Slashdot Mirror
Diebold Threatens to Pull Out of North Carolina
foobaric writes "A North Carolina judge ruled that Diebold may not be protected from criminal prosecution if it fails to disclose the code behind its voting machines as required by law. In response, Diebold has threatened to pull out of North Carolina." From the article: "The dispute centers on the state's requirement that suppliers place in escrow 'all software that is relevant to functionality, setup, configuration, and operation of the voting system,' as well as a list of programmers responsible for creating the software. That's not possible for Diebold's machines, which use Microsoft Windows, Hanna said. The company does not have the right to provide Microsoft's code, he said, adding it would be impossible to provide the names of every programmer who worked on Windows."
Hmm... Good point.
Hey Diebold, don't let the door hit you in the ass on the way out!
(Not that state regulators which didn't require a voter-verified paper trail up front have qualifications for anything but a prison cell, but hey...)
Tired of Political Trolls? Opt Out!
Diebold forced out of North Carolina.
"Under pressure to comply with State Law, Diebold insead chooses to leave the field to its competitors."
"Piter, too, is dead."
Let's tick this off:
*You are unwilling to
*You do not find it feasible to
*You find it technically impossible to
list the code in and programmers of your mission critical software that could have effects of the national security variety. The first? Maybe just greed. The second? Probably not a good sign. The third? If these people aren't getting the hint, something is seriously, seriously wrong here.
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
This is why Microsoft Windows is not a good choice for embedded systems. System designers should choose an unecumbered system such as Linux or BSD, particularly if any kind of security is required, like for voting or banking.
:)
It suprises me that Diebold fails at this stuff so badly, considering how they've been doing it for years. I cringe every time I roll up to an ATM with their name on it. Luckily, my bank uses mostly NCR hardware
Something must be very wrong if the supplier is threatening the customer. What happened to the free market? If Diebold don't want the business, I'm sure another enterprising company will appreciate it.
Bogtha Bogtha Bogtha
I sense a great disturbance in the electorate... as if millions of voices cried out in... No wait, I'm confusing that with millions of voices not giving a rat's ass. See ya, Diebold.
Help save the critically endangered Blue Iguana
This is simply a situation where closed source software is not the best tool for the job. Diebold is more than welcome to submit an open source solution, or play the the crybaby-going-home-and-taking-my-toy-with-me game.
My only question is how far down do these legal requirements go? If the operating system the voting software is running on needs to be open sourced, what about the hardware firmware? Does it need to be open source as well?
God, Southerners have the coolest names.
I think you guys are really reaching here. I don't see how what OS an application has to do with it. Providing the source code for the application should be enough. If Diebold is really taking this position, I think they are doing so to spread FUD. I don't think the state regulators care about the OS but rather the software used to control the voting machine. For you guys to buy into this is quite unfortunate and you are only helping Diebolds case by being sucked in by it.
Jesus was a compassionate social conservative who called individuals to sin no more.
Or in fact they're sending that message on purpose- that in a democratic country, a closed source voting system is a direct threat.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
it's quite obvious that a company like diebold, with rather vast resources, simply doesnt want the code verified for it voting and manipulation abilities. it is well documented that a variety of backdoors exist within the system including simple ftp access to raw data, and the ability to change it at will by any user. couple that with a nonexistant paper trail or the ability to verify the code does what they say it does. anyone actually recall the huge difference in exit polls and actual count? it was so off that cnn stopped reporting on exit polls, which have a high measure of historical accuracy. so much so that exit polls are used in new voting democracies to determine vote fraud.
i for one do not welcome our new data enabled overlords....
Gee, that would be such a shame if that were to happen. I mean, North Carolina needs voting machines that are compromised by design, made by a company that has a vested interest in who wins the election, right?
Oh, whatever is North Carolina to do without voting machines made by an upstanding company like Diebold? Why, their voters might have to use the old paper ballot system instead! The horror!
Please stay, Diebold! Only a good rigged election can give us confidence in democracy!
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
Windows CE source code is availablei censing/WindowsCE.mspx
http://www.microsoft.com/resources/sharedsource/L
With Windows CE, "OEM customers worldwide can create and distribute commercial derivatives of the Windows CE 5.0 operating system source code for shipping in commercial devices without notifying Microsoft or sharing their derivative works with the embedded community."
as well as a list of programmers responsible for creating the software.
If they were using Linux, do you really think they could provide a list of programmers? I mean come on think of the thousands upon thousands who have contributed, many times without mention...
-everphilski-
Other posters are making a lot of hay over the responsible programmers portion of the statute - obviously, if you need to list everyone who contributed code that would tend to be impossible (although a few projects could probably comply.)
However, I'm fairly sure that you could meet that requirement with a list of the *responsible* programmers - i.e., the people in charge making decisions. Thus, you don't need to list every programmer - the person in charge of your particular embedded system fork ought to be sufficient.
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
that's exactly what their doing. See, they don't want to publish their code, so they point to Windows and say, we can't comply so we're pulling out. They're hoping the state strikes the requirement in response so they can come back in without ever mentioning the integrity or quality of their own code.
Please tell me someone capitalizing on open source voting is standing around to seize the opportunity.
You are checking your backups, aren't you?
"So then what? Back to paper and pens?"
Why not? That's what we use in the UK for all national, reginal and local elections. It's worked well enough for a few hundred years.
No but, yeah but, no but...
And more suspiciously, why are they threatening to leave instead of complying as much as possible? The court (i.e. ruling judge) should be able to apply the law in such a way that Diebold discloses all of their code, and then any remaining proprietary code from other vendors can be handled with those other vendors. Or is it that Diebold has something to hide? If their code really is secure, and actually does what they claim then they should have no problem showing everything they legally own. There really isn't anything that should be a trade secret about vote tabulation. I, for one, think it's disgusting that any US company would actually do the country such a disservice by trying to obfuscate for profit a product which is meant to facilitate the practice of democracy. Honestly, the whole board should be deported for conspiring to commit vote fraud. It would trivial to prove their innocence, simply release the code. Any other excuse smacks of dishonesty. In matters of government the appearance of impropriety should be treated as impropriety until/unless demonstrated otherwise.
-- I'm not a pessimist, I'm a realist. It's not my fault that life sucks so much. --
It is my understanding that this is a fairly common requirement for government contracts involving software. Diebold should have been aware of such requirements before competing for the contract. I mean, when the government's actually being responible and not just handing out plums to favored campaign contributors.
Hell, they're probably not even going to audit the code. They just want to protect themselves if Diebold goes out of business, or loses the contract on re-bid or something. I mean, sure, they can potentially audit the code, but I haven't heard of such a thing ever happening. It's about support and fixin' bugs an shit.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Note: I have been working on voting integrity issues in North Carolina for a little while now, and advised the committees that drafted the bill in question.
The state passed a pretty comprehensive election reform bill, which included the provision that all vendors must hand over all code that runs, is installed on, or is otherwised used in the operation of the voting machines. No if, ands, or buts.
Our State Board of Elections did not like this. They want paperless voting machines, and badly. Like a six-year-old that's been told to clean up its room, they're dragging their feet on enforcing these (and other provisions). When writing the Request For Purchase (bid requirements), some staffer added a "clarification" that the vendors only had to hand over "available" software, and simply explain why they couldn't hand over the rest. In other words, "Here's why I'm going to be breaking the law today."
Lawmakers were not happy. The SBOE, however, didn't particularly care. They didn't see a problem with only handing over a portion of the code, and wanted to interpret the law as loosely as possible.
Diebold pointed out that "available" was different than "everything", and actually got a restraining order that prevented the state from suing them for not complying with any of the new provisions of the law. This case essentially overturned that ruling, saying "Uh, no, you actually have to comply with the law." Technically it says, "Ask your lawyers for legal advice, not the court, we're not going to pre-judge the law before there's an actual conflict (i.e., you actually get sued for violating these provisions."
So Diebold is going to take their ball and go home, since they would actually have to play by the rules. Oh well.
On a side note, I didn't see any evidence that Diebold actually tried to get a Shared Source license from Microsoft, which would actually let them escrow the code. Maybe Diebold didn't actually want to escrow, well, anything?
Imagine that.
-jdm
You haven't read Ken Thompson's famous bit on how to trojan the compiler and a particular application so that you can't find any trace of the trojan in the source code for either one, then? (Was the first hit on a Google for "compiler trojan trust".)
Basically, if you don't have the entire stack, and a completely independent way to compile it, you have no idea what is happening in a completed stack. Especially if the code running at high privilege; you could have your I/O drivers replacing code blocks on load so that the application suite audits correctly.
Look at how much spyware for Windows works by intercepting basic system calls. Unless you have a trustable, independent way of re-creating the software stack, and then verifying that exact stack is actually running on the machine, you've got no reason to trust the box.
So, for any environment where trust is important, almost any operating system is too complicated.
Maybe not "COMMODORE BASIC V2", even though it's from Microsoft.
North Carolina threatens honest elections!
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
[Rant]
I am a Citizen and an Elector (member of the Electorate) in the US. That puts me at the TOP of the pyramid in the election process. In the US, the Electorate is Sovereign. Where does Diebold or any other corporate entity get off trying to dictate how elections are held? They act like they have some god-given right to make money off of the process. Fuck that! They have a right to come grovelling, hat in hand, and ASK if maybe, just maybe, we might want to use some equipment they want to sell. We get to set the rules about how elections are held, not them.
My county uses optical scan ballots and ballot box readers. If a precinct shows some sort of wierd result, the elections commissioner, in the company of plenty of witnesses, pops that sucker open and looks at the ballots. End of problem.
I frankly don't give a damn if results aren't available until Wednesday morning, or even Friday. They aren't certified official for weeks, anyway. The only difference early results make is who gets hammered for what reason at what post-election party.
There is nothing more important than the election process. All legitimacy of the government flows directly from it. Diebold has no fucking place dictating any damn thing about that. Paper ballots work. If they are slow and more costly, that is a small fucking price to pay for legitimacy.
[/Rant]
Some mornings it's hardly worth chewing through the restraints to get out of bed.
It's true that getting a total list of programmers in an open-source system would be impossible.
But as a practical matter it's impossible to name all of the Windows programmers either. The court wouldn't expect that of Diebold any more than they'd require a total list of Linux programmers from an open-source voting project.
What Diebold could easily do is name their own programmers.
Except there's no way in hell they'd want to do that.
In 2002 Diebold bought Global Election Systems, which became the Diebold Election Systems unit. Global was founded under another name in 1988 by Norton Cooper, Michael K. Graye and Charles Hong Lee...all with damned interesting resumes (footnote 1):
Norton Cooper - jail for a year mid-1980s for fraud against the Canada government; ordered out of stock pitch schemes and was part of the collapse of the Vancouver stock exchange - ordered by decree not to pitch stock after 1992 or so because he caused havoc every time. Written up by Barron's and Forbes as a "hazard to avoid at the golf course". First convicted of political corruption in 1974 - look up a Canadian case titled "The Queen v. Norton Cooper" 1977 Canadian Supreme Court.
Charles Hong Lee - stock schemes; Cooper's partner pitching deals. Defrauded Chinese immigrants, $600,000(Can) court-ordered restitution mid-90s. Sold "real estate" which was actually the bail for the third partner below to the tune of about $300,000(can) circa 1995ish.
Michael K. Graye - nailed for stealing $18mil from three companies in the '88-'89 era, caught in '94, jailed in the US for stock fraud around '94 re: Vinex wines, released around 2000 - 2002(3?) in the US, brought back to Canada, still in jail there. Arrested for tax evasion and money laundering circa '94.
Those three in turn hired even more "colorful" staff:
John Elder was a cocaine trafficker, in a WA prison early/mid 1990s...fellow inmate was Jeffrey Dean (see next entry). Handled ballot printing for Global late 1990s. Seems to have been the one to bring Dean into Global.
Jeffrey Dean was convicted early '90s of 23 counts of computer-aided embezzlement. He was a computer consultant for a large Seattle law firm and defrauded them of about $450,000 in what US courts called a "sophisticated computer-aided scheme". In a statement to Seattle PD, he claimed he needed the money because Canadians were blackmailing him; in that country, he'd gotten into a fistfight and the other guy had died. (Yes, I've seen the police report.) He joined Elder in the Global ballot printing business late '90s, and with Global's introduction was doing computer consulting with the King County WA elections division - they had no idea of his criminal record. By 2000 he was doing programming for Global and by early Oct. of 2000 he was a full employee and lead programmer for the GEMS vote-tally product still in use. By late Oct. 2000 and shipping in time for the November election, GEMS ver.1.17.5 contains the first "double set of books" problem where all votes are recorded twice internally and don't need to match...long story but it apparantly hides some forms of vote fraud. At the time Diebold bought Global in 2002, Dean quit and was immediately hired back as a consultant via management decision made within the division. This appears to be an attempt to keep Dean's criminal past out of Diebold corporate head office's scrutiny.
At the time Diebold bought Global, Dean owned 10% of Global's stock.
We don't know how many other lower-level progammers within Global/Diebold have criminal records. It's rather obvious that Diebold sure as hell doesn't want us finding out.
Footnote 1 - see also "Black Box Voting: Ballot Tampering In The 21st Century" by Bev Harris, esp. the "Diebold" section at the end of Chapter 8. Free PDF downloads can be found at: http://blackboxvoting.org/
When it comes to individual rights, I thoroughly disagree with the argument which runs, "Why should you mind the police searching your home unless you have something to hide?"
But when it comes to the State, and it's employees, (like Diebold), the same logic is quite acceptable.
Let's all remember, the State is there to serve the public, not the other way around. At least, that's how it's supposed to work.
Thus, non-compliance with the most basic and rational doctrine, ("You must let us see how your voting machines work"), means to me that Diebold is hiding the fact that their machines are indeed faulty, and almost certainly deliberately faulty.
I'd love to see this break wide open, and have the journalists see the light and revolt against their Zionist-neo-con-Christian-brain-washed overseers, and publish the story far and wide. And then put Bush and his crew and the entire ruling elitist segment of the populace into prison. But I don't really expect this.
The most we'll see is a scapegoat being hung out to dry while the parade of evil continues.
The best way to resist is to do it on a personal level. Shine brightly and follow your internal compass as best you can. Defy The Lie. --Living in such a way will affect others in an ever-expanding ripple effect.
-FL
Ok, aside from being a convicted felon who comitted the very kind of crimes one should be worried about someone pulling in this situation... Usually, rational people being duly diligent about security would not trust someone who had anything in their background that would make them succeptible to BLACKMAIL.
This is some sort of goddamned perverse JOKE, RIGHT?!!!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Because that would make it easier to prove election-fraud. See? It's simple when you hear the answer.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
http://www.bbvdocs.org/dean.pdf
...and you'll get about 350 hits, so this is real well known among people paying attention to this stuff.
http://www.bbvdocs.org/elder.pdf
There's their criminal records.
Mention of both are extensive in the various online databases of Global/Diebold's internal memos between 1998 and early 2003. Go google:
"Jeffrey dean" diebold
To be fair, at the time Diebold bought Global Dean was moved to consultant status, possibly to avoid the Diebold corporate background check. They damned well know about him NOW of course ever since Bev Harris broke the news.
Look, Global was based out of Vancouver BC. Bev and others have gone up there to talk to current and former employees...a LOT appeared to be "coked up" or talked about rampant drug abuse up there. If what we're hearing is anywhere close to accurate, Global acted like the set of a John Belushi movie or something.
Trust me on this: ain't no WAY Diebold will want to publish lists of programmers.
Notice how Diebold talks about source code escrow as the issue in NC? It's a red herring. Diebold does source code escrow in California no problem.
The issue is the programmer names. Major-grade doom involved.
"Our system is built on code from so many people we wouldn't even be able to name half of them, let alone verify their competence, integrity or motivation. Hell, we can't even see what they actually wrote in the code! Even with countless cases of faulty software in the past, were trusting our system solely on the base of Microsoft so we can use their widget set, networking stack, memory management and device support - all of which are vital components to our system."
This comment does not represent the views or opinions of the user.
Little known fact: the source code for WinCE is fully known to the hardware vendors.
.NET stuff they stopped doing that but I could be wrong.
:).
It's unique among Windows versions in that it's not a finished product - each hardware vendor has to finish it for their own weird gear. WinCE was made to run on hardware that is NOT industry standard, everything from PDAs to TV set-top boxes.
Up through CE 3.0 you could download the entire source code from Microsoft's website. I think once they included the
At the central vote tally box, the Diebold GEMS central tabulator runs on top of WinNT/2000 series so they can't put THAT source in escrow.
Fun fact about GEMS: not only was convicted embezzler and admitted murderer Jeffrey Dean in charge of development for at least a couple of years, the program icon is a hoot. It's a fist holding a globe, basically a day-glow-colors version of the corporate logo for Dr. Evil in the Austin Powers movies
We should prowl around Diebold HQ looking for midgets, bald cats and sharks with unusual head prosthetics...
Jim March
Black Box Voting (staff)
And even spookier, this link says:
and:
It gets spookier still when you look at Diebold's CEO Bob Urosevich's ties to the Republican Party and strong fundamentalist backgrounds. Whereever Diebold goes, the article says, historic Republic upsets follow.