election?

    I understand from previous articles that the CEO of Diebold has publicly sworn to do whatever it takes to deliver Ohio's electorial votes to Commandante W in the 2004 election. And American voters must depend upon UnderFuerher Ashcroft for the enforcement of the election laws that Diebold has admitted breaking in their own memos.

    So they make war at their own whimsey (or personal grudge, more like), imprison without counsel those who disagree with their bloody deeds and hands, and their voting public elects a muscle-builder actor as provincal governor of the largest and most important state!

    The world is in for times as hard as the 1930s and 40s in the very near future, only the sides seem to have changed for this round...

    I'm old and sick, but I fear for my children and grandchildren.

  9. The real thing is 1.8 gigs -- here's more info by BevHarris · · Score: 2, Interesting
    The original file with the memos is 1.8 gigs and contains a lot of information not in the memo stash at IndyMedia, including dozens of actual vote databases and a gigantic directory called Bugzilla. Here's information from Black Box Voting, Chapter 9

    Rob: "And then when we loaded the software to fix that, the machines were still acting ridiculous. I was saying, 'This is not good! We need some people that know what this stuff is supposed to do, from McKinney, NOW! These machines, nobody knows what they're doing but Diebold, you need some people to fix them that know what's going on. They finally brought in guys, they ended up bringing in about 4 people...

    You'd think that with such troubles, someone might follow standard company procedure and write up a bug report.

    "All bugs ever reported have bug numbers," wrote Ken Clark in a memo dated Jan. 10, 2003, pointing out that the whole collection can be found in "Bugzilla." So I went looking for Bugzilla reports from Georgia. My goodness. They weren't there.

    Bugzilla report numbers 1150-2150 correspond with June-Oct. 2002, but although hundreds of these bug numbers are mentioned in memos and release notes, I only found 75 Bugzilla reports for this time period, and none from Georgia. Strange. I was looking forward to reading the explanations about how computers can get up in the morning and announce that they have no brain [mentioned on an earlier page]. Aha -- Here's a memo about missing Bugzilla files: It's dated 8 Jul 2002, from principal engineer Ken Clark.

    Subject: bugzilla down, we are working on it. "We suffered a rather catastrophic failure of the Bugzilla database," he writes. He warns that recovery of the bugzilla reports "will be ugly" and adds that "there will be a large number of missing bugs."

    In a follow up note on July 16, Clark says "Some bugs were irrecoverably lost and they will have to be re-found and re-submitted, but overall the loss was relatively minor."

    ...among programmers, system backups are a religion. People are fired for not performing a daily backup. Some programming shops back up every shift. Because backups are critically important, expensive automated tape systems are employed to minimize any data loss. By our estimation, almost a thousand bug reports are missing, including all the Georgia bugs.

    Bev Harris Black Box Voting