Slashdot Mirror
Diebold Threatens to Pull Out of North Carolina
foobaric writes "A North Carolina judge ruled that Diebold may not be protected from criminal prosecution if it fails to disclose the code behind its voting machines as required by law. In response, Diebold has threatened to pull out of North Carolina." From the article: "The dispute centers on the state's requirement that suppliers place in escrow 'all software that is relevant to functionality, setup, configuration, and operation of the voting system,' as well as a list of programmers responsible for creating the software. That's not possible for Diebold's machines, which use Microsoft Windows, Hanna said. The company does not have the right to provide Microsoft's code, he said, adding it would be impossible to provide the names of every programmer who worked on Windows."
Hmm... Good point.
Hey Diebold, don't let the door hit you in the ass on the way out!
(Not that state regulators which didn't require a voter-verified paper trail up front have qualifications for anything but a prison cell, but hey...)
Tired of Political Trolls? Opt Out!
now if the other 49 states would do this too...
Politics is Treachery, Religion is Brainwashing
Diebold forced out of North Carolina.
"Under pressure to comply with State Law, Diebold insead chooses to leave the field to its competitors."
"Piter, too, is dead."
Let's tick this off:
*You are unwilling to
*You do not find it feasible to
*You find it technically impossible to
list the code in and programmers of your mission critical software that could have effects of the national security variety. The first? Maybe just greed. The second? Probably not a good sign. The third? If these people aren't getting the hint, something is seriously, seriously wrong here.
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
This is why Microsoft Windows is not a good choice for embedded systems. System designers should choose an unecumbered system such as Linux or BSD, particularly if any kind of security is required, like for voting or banking.
:)
It suprises me that Diebold fails at this stuff so badly, considering how they've been doing it for years. I cringe every time I roll up to an ATM with their name on it. Luckily, my bank uses mostly NCR hardware
Exactly how is this a threat? It's like terrorists threatening to take their ball and go home.
GreyPoopon
--
Why is it I can write insightful comments but can't come up with a clever signature?
I don't fault Diebold for being reluctant to move forward given the language of the statute.
It seems to be clear that the intent was to have the actual source code and not just a copy of the software. Also, it isn't at all clear if that means the underlying platform or just the voting application on top of it, but why take a chance. And really, what would be the point of having access to half of the software stack?
Either the state of North Carolina really doesn't want a windows based voting solution or they are accidentally sending the message that "no closed source solutions need apply".
In either case poor, misunderstood Diebold may have to take their ball and go home. I think we can all agree that given their track record, this is a good thing.
Something must be very wrong if the supplier is threatening the customer. What happened to the free market? If Diebold don't want the business, I'm sure another enterprising company will appreciate it.
Bogtha Bogtha Bogtha
I sense a great disturbance in the electorate... as if millions of voices cried out in... No wait, I'm confusing that with millions of voices not giving a rat's ass. See ya, Diebold.
Help save the critically endangered Blue Iguana
And you thought listing all the developers who worked on Windows was hard....
TPJ - Founder, The Amazon Basin
This is simply a situation where closed source software is not the best tool for the job. Diebold is more than welcome to submit an open source solution, or play the the crybaby-going-home-and-taking-my-toy-with-me game.
My only question is how far down do these legal requirements go? If the operating system the voting software is running on needs to be open sourced, what about the hardware firmware? Does it need to be open source as well?
Any chance the Catholic Church was behind this?
I'll be here all week.
God, Southerners have the coolest names.
Afterall regardless of the software used,
the hardware might be designed to ignore software instructions
and give a different set of voting results.
it's quite obvious that a company like diebold, with rather vast resources, simply doesnt want the code verified for it voting and manipulation abilities. it is well documented that a variety of backdoors exist within the system including simple ftp access to raw data, and the ability to change it at will by any user. couple that with a nonexistant paper trail or the ability to verify the code does what they say it does. anyone actually recall the huge difference in exit polls and actual count? it was so off that cnn stopped reporting on exit polls, which have a high measure of historical accuracy. so much so that exit polls are used in new voting democracies to determine vote fraud.
i for one do not welcome our new data enabled overlords....
Gee, that would be such a shame if that were to happen. I mean, North Carolina needs voting machines that are compromised by design, made by a company that has a vested interest in who wins the election, right?
Oh, whatever is North Carolina to do without voting machines made by an upstanding company like Diebold? Why, their voters might have to use the old paper ballot system instead! The horror!
Please stay, Diebold! Only a good rigged election can give us confidence in democracy!
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
Windows CE source code is availablei censing/WindowsCE.mspx
http://www.microsoft.com/resources/sharedsource/L
With Windows CE, "OEM customers worldwide can create and distribute commercial derivatives of the Windows CE 5.0 operating system source code for shipping in commercial devices without notifying Microsoft or sharing their derivative works with the embedded community."
as well as a list of programmers responsible for creating the software.
If they were using Linux, do you really think they could provide a list of programmers? I mean come on think of the thousands upon thousands who have contributed, many times without mention...
-everphilski-
Other posters are making a lot of hay over the responsible programmers portion of the statute - obviously, if you need to list everyone who contributed code that would tend to be impossible (although a few projects could probably comply.)
However, I'm fairly sure that you could meet that requirement with a list of the *responsible* programmers - i.e., the people in charge making decisions. Thus, you don't need to list every programmer - the person in charge of your particular embedded system fork ought to be sufficient.
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
"So then what? Back to paper and pens?"
Why not? That's what we use in the UK for all national, reginal and local elections. It's worked well enough for a few hundred years.
No but, yeah but, no but...
And more suspiciously, why are they threatening to leave instead of complying as much as possible? The court (i.e. ruling judge) should be able to apply the law in such a way that Diebold discloses all of their code, and then any remaining proprietary code from other vendors can be handled with those other vendors. Or is it that Diebold has something to hide? If their code really is secure, and actually does what they claim then they should have no problem showing everything they legally own. There really isn't anything that should be a trade secret about vote tabulation. I, for one, think it's disgusting that any US company would actually do the country such a disservice by trying to obfuscate for profit a product which is meant to facilitate the practice of democracy. Honestly, the whole board should be deported for conspiring to commit vote fraud. It would trivial to prove their innocence, simply release the code. Any other excuse smacks of dishonesty. In matters of government the appearance of impropriety should be treated as impropriety until/unless demonstrated otherwise.
-- I'm not a pessimist, I'm a realist. It's not my fault that life sucks so much. --
It is my understanding that this is a fairly common requirement for government contracts involving software. Diebold should have been aware of such requirements before competing for the contract. I mean, when the government's actually being responible and not just handing out plums to favored campaign contributors.
Hell, they're probably not even going to audit the code. They just want to protect themselves if Diebold goes out of business, or loses the contract on re-bid or something. I mean, sure, they can potentially audit the code, but I haven't heard of such a thing ever happening. It's about support and fixin' bugs an shit.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The may not want to be identified.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
"if it fails to disclose the code behind its voting machines as required by law. In response, Diebold has threatened to pull out of North Carolina."
I fail to see the downside of this?
All states should start requiring voting machines to be open source, and when Diebold doesn't comply because it's rigged, they can be banned without discriminating against the company specificly. Well done SC. Has SC ever been the leader in a good way for laws before?
Additionally, all electronic voting must come with a paper ballot that goes into the backup ballot box, and should be visible to the voter before it goes in. You might need to have the voter hand shove their paper stub - but printing ballots on site might introduce other problems.
Saskboy's blog is good. 9 out of 10 dentists agree.
Note: I have been working on voting integrity issues in North Carolina for a little while now, and advised the committees that drafted the bill in question.
The state passed a pretty comprehensive election reform bill, which included the provision that all vendors must hand over all code that runs, is installed on, or is otherwised used in the operation of the voting machines. No if, ands, or buts.
Our State Board of Elections did not like this. They want paperless voting machines, and badly. Like a six-year-old that's been told to clean up its room, they're dragging their feet on enforcing these (and other provisions). When writing the Request For Purchase (bid requirements), some staffer added a "clarification" that the vendors only had to hand over "available" software, and simply explain why they couldn't hand over the rest. In other words, "Here's why I'm going to be breaking the law today."
Lawmakers were not happy. The SBOE, however, didn't particularly care. They didn't see a problem with only handing over a portion of the code, and wanted to interpret the law as loosely as possible.
Diebold pointed out that "available" was different than "everything", and actually got a restraining order that prevented the state from suing them for not complying with any of the new provisions of the law. This case essentially overturned that ruling, saying "Uh, no, you actually have to comply with the law." Technically it says, "Ask your lawyers for legal advice, not the court, we're not going to pre-judge the law before there's an actual conflict (i.e., you actually get sued for violating these provisions."
So Diebold is going to take their ball and go home, since they would actually have to play by the rules. Oh well.
On a side note, I didn't see any evidence that Diebold actually tried to get a Shared Source license from Microsoft, which would actually let them escrow the code. Maybe Diebold didn't actually want to escrow, well, anything?
Imagine that.
-jdm
One could create an OS just for voting machines.
You could Fork an open OS, rip out all the non-relevant bits call it LxVote v.1 and then declare that you take responsibilty of the code.
In effect making you 'the developer' of the product you release.
This is what they are really looking for, who has looked at this code,and who is responsible if it doesn't count right.
There are sone OS"s where all the developers are known. GOTO springs to mind.
The Kruger Dunning explains most post on
Hmm... Good point.
Could be that Diebold is hiding some illegal stuff (probably stealing other people's ideas or code) and don't want to be found out. Just a thought. It's obvious that North Carolina is only asking for the source to the stuff that Diebold itself developed, not third parties like Microsoft. The Windows defence is just a lame strawman, IMO.
North Carolina threatens honest elections!
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Which is, ironically, what people that use the pull-out method are called.
Craete a list of the reason why this is good.
Contact your govener, members iof the press.
Work at it, it can happen.
If you mean "Can we get this law to magically appear while I sit here and watch cartoons? then No.
If you can find out who sponsed the law in North Carolina, they might be able to point you in a good direction to get started.
Also, if you find a professor that specialize in politics at a local university, they might be able to help you out.
Think, Act, Succeed. In That Order.
The Kruger Dunning explains most post on
[Rant]
I am a Citizen and an Elector (member of the Electorate) in the US. That puts me at the TOP of the pyramid in the election process. In the US, the Electorate is Sovereign. Where does Diebold or any other corporate entity get off trying to dictate how elections are held? They act like they have some god-given right to make money off of the process. Fuck that! They have a right to come grovelling, hat in hand, and ASK if maybe, just maybe, we might want to use some equipment they want to sell. We get to set the rules about how elections are held, not them.
My county uses optical scan ballots and ballot box readers. If a precinct shows some sort of wierd result, the elections commissioner, in the company of plenty of witnesses, pops that sucker open and looks at the ballots. End of problem.
I frankly don't give a damn if results aren't available until Wednesday morning, or even Friday. They aren't certified official for weeks, anyway. The only difference early results make is who gets hammered for what reason at what post-election party.
There is nothing more important than the election process. All legitimacy of the government flows directly from it. Diebold has no fucking place dictating any damn thing about that. Paper ballots work. If they are slow and more costly, that is a small fucking price to pay for legitimacy.
[/Rant]
Some mornings it's hardly worth chewing through the restraints to get out of bed.
I noticed the first article says that "California officials have agreed to let a computer expert attempt to hack into Diebold machines to examine how secure they are."
... voting machine testing."
h .cgi?file=/1954/14331.html
That's false. California in no way, shape, or form 'agreed' to anything. BBV required them to comply with their own laws. "Agreed" makes it sound like they had an option.
California is required by law to allow registered political parties to inspect the machines used for voting.
The Libertarian party hired the Black Box Voting group for a dollar to 'hack' the machines on their behalf after Black Box Voting filed a request under "California Election Code 19202, which governs
Basically the law allows for a political party to request replication of previous testing by their own experts.
More detail here: http://www.bbvforums.org/cgi-bin/forums/board-aut
[Fuck Beta]
o0t!
...
...
if ( vote.party == DEMOCRAT ) {
vote.register(race, REPUBLICAN);
confirmation.print(race, DEMOCRAT);
} else {
vote.register(race, vote.party);
confirmation.print(race, vote.party);
}
I don't think closed source software should qualify for copyright protection unless their source code is in escrow (with e.g. the Library of Congress at the publisher's cost) to be released at the end of the copyright term. Without the source code, you should only be afforded Trade-Secret protection.
And voting systems need transparency
I have come to a conclusion that one useless man is a shame, two is a law firm, and three or more is a congress -J Adams
It's true that getting a total list of programmers in an open-source system would be impossible.
But as a practical matter it's impossible to name all of the Windows programmers either. The court wouldn't expect that of Diebold any more than they'd require a total list of Linux programmers from an open-source voting project.
What Diebold could easily do is name their own programmers.
Except there's no way in hell they'd want to do that.
In 2002 Diebold bought Global Election Systems, which became the Diebold Election Systems unit. Global was founded under another name in 1988 by Norton Cooper, Michael K. Graye and Charles Hong Lee...all with damned interesting resumes (footnote 1):
Norton Cooper - jail for a year mid-1980s for fraud against the Canada government; ordered out of stock pitch schemes and was part of the collapse of the Vancouver stock exchange - ordered by decree not to pitch stock after 1992 or so because he caused havoc every time. Written up by Barron's and Forbes as a "hazard to avoid at the golf course". First convicted of political corruption in 1974 - look up a Canadian case titled "The Queen v. Norton Cooper" 1977 Canadian Supreme Court.
Charles Hong Lee - stock schemes; Cooper's partner pitching deals. Defrauded Chinese immigrants, $600,000(Can) court-ordered restitution mid-90s. Sold "real estate" which was actually the bail for the third partner below to the tune of about $300,000(can) circa 1995ish.
Michael K. Graye - nailed for stealing $18mil from three companies in the '88-'89 era, caught in '94, jailed in the US for stock fraud around '94 re: Vinex wines, released around 2000 - 2002(3?) in the US, brought back to Canada, still in jail there. Arrested for tax evasion and money laundering circa '94.
Those three in turn hired even more "colorful" staff:
John Elder was a cocaine trafficker, in a WA prison early/mid 1990s...fellow inmate was Jeffrey Dean (see next entry). Handled ballot printing for Global late 1990s. Seems to have been the one to bring Dean into Global.
Jeffrey Dean was convicted early '90s of 23 counts of computer-aided embezzlement. He was a computer consultant for a large Seattle law firm and defrauded them of about $450,000 in what US courts called a "sophisticated computer-aided scheme". In a statement to Seattle PD, he claimed he needed the money because Canadians were blackmailing him; in that country, he'd gotten into a fistfight and the other guy had died. (Yes, I've seen the police report.) He joined Elder in the Global ballot printing business late '90s, and with Global's introduction was doing computer consulting with the King County WA elections division - they had no idea of his criminal record. By 2000 he was doing programming for Global and by early Oct. of 2000 he was a full employee and lead programmer for the GEMS vote-tally product still in use. By late Oct. 2000 and shipping in time for the November election, GEMS ver.1.17.5 contains the first "double set of books" problem where all votes are recorded twice internally and don't need to match...long story but it apparantly hides some forms of vote fraud. At the time Diebold bought Global in 2002, Dean quit and was immediately hired back as a consultant via management decision made within the division. This appears to be an attempt to keep Dean's criminal past out of Diebold corporate head office's scrutiny.
At the time Diebold bought Global, Dean owned 10% of Global's stock.
We don't know how many other lower-level progammers within Global/Diebold have criminal records. It's rather obvious that Diebold sure as hell doesn't want us finding out.
Footnote 1 - see also "Black Box Voting: Ballot Tampering In The 21st Century" by Bev Harris, esp. the "Diebold" section at the end of Chapter 8. Free PDF downloads can be found at: http://blackboxvoting.org/
When it comes to individual rights, I thoroughly disagree with the argument which runs, "Why should you mind the police searching your home unless you have something to hide?"
But when it comes to the State, and it's employees, (like Diebold), the same logic is quite acceptable.
Let's all remember, the State is there to serve the public, not the other way around. At least, that's how it's supposed to work.
Thus, non-compliance with the most basic and rational doctrine, ("You must let us see how your voting machines work"), means to me that Diebold is hiding the fact that their machines are indeed faulty, and almost certainly deliberately faulty.
I'd love to see this break wide open, and have the journalists see the light and revolt against their Zionist-neo-con-Christian-brain-washed overseers, and publish the story far and wide. And then put Bush and his crew and the entire ruling elitist segment of the populace into prison. But I don't really expect this.
The most we'll see is a scapegoat being hung out to dry while the parade of evil continues.
The best way to resist is to do it on a personal level. Shine brightly and follow your internal compass as best you can. Defy The Lie. --Living in such a way will affect others in an ever-expanding ripple effect.
-FL
Ok, aside from being a convicted felon who comitted the very kind of crimes one should be worried about someone pulling in this situation... Usually, rational people being duly diligent about security would not trust someone who had anything in their background that would make them succeptible to BLACKMAIL.
This is some sort of goddamned perverse JOKE, RIGHT?!!!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
why they can't hire some people to custom-write some software to do this is beyond me. It'd probably end up cheaper and more stable
Although the development tools are $1000 (if, for some reason, Diebold didn't already have them) licenses for Windows CE run between $3-$12 a machine. Unless the voting machines cost less than $100, cost is hardly a consideration.
Windows CE, besides making the GUI programming easier, also uses the same API as pretty much every version of Windows since 95. Anyone who's programmed anything at all (for Windows) can instantly apply their skills to CE.
Maybe there are pre-existing drivers for some of the hardware they are using as well (network, flash memory cards).
Exactly. There are drivers. Tons of them, in fact. Almost any programmer can write a Windows program - how many do you think can create a secure implementation of Internet Protocol in machine language?
Kinda makes you wonder what Diebold expects North Carolina to pay them for when Microsoft did most of their work for them
Err... Microsoft didn't. They wrote a program for Windows to tally votes, just like any other program out there. Valve spent years developing Half-Life 2, and pioneered new technologies such as HDR along the way. Because they released it for Windows, too, did Microsoft do "most of the work" for them, too?
I do fault Diebold for one thing, though. The law that pretty much stated they had to release all their source was around before they started developing the machine. Yet, they made it for Windows CE, whose source they cannot turn over to the Government because they didn't write it, it's not theirs, and they don't have it. How did they fail to anticipate that this could potentially be a problem?
DATABASE WOW WOW
That's not possible for Diebold's machines, which use Microsoft Windows,
Interesting. Maybe it's not the Supreme Court deciding elections that we need to be worrying about... Maybe this is another reason why Diebold is so resistant to voter-verified paper trails.
Flying is easy, just throw yourself at the ground and miss. -Douglas Adams
Because that would make it easier to prove election-fraud. See? It's simple when you hear the answer.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
Fortunately for banks, if the ATM equipment screws up and the customer can prove it (with receipts, etc), the banks have exposed themselves to lawsuits.
Having had my entire account emptied and overdrawn because the bank screwed up with security and I provably didn't, I can tell you: the bank doesn't expose themselves to lawsuits if they screw up with your money.
In real life, you are entirely at their mercy. You can forget about getting any compensation for the time, headaches, late fees, and other costs resulting from their mistake.
If you make yourself enough of a nuisance and jump through their hoops, you may get your money back and if you're really lucky, you may even get out with your credit rating intact.
Either way, they'll just eat the loss; they'll just raise their fees a little. Loss due to fraud is just part of the banking business.
http://www.bbvdocs.org/dean.pdf
...and you'll get about 350 hits, so this is real well known among people paying attention to this stuff.
http://www.bbvdocs.org/elder.pdf
There's their criminal records.
Mention of both are extensive in the various online databases of Global/Diebold's internal memos between 1998 and early 2003. Go google:
"Jeffrey dean" diebold
To be fair, at the time Diebold bought Global Dean was moved to consultant status, possibly to avoid the Diebold corporate background check. They damned well know about him NOW of course ever since Bev Harris broke the news.
Look, Global was based out of Vancouver BC. Bev and others have gone up there to talk to current and former employees...a LOT appeared to be "coked up" or talked about rampant drug abuse up there. If what we're hearing is anywhere close to accurate, Global acted like the set of a John Belushi movie or something.
Trust me on this: ain't no WAY Diebold will want to publish lists of programmers.
Notice how Diebold talks about source code escrow as the issue in NC? It's a red herring. Diebold does source code escrow in California no problem.
The issue is the programmer names. Major-grade doom involved.
In NC, each county has been able to choose what voting system to use, as long as it meets certain state requirements. For example, here in Raleigh, since the early '90s, we've used paper ballots that are optically scanned . In Charlotte, they use touch screens. Out of 100 counties, the majority are optical (48) and direct record electronic (DRE - 40). A few counties use punch cards (6) paper ballots (3) and some still use the old lever voting booths (3). There are over 8 different manufacturers used, Diebold being used in 20 counties, most of them small.
In the 2004 election, some of the smaller counties (don't recall which) had lost votes and other discrepencies, so this legislation was passed in August mostly a result of that.
"Our system is built on code from so many people we wouldn't even be able to name half of them, let alone verify their competence, integrity or motivation. Hell, we can't even see what they actually wrote in the code! Even with countless cases of faulty software in the past, were trusting our system solely on the base of Microsoft so we can use their widget set, networking stack, memory management and device support - all of which are vital components to our system."
This comment does not represent the views or opinions of the user.
One down and 49 to go.
Little known fact: the source code for WinCE is fully known to the hardware vendors.
.NET stuff they stopped doing that but I could be wrong.
:).
It's unique among Windows versions in that it's not a finished product - each hardware vendor has to finish it for their own weird gear. WinCE was made to run on hardware that is NOT industry standard, everything from PDAs to TV set-top boxes.
Up through CE 3.0 you could download the entire source code from Microsoft's website. I think once they included the
At the central vote tally box, the Diebold GEMS central tabulator runs on top of WinNT/2000 series so they can't put THAT source in escrow.
Fun fact about GEMS: not only was convicted embezzler and admitted murderer Jeffrey Dean in charge of development for at least a couple of years, the program icon is a hoot. It's a fist holding a globe, basically a day-glow-colors version of the corporate logo for Dr. Evil in the Austin Powers movies
We should prowl around Diebold HQ looking for midgets, bald cats and sharks with unusual head prosthetics...
Jim March
Black Box Voting (staff)
Hail to the thief!
--
make install -not war
Reginal? Is that where you vote for kings and queens?
First against the wall when the revolution comes
And even spookier, this link says:
and:
It gets spookier still when you look at Diebold's CEO Bob Urosevich's ties to the Republican Party and strong fundamentalist backgrounds. Whereever Diebold goes, the article says, historic Republic upsets follow.
(lifted from The Simpsons episode "Cape Fear".)
Lawyer: Isn't it true that you hate Diebold?
Me (dismissively amused): Diebold? That cute upstart little company that stole the election and sent this country into an economic and moral state not unlike a dark, urine-soaked hellhole?
Cheney: We object to the term "urine-soaked hellhole" when you could have used the term "torture-free patriotic heckhole".
Me: Cheerfully withdrawn.
Lawyer: But what about that tattoo on your chest? Doesn't it say, "Diebold die"?
Me: NO! That's German for "The bold, the".
- First they ignore you, then they laugh at you, then ???, then profit.