Slashdot Mirror
Diebold Issues Cease and Desist to Indymedia
h0mee writes "Diebold, manufacturer of election equipment, has issued a Cease and desist notice to the upstream provider of San Francisco Indymedia for having links to mirrors of a leaked internal diebold memo. More than just a case of a leak, Diebold has been raising a lot of questions about the fairness and security of elections in the United States. (Perhaps it's time for peer reviewable software like gnu.free? ;)"
Indymedia is a very important platform in the current world where most people are influenced by mass media. So, support them by giving them webspace outside of the USA, so that they will be able to continue exercising their right to free speech!
A monkey is doing the real work for me.
E-voting is simply a bad idea. Voting needs to be done using paper, in order to keep accountability. Paper, once written, cannot be changed and can always be recounted. Software offers no such guarantee, not even if a thousand 'experts' all proclaim the software to be safe.
Not all is gone. The main links page from the article has some interesting emails. Here are the first 2. Let's see if this gets to be the 2nd round of censorship that VA/Slashdot gets weasled into...
.mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. In VTS, you can open the database with progress and do the same. The same would go for anyone else's system using whatever database they are using. Hard drives are read-write entities. You can change their contents.
.mdb file. Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out. Ouch! a tough dig at their collegues/competitors.
.mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.
/. too much. 'losing', dammit
From Nel Finberg, Technical Writer, Diebold Election Systems
(Note: Metamor/Ciber is the ITA assigned to certify the software)
alteration of Audit Log in Access
To: "support"
Subject: alteration of Audit Log in Access
From: "Nel Finberg"
Date: Tue, 16 Oct 2001 23:31:30 -0700
Importance: Normal
Jennifer Price at Metamor (about to be Ciber) has indicated that she can access the
GEMS Access database and alter the Audit log without entering a password. What is the
position of our development staff on this issue? Can we justify this? Or should this
be anathema?
Nel
Reply from Ken Clark, principal engineer for Diebold Election Systems
RE: alteration of Audit Log in Access
To:
Subject: RE: alteration of Audit Log in Access
From: "Ken Clark"
Date: Thu, 18 Oct 2001 09:55:02 -0700
Importance: Normal
In-reply-to:
Its a tough question, and it has a lot to do with perception. Of course everyone knows perception is reality.
Right now you can open GEMS'
Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the
It is possible to put a secret password on the
Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor. Uh, oh. I think it's been brought up!
There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever.Youch! That wasn't nice!
By the way, all of this is why Texas gets its sh*t in a knot over the log printer. Log printers are not read-write, so you don't have the problem. Of course if I were Texas I would be more worried about modifications to our electronic ballots than to our electron logs, but that is another story I guess. Oh, yeah. A the one everyone *is* worried about!
Bottom line on Metamor is to find out what it is going to take to make them happy. You can try the old standard of the NT password gains access to the operating system, and that after that point all bets are off. You have to trust the person
with the NT password at least. This is all about Florida, and we have had VTS certified in Florida under the status quo for nearly ten years.
I sense a loosing this guy reads
Which means open-source of some sort. Anything else can be rigged, including the paper trail it produces. No part of the election process should be hidden from the electorate, whether comuterised or mechanical. Is that zealotry? It sounds like Common Sense to me.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
Hear, hear.
The important thing in democracy is not the voting, it's the counting.
Any technology introduced to improve the act of voting cannot make the act of counting less transparent or democracy suffers.
It is apparent that Diebold's systems (not to mention Diebold's paranoia for secrecy) render the act of counting less accountable and less transparent. Ergo, democracy suffers.
If used in a close election - where exit polling and other secondary measurements are unable to confirm the results of the counting - the wrong person might actually get elected President of the United States of America.
With no sense of responsibility to the coutry at large, this illegitimate President might launch a series of Napoleonic wars to to compensate for his own feelings of inadequacy.
I digress into fantasy... the little blue ones I washed down with all those adult beverages must be kicking in.
Internal Memos: Diebold Doing End-Runs Around Certification
.mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. In VTS, you can open the database with progress and do the same. The same would go for anyone else's system using whatever database they are using. Hard drives are read-write entities. You can change their contents.
.mdb file. Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out.
.mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the d
Friday, 12 September 2003 (PDT)
By Bev Harris - blackboxvoting.org
http://www.blackboxvoting.com
If certification isn't being done properly, the whole house of cards falls. Below are actual copies of internal Diebold memos which show that uncertified software is being used in elections, and that Diebold programmers intentionally end-run the system.
Quick backgrounder first, scroll down to see the memos.
BACKGROUND
Our voting system, which is part of the public commons has recently been privatized. When this happened, the counting of the votes, which must be a public process, subjected to the scrutiny of many eyes of plain old citizens, became a secret.
The computerized systems that register voters, will soon sign voters into the polling place using a digital smart card, record the vote we cast, and tally it are now so secret they are not allowed to be examined by any citizens group, or even by academics like the computer scientists at major universities.
The corporate justification for this secrecy is that these systems adhere to a list of "standards" put out by the Federal Election Commission, and that an "ITA" (Independent Testing Authority) carefully examines the voting system, which is then provided to states for their own certification.
As it turns out, the states typically do not examine the computer code at all, relying instead on a "Logic and Accuracy" test which will not catch fraud and has frequently missed software programming errors that cause the machines to miscount.
A Diebold message board has been used since 1999 to help technicians in the field interact with programmers to solve problems. The contents of this message board were quietly sent to reporters and activists around the world, most likely by a Diebold employee. In a letter to WiredNews, Diebold has acknowledged that these memos are from its own staff message boards.
Without further commentary, judge for yourself whether Diebold has been following certification requirements:
From Nel Finberg, Technical Writer, Diebold Election Systems
(Note: Metamor/Ciber is the ITA assigned to certify the software)
alteration of Audit Log in Access
To: "support"
Subject: alteration of Audit Log in Access
From: "Nel Finberg"
Date: Tue, 16 Oct 2001 23:31:30 -0700
Importance: Normal
Jennifer Price at Metamor (about to be Ciber) has indicated that she can access the GEMS Access database and alter the Audit log without entering a password. What is the position of our development staff on this issue? Can we justify this? Or should this be anathema?
Nel
Reply from Ken Clark, principal engineer for Diebold Election Systems
RE: alteration of Audit Log in Access
To:
Subject: RE: alteration of Audit Log in Access
From: "Ken Clark"
Date: Thu, 18 Oct 2001 09:55:02 -0700
Importance: Normal
In-reply-to:
Its a tough question, and it has a lot to do with perception. Of course everyone knows perception is reality.
Right now you can open GEMS'
Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the
It is possible to put a secret password on the
Please see Ken Thompson's totally moby hack of Unix, providing a back door even if a system was built from audited code.
m l
http://catb.org/~esr/jargon/html/B/back-door.ht
A "Paper Trail" is worthless with computer based voting machines unless the entire system is completely transparent to outside observers.
When it comes to elections no one, no one company and no one thing can be trusted without massive public oversight.
And most specifically the governement itself is the entity least trustable to "certify" that an election process is fair and properly conducted. I'm an American but I've lived through "democratic" elections in a third world country.
If the the press cannot hire its own experts to completely examine the system and freely publish its results there is no democracy.
KFG
KFG
KFG
Oh come on! It's as if the last 30 years of cryptographic knowledge never happened. Of course it's possible to digitally sign electronic data, and nobody with a clue about electronic voting would even consider not doing it.
These people are supplying voting machines, and they don't even know how to create tamper-evident databases? They even have the gall to assume their competitors are using the same simpleton technology as they are.
I suggest that anyone involved with these systems read Peter Wayner's Translucent Databases for a primer on how databases can be made secure, even against those who know the root password. [not that Diebold machines seem to have a root password]
For further reading, Diebold might want to read some of Bruce Schnier's books, which are an interesting read on what can be done with cryptography, and what are its limitations. They might even consider hiring a competant expert, e.g. some of Schneier's peers.
p.s. I claim the quote above as fair use, under english copyright law.
The fundamental problem is that it needs to be impossible for me to prove to a vote buyer that I voted one way or another.
If I can prove to myself my vote was counted a certain way, so too can it be proved to others. And then votes get bought.
This is a _hard_ problem, and alot of it comes from misunderstanding the nature of it.
--Dan
Of course it's possible to digitally sign electronic data, and nobody with a clue about electronic voting would even consider not doing it.
Why bother? If you don't trust the system that does the signing, or the people who created the key it's signed with, then why bother to sign the data? It just gives a false sense of security.
Unless the system produces a human readable, physical record of votes that the voter can verify before submitting then the system is open to fraud.
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/