Diebold To Drop Suit Against Whistleblowers

segment writes "Fox News reports that 'Diebold said it would not sue dozens of students, computer scientists and Internet service providers who had received cease-and-desist letters from the company from August to October,' which is great for academia land, but one should still ponder using Diebold on any level: 'an executive scolded programmers for leaving software files on an Internet site without password protection.' Kind of a scary thought with all the United States went through during the Bush/Gore election, imagine the theories should a Diebold product be used in a situation like that. " Reader doormat points out, however, that "the EFF is still going after Diebold over the C&D letters." Several readers also submitted links to Paul Krugman's New York Times column about Diebold's approach to public trust and accountability.

EFF *still* suing?

[I+confirm+I'm+not+a]

IANAL, so would anyone care to explain the logic of continuing to sue Diebold over the C&D letters, when Diebold have stopped persuing the C&Ds? (Not flaming the EFF, just curious why they aren't going after other Diebold challenges to freedom)

Re:EFF *still* suing?

[Ayaress]

In effect, yes.

The lawyer sends the C&D letter on penalty of purjury. However, if his boss (Diebold in this case) represented to him that these letters were, in fact, justified, he isn't at fault, as he believed he was acting within the extent of the DMCA (Or at least there's not way to prove otherwise in court).

And to make things worse, when Diebold told the lawyer(s) that they were justified in sending the C&D letters, THAT statement was not made under pentalty of purjury. It's one of those loopholes in the law that really should be pulled shut.

Re:EFF *still* suing?

[zerocool^]

As someone who works at an ISP (webhost (netmar.com)) and who has been threatened with DMCA violations, here's the proceedure:

Upon notification, we must verify that:
1.) we received written notification
2.) the party claims, under penalty of perjury, that they are or represent the accusing party
3.) They specify contact info
4.) They detail what and where something is infringing
5.) They must make a claim, under penalty of perjury, that the claims of infringement, to the best of their knowledge, are accurate.

Then, we are not liable for damages, so long as:
1.) we didn't notice or had no reason to believe that the material being served was copyrighted
2.) Move quickly to remove it
3.) Do not stand to benifit from the infringement

Additionally, we are only indemnified assuming we:
1.) Have an agent contact at the copyright office
2.) Make the contact info for said agent available on our public website

So, there is a legal process for this, but, in order for us to not invite legal action, we have legal obligations, just as the accusers do. If the accusers make no statement, under penalty of perjury, that they directly represent the copyright holder and that the material on our system is theirs, then we are not obligated to remove it.
If they don't make the direct statement about their notice being accurate, then they have not upheld their end of the legal process.

Note to other webhosts/ISP's: You have to apply for this. You have to have your agent at the copyright office. As long as you are registered for DMCA protection, and you follow the legal process you're ok, but if you have no registered agent contact at the copyright office, then none of this applies, and no one has to make any legal statments in order to compell you to take somethign down by law.

~Wx

Re:EFF *still* suing?

"So long as someone really does represent someone else, they can make any sort of fraudulent DMCA claims?"

Yes, but as soon as these claims become evidence, all parties had better have their story straight. You can say whatever you'd like until the part where you swear to tell the truth, the whole truth, and nothing but the truth. At that point you'd best be telling the truth. If your story does change significantly from what you said prior to the hearing or deposition, that might be a problem but it's not necessarily a crime. All that really matters is what's said under oath. Basically, documents don't exist until a judge says they do. And nobody ever said anything until they said it under oath.

I wish people would stop backing down at the first threat of a lawsuit. I think the reason is more probably because most people being sued are not quite as innocent as they would like to believe, not because a court hearing is automatically going to bankrupt them (this is commonly believed).

Re:EFF *still* suing?

[MrResistor]

IANAL, so would anyone care to explain the logic of continuing to sue Diebold over the C&D letters, when Diebold have stopped persuing the C&Ds?

Just off the top of my head, but this might be why:

The North Canton, Ohio-based Diebold ... said it will continue to monitor the online proliferation of the leaked documents, and may sue others who publish the data.

In other words, they admit that they're only backing off because of the bad press, and not because they've had an epifany that what they're doing is fundamentally wrong.

Re:It's a harassment policy

[October_30th]

Ok, their machines may be a bit flaky, but do you have any evidence of "draconian agendas"?

I think there is way too much hysteria around electronic voting.

I'll say it for the millionth time

[Slur]

Using non-open-source software for voting machines is just plain irresponsible. Hard to believe a continent entirely peopled by convicts is so far ahead of our blind and backward political culture.

Hey, I'm a fan of the capitalist ethos as much as the next guy, but when it comes to the interests of the populous it's clearly more responsible to choose open source and open standards. Should we really trust Our Data to invisible source code written by anonymous programmers ensconced in a proprietary bubble?

I guess we shouldn't be so surprised that the elite don't have the interests of the populous at heart. Hmm, maybe there's a worm in the Capitalist apple.... It's time the Open Source Community made it clear that we are an essential element of the free market ecosystem and not some fringe element to be vilified and marginalized.

Um... I thought Diebold machines _WERE_ used!

[Alphanos]

Quote from story: Kind of a scary thought with all the United States went through during the Bush/Gore election, imagine the theories should a Diebold product be used in a situation like that. Either the article submittor or I has totally misunderstood something: I thought that the Diebold machines WERE used in the Bush/Gore election, and that was the source of many of the theories! Doesn't everyone else remember hearing of the memory card that gave Gore approximately -17k votes when added to the tally?

Starting a PAC to lobby for sensible copyright law

[Genghis9]

Has anybody done this? Really, a great way to reclaim the system from corporate buyout is to buy it back. Think about it, if 10 million geeks contribute a buck each that could be some serious cash to sway the average money-chasing pol. With the internet it would be really easy to get the word out: Slashdot, BoingBoing etc the birth of the group vigorously and overnight a powerful group could be born. There are plenty of geeks who could contribute to running a site and then it would be a matter of hiring experienced Washington operators to do the slimy work.

It would be like a Howard Dean phenomena, except aiming to restore sanity to digital and non-digital intellectual property laws. First task: repeal the DMCA. Then, get rid of the hideous Sonny Bono legislation. Public opinion would overwhelmingly be behind the efforts too.

What do Slashdotters think. Time to start a revolution right here, right now?

Are they open source now?

[cluge]

an executive scolded programmers for leaving software files on an Internet site without password protection.

I think we can call this "Open source by accident", or perhaps "Almost Open Source", then again "Effectively Open Source" sounds good as well. I for one would like to thank Diebold for leaving the source code were we can all look at it.

On to a more serious matter - the code SHOULD be open to scrutiny, especially by third party, independant coders. Then again, running on top of a MS OS, that may have a virus or back door scare me. What about a voteing machine that runs from a bootabel CD-Rom? The results are all kept in memory with a line printer and some smart cryptography as a backup/confirmation? It shouldn't be hard, the CD's could be inspected post election to make sure that the voting program code wasn't tampered with (unlike hard drives where I could tamper with the code and no one owuld know it). Seems to me the open source community could do a lot better in short order. PS the username and password for the open source code would be anonymous and myvotcounts@fukudiebold.com

Gentoo voting machines?

1 standalone CD, all source-code wipes the system clean, builds and installs the system storing votes on secure media, CD's available on-request to those who want them, the one used on the day taken randomly from the box of a few hundred which are given out to the voters.

I can examine the ballet paper, I can watch the ballet box take my slip of paper and see it opened at the counting station, not having some level of proof that it's actually doing what it's supposed to do is a rather poor system.

Re:It's a harassment policy

[Fulcrum+of+Evil]

Ok, their machines may be a bit flaky, but do you have any evidence of "draconian agendas"?

Well, their president promised his home state to the Republicans. How's that? Combine that with the fact that these machines are closed and, so far as we can tell, no real effort has been put into securing them or ensuring their correctness.

Re:It's a harassment policy

[HMA2000]

Thank you so much for saying this. It is good to know I am not the only one that feels this way. People are so very quick to put on blinders and assume that Diebold's CEO and friends are sitting in a darkened room planning on how best to trample the rights of US citizens. The reality of the situation is probably that Diebold is trying its best to score this contract and are making some mistakes along the way. I doubt that the CEO of diebold is aware of the ire he has raised in this (slashdot) particular community and instead is listening to his legal council; who are very predictable in these areas. Has diebold made some big mistakes? Yes, no doubt about it. Is it a conscious effort on Diebold's part to look like total asses? I doubt it. But hey, its a draconian agenda right? What does that even mean?

Re:It's a harassment policy

[arkanes]

Of course nobody is "forcing" the states to buy Diebolds machine - as in all to many cases in IT, the decision to do is being made by people unaware of the problems (and it's not like Diebold reps are going to volunteer them), and who're unfamiliar with the technology, and are otherwise not really qualified to make those kind of decisions. Thats not really related to Diebolds evilness (or lack thereof).

Certainly Diebold (as a company) is incompotent and of shady ethics. I'm willing to give the benefit of the doubt and say thats as far as it goes, and that they aren't trying to get rigged systems into place - but just barely. So many of the "features" of Diebold systems have no use I can think of except to rig sytems - in any case, intentional rigging aside, the security and integrity of the voting process was clearly not a priority at Diebold. Further, Diebold employees and reps are aware of that (they can hardly fail to be), but are willing to lie in order to thier paycheck. Depending on your viewpoint, that may or may not qualify as evil.

Re:They should drop something else first:

[cgenman]

Their staff.

'an executive scolded programmers for leaving software files on an Internet site without password protection.'

No, an executive should have fired programmers for leaving software files on an Internet connected site without password protection. That executive then should have been fired for having such lax security practices at one of the most important NGO's in the USA today. Diebold should then be given 1 year to prove beyond a shadow of a doubt that it's systems are secure. That year should culminate in 100 of Diebold's boxes being dropped into the yearly 2600 meeting in New York City, with any successful hack recieving 10,000 dollars and the honor of ripping up all of Diebold's contracts and co-signing the order banning the sale of Diebold election machines in the US for 20 years.

They should then go to Diebold's headquarters and salt the campus.

Seriously, giving a candidate a minus 16022? Faking demos? 25% failure rates? Intentionally making audits impossible? One of these things happening at a company selling toasters would be surprising. Three would be scandalous. But a history of gross mismanagement and neglect at a company that is the first and last word in American democracy is the highest form of the word "inexcusable." If they had done many of the things that they did intentionally, they would be arrested for treason.

There is nothing in the US constitution that says grossly incompetent companies in highly trusted positions have a right to continue to exist.

Re:Treating the symptom, not the problem

[gormanly]

that, but really isn't the problem that their software was riddled with design and security problems?

That's a pretty common problem with Diebold systems though - they give a very good impression of having no understanding at all of any computer security concepts... pop quiz, would you rather trust them with your votes or your money?

Fuckwits can't even make their ATMs safe from Windoze RPC DCOM worms after M$ put out the patch. Though what we're doing allowing cash machines to run M$OS (with RPC turned on!) is beyond me.

Meet the guy who designed the code

[p.zed]

http://www.guylancaster.com_________ Software Engineer, contract 1991 - 2001 Global Election Systems Inc. (now Diebold Election Systems), Vancouver, BC, Canada Development and support of embedded systems firmware and host communications software. Developed a TCP/IP/PPP protocol stack to run under the uC/OS real-time operating system. The stack was based mostly on BSD sources and has been re-released as the uC/IP project on SourceForge (http://ucip.sourceforge.net). The stack is used in the current central count product and has been ported by others into several other commercial embedded systems. Developed secure Internet based protocols for transmitting election information and results. Designed and developed a compiler and interpreter for an embedded report generator system known as AccuBasic. Designed and developed a central count election system in which ballot scanners pass raw images directly to the central server running Progress 4GL. This required a bi-directional variation of the proprietary communications protocol used at the time. System administration, Web development, and technical writing. Developed an intranet Web site which has significantly improved internal communications. Maintained the Linux based email, FTP, and intranet servers for the Vancouver office. Wrote developer documentation and drafted materials for inclusion in user guides.

Re:It's a harassment policy

[Chris+Burke]

The reality of the situation is probably that Diebold is trying its best to score this contract and are making some mistakes along the way.

No, the reality of the situation is (note deliberate lack of qualifying "probably") that we don't know.

What we do know is that their machines are insanely insecure, have already failed in real elections, they know about it, they have tried to cover it up instead of fixing it, and have threatened to sue those who did expose these facts.

"Benefit of the doubt" is just that. You doubt the accusations, particularly because they are unproven. However, given the evidence that does exist, I don't know how you can say that they probably aren't true.

Which isn't to say I'm not largely agreeing with you. I'm just saying don't let your skepticism of critics of Diebold turn into a lack of skepticism of Diebold. They could very well be the schemers they are accused of being, no matter how sure you are that they'd never do that.

A draconian agenda would presumeably be an agenda to get draconian laws passed. Thanks to my history schooling and fantasy-novel reading, I still reflexively think of "draconian" as "like evil lizard men" instead of "like the harsh laws passed by Draco of Athens". Funny.

Re:Devil's Advocate

[Sylver+Dragon]

While its fair that a company (Diebold in this case) should be allowed to believe that they are being wronged. If they act on that belief (sending DMCA takedown notices) and are found to be wrong, they should be held responsible. In this case, it would appear to me, that the EFF is trying to ensure that Diebold is held responsible for misusing DMCA takedown notices. Despite all of its flaws there are provisions for companies who misuse the DMCA takedown notices, and that is what the EFF (by proxy) is pursuing them about. Its not about sticking it to some mythincal "man", its about proper punishment for misuse of the legal system. If anything, this is a good thing, a big company is (hopefully) about to get smacked down for abusing the system.

Re:It's a harassment policy

I think there is way too much hysteria around electronic voting.

I think there is not nearly enough.

Imagine a country where...
- People were physically prevented from voting.
- Ballot boxes were removed and replaced during the course of the election.
- All the completed boxes were trucked off to a secret location where a businessman with strong ties to the president did the counting in secret then burned the ballots before anouncing the results.