Diebold Issues Cease and Desist to Indymedia

h0mee writes "Diebold, manufacturer of election equipment, has issued a Cease and desist notice to the upstream provider of San Francisco Indymedia for having links to mirrors of a leaked internal diebold memo. More than just a case of a leak, Diebold has been raising a lot of questions about the fairness and security of elections in the United States. (Perhaps it's time for peer reviewable software like gnu.free? ;)"

Support Indymedia!

[quigonn]

Indymedia is a very important platform in the current world where most people are influenced by mass media. So, support them by giving them webspace outside of the USA, so that they will be able to continue exercising their right to free speech!

It is not time for gnu-free

[johannesg]

E-voting is simply a bad idea. Voting needs to be done using paper, in order to keep accountability. Paper, once written, cannot be changed and can always be recounted. Software offers no such guarantee, not even if a thousand 'experts' all proclaim the software to be safe.

Re:Open Sofware Not The Only Solution

[nagora]

All that is truly needed is accountability built into the system. If a commercial product created a paper-trail that could appeald

Which means open-source of some sort. Anything else can be rigged, including the paper trail it produces. No part of the election process should be hidden from the electorate, whether comuterised or mechanical. Is that zealotry? It sounds like Common Sense to me.

TWW

E-voting is simply a bad idea.

[harriet+nyborg]

E-voting is simply a bad idea.

Hear, hear.

The important thing in democracy is not the voting, it's the counting.

Any technology introduced to improve the act of voting cannot make the act of counting less transparent or democracy suffers.

It is apparent that Diebold's systems (not to mention Diebold's paranoia for secrecy) render the act of counting less accountable and less transparent. Ergo, democracy suffers.

If used in a close election - where exit polling and other secondary measurements are unable to confirm the results of the counting - the wrong person might actually get elected President of the United States of America.

With no sense of responsibility to the coutry at large, this illegitimate President might launch a series of Napoleonic wars to to compensate for his own feelings of inadequacy.

I digress into fantasy... the little blue ones I washed down with all those adult beverages must be kicking in.

Incriminating text of the memos

Internal Memos: Diebold Doing End-Runs Around Certification

Friday, 12 September 2003 (PDT)
By Bev Harris - blackboxvoting.org

http://www.blackboxvoting.com

If certification isn't being done properly, the whole house of cards falls. Below are actual copies of internal Diebold memos which show that uncertified software is being used in elections, and that Diebold programmers intentionally end-run the system.

Quick backgrounder first, scroll down to see the memos.

BACKGROUND

Our voting system, which is part of the public commons has recently been privatized. When this happened, the counting of the votes, which must be a public process, subjected to the scrutiny of many eyes of plain old citizens, became a secret.

The computerized systems that register voters, will soon sign voters into the polling place using a digital smart card, record the vote we cast, and tally it are now so secret they are not allowed to be examined by any citizens group, or even by academics like the computer scientists at major universities.

The corporate justification for this secrecy is that these systems adhere to a list of "standards" put out by the Federal Election Commission, and that an "ITA" (Independent Testing Authority) carefully examines the voting system, which is then provided to states for their own certification.

As it turns out, the states typically do not examine the computer code at all, relying instead on a "Logic and Accuracy" test which will not catch fraud and has frequently missed software programming errors that cause the machines to miscount.

A Diebold message board has been used since 1999 to help technicians in the field interact with programmers to solve problems. The contents of this message board were quietly sent to reporters and activists around the world, most likely by a Diebold employee. In a letter to WiredNews, Diebold has acknowledged that these memos are from its own staff message boards.

Without further commentary, judge for yourself whether Diebold has been following certification requirements:

From Nel Finberg, Technical Writer, Diebold Election Systems

(Note: Metamor/Ciber is the ITA assigned to certify the software)

alteration of Audit Log in Access

To: "support"
Subject: alteration of Audit Log in Access
From: "Nel Finberg"
Date: Tue, 16 Oct 2001 23:31:30 -0700
Importance: Normal

Jennifer Price at Metamor (about to be Ciber) has indicated that she can access the GEMS Access database and alter the Audit log without entering a password. What is the position of our development staff on this issue? Can we justify this? Or should this be anathema?
Nel

Reply from Ken Clark, principal engineer for Diebold Election Systems

RE: alteration of Audit Log in Access

To:
Subject: RE: alteration of Audit Log in Access
From: "Ken Clark"
Date: Thu, 18 Oct 2001 09:55:02 -0700
Importance: Normal
In-reply-to:

Its a tough question, and it has a lot to do with perception. Of course everyone knows perception is reality.

Right now you can open GEMS' .mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. In VTS, you can open the database with progress and do the same. The same would go for anyone else's system using whatever database they are using. Hard drives are read-write entities. You can change their contents.

Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the .mdb file. Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out.

It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the d

Re:Open Sofware Not The Only Solution

[kfg]

Please see Ken Thompson's totally moby hack of Unix, providing a back door even if a system was built from audited code.

http://catb.org/~esr/jargon/html/B/back-door.htm l

A "Paper Trail" is worthless with computer based voting machines unless the entire system is completely transparent to outside observers.

When it comes to elections no one, no one company and no one thing can be trusted without massive public oversight.

And most specifically the governement itself is the entity least trustable to "certify" that an election process is fair and properly conducted. I'm an American but I've lived through "democratic" elections in a third world country.

If the the press cannot hire its own experts to completely examine the system and freely publish its results there is no democracy.

KFG

KFG

KFG

Re: Diebold machines

[blibbleblobble]

Quote from the leaked email

"It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor.

There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever."

Oh come on! It's as if the last 30 years of cryptographic knowledge never happened. Of course it's possible to digitally sign electronic data, and nobody with a clue about electronic voting would even consider not doing it.

These people are supplying voting machines, and they don't even know how to create tamper-evident databases? They even have the gall to assume their competitors are using the same simpleton technology as they are.

I suggest that anyone involved with these systems read Peter Wayner's Translucent Databases for a primer on how databases can be made secure, even against those who know the root password. [not that Diebold machines seem to have a root password]

For further reading, Diebold might want to read some of Bruce Schnier's books, which are an interesting read on what can be done with cryptography, and what are its limitations. They might even consider hiring a competant expert, e.g. some of Schneier's peers.

p.s. I claim the quote above as fair use, under english copyright law.

Not anonymous

[Effugas]

The fundamental problem is that it needs to be impossible for me to prove to a vote buyer that I voted one way or another.

If I can prove to myself my vote was counted a certain way, so too can it be proved to others. And then votes get bought.

This is a _hard_ problem, and alot of it comes from misunderstanding the nature of it.

--Dan