Diebold Issues Cease and Desist to Indymedia

h0mee writes "Diebold, manufacturer of election equipment, has issued a Cease and desist notice to the upstream provider of San Francisco Indymedia for having links to mirrors of a leaked internal diebold memo. More than just a case of a leak, Diebold has been raising a lot of questions about the fairness and security of elections in the United States. (Perhaps it's time for peer reviewable software like gnu.free? ;)"

Only in America

could the goverment actually convice its people that by pressing a button on an ordinary computer you have a democracy

Support Indymedia!

[quigonn]

Indymedia is a very important platform in the current world where most people are influenced by mass media. So, support them by giving them webspace outside of the USA, so that they will be able to continue exercising their right to free speech!

Open Sofware Not The Only Solution

[Little+Brother]

Guys, like always, you're jumping the gun a little bit in favour of Free Software. I do not deny that an open project could be usefull in voting machine technologies, but that is far from the only solution. All that is truly needed is accountability built into the system. If a commercial product created a paper-trail that could appeald to in case of a challenge of the voting results (and the voters could see their vote choice printed) it would solve the major problems the diebold systems were designed to have. True, a GPL'd solution could do this as well, but when we start saying that no commercial product will work, we start to look like zealots who's primary goal is to get Free Software out everywhere. The issue this time isn't free vrs non-free software, it is free vrs. non-free elections: if such is possible this is a more important issue than Free Software proliferation.

Re:Open Sofware Not The Only Solution

[mocm]

GPLed software does not rule out a commercial solution. You can still pay someone for writing the software and since it is linked to the hardware anyway, what speaks against opening the source. It does not even have to be GPLed, you just need to be able to verify the software.
I for one would like to have a system, where I get some kind of receipt (maybe a chipcard or a code number) which I can use to verfy my vote anonymously on the internet or at a verification station.
All this is possible and can be done securely without hiding the source code and with keeping the privacy of the voter.

Re:Open Sofware Not The Only Solution

[nagora]

All that is truly needed is accountability built into the system. If a commercial product created a paper-trail that could appeald

Which means open-source of some sort. Anything else can be rigged, including the paper trail it produces. No part of the election process should be hidden from the electorate, whether comuterised or mechanical. Is that zealotry? It sounds like Common Sense to me.

TWW

Re:Open Sofware Not The Only Solution

[ichimunki]

True, a GPL'd solution could do this as well, but when we start saying that no commercial product will work, we start to look like zealots who's primary goal is to get Free Software out everywhere.

There is no conflict between Free Software and commercial products. In fact, it's very likely that any Free Software-based voting system would be a commercial product. The point here is that voting machines are a major component in the engine of democracy and that there is absolutely no reason why they should contain secret code or mechanics. Further, it's a horrible idea from a practical standpoint to allow a single vendor to have this sort of lock on that market. Just wait 'til Diebold has sold these machines to pretty much every precinct and then the machines start to require repairs. Can't wait to see those bills myself!

Re:Open Sofware Not The Only Solution

[kfg]

Please see Ken Thompson's totally moby hack of Unix, providing a back door even if a system was built from audited code.

http://catb.org/~esr/jargon/html/B/back-door.htm l

A "Paper Trail" is worthless with computer based voting machines unless the entire system is completely transparent to outside observers.

When it comes to elections no one, no one company and no one thing can be trusted without massive public oversight.

And most specifically the governement itself is the entity least trustable to "certify" that an election process is fair and properly conducted. I'm an American but I've lived through "democratic" elections in a third world country.

If the the press cannot hire its own experts to completely examine the system and freely publish its results there is no democracy.

KFG

KFG

KFG

It is not time for gnu-free

[johannesg]

E-voting is simply a bad idea. Voting needs to be done using paper, in order to keep accountability. Paper, once written, cannot be changed and can always be recounted. Software offers no such guarantee, not even if a thousand 'experts' all proclaim the software to be safe.

Re:It is not time for gnu-free

[vegetablespork]

I agree that there were irregularities in Florida, but disagree with this statement:

. . . and also that voter registration seems to introduce quite a bias in who is eligible to vote.

Voter registration, per se, does not introduce any bias (abuses like erroneous felon lists in Florida notwithstanding). It does cause a self-selection--that is, those who vote are those willing to take the time to register. This is why I oppose laws like "Motor Voter" and other efforts to make registration automatic. I also vehemently oppose any effort to allow voting from home, except for the physically disabled or other situations in which absentee ballots are currently allowed. If one can't be bothered to register and come to the polls, I don't want that person helping run the country.

Link to memo that works

[asmithmd1]

Here is a link to the memos thaty actually works

Simple System

[sjlutz]

How about just an electronic voting system that has redundancy. Example:
1) User votes for who they want to and it is recorded
2) Machine prints out card with users vote
3) Card is checked by user for accuracy
4) Card is then re-inserted into machine to generate the backup tally.

If the tallies from 1 and 4 don't match, the cards are "certified" and then rerun.

Re:Simple System

[vegetablespork]

If people are put off by putting in a little effort, it's just fine with me that they don't vote. People who are willing to put forth effort will decide elections, and everyone will benefit.

Re:Simple System

[Bronster]

3) Card is checked by user for accuracy

How often do you think this actually happens? Generally, you're lucky if you can get people out to vote for Tweedledum or Tweedledee, asking them to do some work when they get there is going too far.

It doesn't matter if it's only 1% of people who are doing that - if they notice that the machine hasn't printed what they asked for, they'll kick up a stink. More than a couple of people do that and the whole system will be called into question.

It's the same basis on which lots of blind-signing trust systems are built - ask the person to produce 100 different 'secrets', and verify that a random 99 of them are correct, then sign the other without looking at it, because the chance that they correctly guessed which of the 100 you would sign is so low, and (with a high enough penalty) the cost of being caught too high...

Re:Simple System

[ca1v1n]

I am reminded of an old adage, paraphrased here because I cannot find the exact text. "When headed to sea, take 1 compass or 3, but never 2."

To make matters worse, having a card printed out allows for chain voting. This is a scheme in which one voter sneaks their card out of the polling place, shows it to someone who pays them for their vote, and hands it to the next person who drops it in after they're done voting, and brings their card to get paid, and so it goes and so it goes. The first person can sneak it out rather trivially, because even if they're required to dump a card in a box, they can dump in a dummy card. No one can check their card for anonymity reasons. If you have some method of "holding" a vote until a card with some identifier is dropped in (and cancelling it if it's not soon, to avoid chain voting) then someone who screws up will have their vote cancelled and no way of getting to try again, unless those holds are associated with identity, in which case anonymity is violated. Letting voters screw up has already been established to be an unfair disenfranchisement.

Brazil uses electronic voting machines that cost a small fraction of what Diebold is selling, display photos of the candidates (critical for the illiterate), have batteries that can last them all day(for elections deep in the amazon where poewr is not), and were developed by two of their top research institutions in an open fashion. They used paper receipts at first, but after some chain voting scams were uncovered, they did away with them, deciding that the machines were trustworthy enough and reliable enough that it was a gain overall.

Did I mention that these machines cost a small fraction of the Diebold machines?

Re:Pretty effective

Not all is gone. The main links page from the article has some interesting emails. Here are the first 2. Let's see if this gets to be the 2nd round of censorship that VA/Slashdot gets weasled into...


From Nel Finberg, Technical Writer, Diebold Election Systems

(Note: Metamor/Ciber is the ITA assigned to certify the software)

alteration of Audit Log in Access

To: "support"
Subject: alteration of Audit Log in Access
From: "Nel Finberg"
Date: Tue, 16 Oct 2001 23:31:30 -0700
Importance: Normal

Jennifer Price at Metamor (about to be Ciber) has indicated that she can access the
GEMS Access database and alter the Audit log without entering a password. What is the
position of our development staff on this issue? Can we justify this? Or should this
be anathema?
Nel

Reply from Ken Clark, principal engineer for Diebold Election Systems

RE: alteration of Audit Log in Access

To:
Subject: RE: alteration of Audit Log in Access
From: "Ken Clark"
Date: Thu, 18 Oct 2001 09:55:02 -0700
Importance: Normal
In-reply-to:

Its a tough question, and it has a lot to do with perception. Of course everyone knows perception is reality.

Right now you can open GEMS' .mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. In VTS, you can open the database with progress and do the same. The same would go for anyone else's system using whatever database they are using. Hard drives are read-write entities. You can change their contents.

Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the .mdb file. Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out. Ouch! a tough dig at their collegues/competitors.

It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor. Uh, oh. I think it's been brought up!

There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever.Youch! That wasn't nice!

By the way, all of this is why Texas gets its sh*t in a knot over the log printer. Log printers are not read-write, so you don't have the problem. Of course if I were Texas I would be more worried about modifications to our electronic ballots than to our electron logs, but that is another story I guess. Oh, yeah. A the one everyone *is* worried about!

Bottom line on Metamor is to find out what it is going to take to make them happy. You can try the old standard of the NT password gains access to the operating system, and that after that point all bets are off. You have to trust the person
with the NT password at least. This is all about Florida, and we have had VTS certified in Florida under the status quo for nearly ten years.

I sense a loosing this guy reads /. too much. 'losing', dammit

this is the most serious threat to America

This isn't the only site that Diebold has shut down. I guess it just finally went far enough to get posted here. blackboxvoting.org is another one.

No educated person can believe that these systems are anything but a predesigned plan to subvert elections. It is impossible to make computer voting secure without compromising the secret ballot. Even the most basic steps to make these systems secure have not been taken.

There's no way to fix computer voting. Diebold will "fix" their security problems and it will still be easy to subvert the elections through well-hidden backdoors. Everyone will think the machines are completely secure because they'll remember the fuss about their security.

Do you want a corporation to have the power to decide arbitrarily the outcome of elections?

E-voting is simply a bad idea.

[harriet+nyborg]

E-voting is simply a bad idea.

Hear, hear.

The important thing in democracy is not the voting, it's the counting.

Any technology introduced to improve the act of voting cannot make the act of counting less transparent or democracy suffers.

It is apparent that Diebold's systems (not to mention Diebold's paranoia for secrecy) render the act of counting less accountable and less transparent. Ergo, democracy suffers.

If used in a close election - where exit polling and other secondary measurements are unable to confirm the results of the counting - the wrong person might actually get elected President of the United States of America.

With no sense of responsibility to the coutry at large, this illegitimate President might launch a series of Napoleonic wars to to compensate for his own feelings of inadequacy.

I digress into fantasy... the little blue ones I washed down with all those adult beverages must be kicking in.

Incriminating text of the memos

Internal Memos: Diebold Doing End-Runs Around Certification

Friday, 12 September 2003 (PDT)
By Bev Harris - blackboxvoting.org

http://www.blackboxvoting.com

If certification isn't being done properly, the whole house of cards falls. Below are actual copies of internal Diebold memos which show that uncertified software is being used in elections, and that Diebold programmers intentionally end-run the system.

Quick backgrounder first, scroll down to see the memos.

BACKGROUND

Our voting system, which is part of the public commons has recently been privatized. When this happened, the counting of the votes, which must be a public process, subjected to the scrutiny of many eyes of plain old citizens, became a secret.

The computerized systems that register voters, will soon sign voters into the polling place using a digital smart card, record the vote we cast, and tally it are now so secret they are not allowed to be examined by any citizens group, or even by academics like the computer scientists at major universities.

The corporate justification for this secrecy is that these systems adhere to a list of "standards" put out by the Federal Election Commission, and that an "ITA" (Independent Testing Authority) carefully examines the voting system, which is then provided to states for their own certification.

As it turns out, the states typically do not examine the computer code at all, relying instead on a "Logic and Accuracy" test which will not catch fraud and has frequently missed software programming errors that cause the machines to miscount.

A Diebold message board has been used since 1999 to help technicians in the field interact with programmers to solve problems. The contents of this message board were quietly sent to reporters and activists around the world, most likely by a Diebold employee. In a letter to WiredNews, Diebold has acknowledged that these memos are from its own staff message boards.

Without further commentary, judge for yourself whether Diebold has been following certification requirements:

From Nel Finberg, Technical Writer, Diebold Election Systems

(Note: Metamor/Ciber is the ITA assigned to certify the software)

alteration of Audit Log in Access

To: "support"
Subject: alteration of Audit Log in Access
From: "Nel Finberg"
Date: Tue, 16 Oct 2001 23:31:30 -0700
Importance: Normal

Jennifer Price at Metamor (about to be Ciber) has indicated that she can access the GEMS Access database and alter the Audit log without entering a password. What is the position of our development staff on this issue? Can we justify this? Or should this be anathema?
Nel

Reply from Ken Clark, principal engineer for Diebold Election Systems

RE: alteration of Audit Log in Access

To:
Subject: RE: alteration of Audit Log in Access
From: "Ken Clark"
Date: Thu, 18 Oct 2001 09:55:02 -0700
Importance: Normal
In-reply-to:

Its a tough question, and it has a lot to do with perception. Of course everyone knows perception is reality.

Right now you can open GEMS' .mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. In VTS, you can open the database with progress and do the same. The same would go for anyone else's system using whatever database they are using. Hard drives are read-write entities. You can change their contents.

Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the .mdb file. Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out.

It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the d

Re:So do something about it

[AndroidCat]

Sure, go whine to your elected representives. Whine to them that if they don't do something about this, you won't vote for them next election.

Hang on a sec... I think I see a problem here.

Re:Pretty effective

[byolinux]

Google has HTMLd it.

http://tinyurl.com/rej1

Re: Diebold machines

[blibbleblobble]

Quote from the leaked email

"It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor.

There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever."

Oh come on! It's as if the last 30 years of cryptographic knowledge never happened. Of course it's possible to digitally sign electronic data, and nobody with a clue about electronic voting would even consider not doing it.

These people are supplying voting machines, and they don't even know how to create tamper-evident databases? They even have the gall to assume their competitors are using the same simpleton technology as they are.

I suggest that anyone involved with these systems read Peter Wayner's Translucent Databases for a primer on how databases can be made secure, even against those who know the root password. [not that Diebold machines seem to have a root password]

For further reading, Diebold might want to read some of Bruce Schnier's books, which are an interesting read on what can be done with cryptography, and what are its limitations. They might even consider hiring a competant expert, e.g. some of Schneier's peers.

p.s. I claim the quote above as fair use, under english copyright law.

Re:Paper is not infallible

[johannesg]

It is _much_ harder to commit fraud using paper. For one thing, with software it requires just one guy making one change to a piece of software to bend the election results for an entire nation. With paper the same thing can be done on a local scale, but it is very hard to pull it off nationwide without people noticing.

Where I live I can go and watch elections as they happen (I can ask to be an observer and that request must be granted). I cannot do that with electronic voting, since I cannot watch what goes on inside the machine.

Not anonymous

[Effugas]

The fundamental problem is that it needs to be impossible for me to prove to a vote buyer that I voted one way or another.

If I can prove to myself my vote was counted a certain way, so too can it be proved to others. And then votes get bought.

This is a _hard_ problem, and alot of it comes from misunderstanding the nature of it.

--Dan

Re:Not anonymous

[HiThere]

You know, buying votes is less bad than the current approach.

That says all about the current approach that needs to be said.

Voting fraud should not be tolerated

[TheRealStyro]

All evidence at this point stands to up to reason and makes clear the implications for a high level of vote taking, accounting, and tabulation fraud. The evidence presented should be enough to warrant any reasonable governments to bring the processes, in detail, into question and to suspend use of this voting platform until a grand jury can form an opinion and/or verdict on the continued use of these types of voting platforms.

OK, the above possibly being true, why haven't voters caused an uproar over this potentially corrupt system being used? Simple - apathy. Most citizens are too worried about other things to care about the government. Most people want the government out of their lives and in exchange they will stay away from government functions. This plays right into the hands of those willing to put a system, such as this, into production. What can be done about the citizenry? Very little. A possible route is to find a way into the mass media and announce this fraud to the world. But the world already knows and can't change our system so what is your point already.

The only way to attack this system and initiate change is to use the power of government against the system. Find a politician that has power and is willing accept reason. Convince him/her to find a way to present charges of vote process fraud, and hope like hell that a committee will suspend the use of the process until a full investigation by independent panels can write an opinion. This will be time-consuming, and the result may not be what is desired, but as I see it, the only way to stop this potential fraud and abuse of the voting system.

Re:Here is the link

[Saint+Aardvark]

I've put up another copy of the book at http://saintaardvarkthecarpeted.com/bbv
. Let's see who gets a cease-and-desist first :-).

Let's put the patriot act to good use...

[Genda]

Inform Diebold that vote tampering will now be considered a form of terrorism and treason... punishable with sanctions up to and including the extreme and permanently extreme.

Add further that experts in technology from each of the parties represented in the election (including itty-bitty parties), will be appraising the results and the process by which votes have been counted.

Let them know that fraud will result in harsh and immediate reprisals against the company and more importantly it's CEO and Board.

Since screwing with the future integrity of our country and it's government doesn't apparently seem to bother them, maybe the threat of "parting them out" to an organ/tissue distribution center (so that the slimy buggers might actually serve a worthwhile purpose) would result in behavior vaguely resembling honorable and trustworthy.

If you want to make voter fraud unthinkable, just make the penalty for voter faud unthinkable.

Genda Bendte

Re: Diebold machines

[rthille]

Of course it's possible to digitally sign electronic data, and nobody with a clue about electronic voting would even consider not doing it.

Why bother? If you don't trust the system that does the signing, or the people who created the key it's signed with, then why bother to sign the data? It just gives a false sense of security.

Unless the system produces a human readable, physical record of votes that the voter can verify before submitting then the system is open to fraud.

Re:Fwd:this link should help

[Troed]

Thanks for the Freenet-link, worked just fine. Redoing it here as a real link to localhost for those with FProxy installed.

Things to do

[Animats]

Print out the site. Send it to your Congressman. Ask that it be added to the Congressional Record as an "extension of remarks".

Re:Read what Noam has to say.

[dfn_deux]

Noam chomsky has since said that the introduction was used without his permission and further more that he disagrees with the "findings" of the book. His introduction is about supporting research of all kinds and not discrediting research just because the findings may be contrary to the popular belief.

Re: Diebold machines

[budgenator]

Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

Oh really is the above aluding to :
A. election-fraud.
B. just plain bad software from Diebold.
C. piss-poor administration by some local-yocal election officials
D. All of the above

The real thing is 1.8 gigs -- here's more info

[BevHarris]

The original file with the memos is 1.8 gigs and contains a lot of information not in the memo stash at IndyMedia, including dozens of actual vote databases and a gigantic directory called Bugzilla. Here's information from Black Box Voting, Chapter 9

Rob: "And then when we loaded the software to fix that, the machines were still acting ridiculous. I was saying, 'This is not good! We need some people that know what this stuff is supposed to do, from McKinney, NOW! These machines, nobody knows what they're doing but Diebold, you need some people to fix them that know what's going on. They finally brought in guys, they ended up bringing in about 4 people...

You'd think that with such troubles, someone might follow standard company procedure and write up a bug report.

"All bugs ever reported have bug numbers," wrote Ken Clark in a memo dated Jan. 10, 2003, pointing out that the whole collection can be found in "Bugzilla." So I went looking for Bugzilla reports from Georgia. My goodness. They weren't there.

Bugzilla report numbers 1150-2150 correspond with June-Oct. 2002, but although hundreds of these bug numbers are mentioned in memos and release notes, I only found 75 Bugzilla reports for this time period, and none from Georgia. Strange. I was looking forward to reading the explanations about how computers can get up in the morning and announce that they have no brain [mentioned on an earlier page]. Aha -- Here's a memo about missing Bugzilla files: It's dated 8 Jul 2002, from principal engineer Ken Clark.

Subject: bugzilla down, we are working on it. "We suffered a rather catastrophic failure of the Bugzilla database," he writes. He warns that recovery of the bugzilla reports "will be ugly" and adds that "there will be a large number of missing bugs."

In a follow up note on July 16, Clark says "Some bugs were irrecoverably lost and they will have to be re-found and re-submitted, but overall the loss was relatively minor."

...among programmers, system backups are a religion. People are fired for not performing a daily backup. Some programming shops back up every shift. Because backups are critically important, expensive automated tape systems are employed to minimize any data loss. By our estimation, almost a thousand bug reports are missing, including all the Georgia bugs.

Bev Harris Black Box Voting