Slashdot Mirror
Diebold Threatens to Pull Out of North Carolina
foobaric writes "A North Carolina judge ruled that Diebold may not be protected from criminal prosecution if it fails to disclose the code behind its voting machines as required by law. In response, Diebold has threatened to pull out of North Carolina." From the article: "The dispute centers on the state's requirement that suppliers place in escrow 'all software that is relevant to functionality, setup, configuration, and operation of the voting system,' as well as a list of programmers responsible for creating the software. That's not possible for Diebold's machines, which use Microsoft Windows, Hanna said. The company does not have the right to provide Microsoft's code, he said, adding it would be impossible to provide the names of every programmer who worked on Windows."
Diebold forced out of North Carolina.
"Under pressure to comply with State Law, Diebold insead chooses to leave the field to its competitors."
"Piter, too, is dead."
This is why Microsoft Windows is not a good choice for embedded systems. System designers should choose an unecumbered system such as Linux or BSD, particularly if any kind of security is required, like for voting or banking.
:)
It suprises me that Diebold fails at this stuff so badly, considering how they've been doing it for years. I cringe every time I roll up to an ATM with their name on it. Luckily, my bank uses mostly NCR hardware
Something must be very wrong if the supplier is threatening the customer. What happened to the free market? If Diebold don't want the business, I'm sure another enterprising company will appreciate it.
Bogtha Bogtha Bogtha
God, Southerners have the coolest names.
Gee, that would be such a shame if that were to happen. I mean, North Carolina needs voting machines that are compromised by design, made by a company that has a vested interest in who wins the election, right?
Oh, whatever is North Carolina to do without voting machines made by an upstanding company like Diebold? Why, their voters might have to use the old paper ballot system instead! The horror!
Please stay, Diebold! Only a good rigged election can give us confidence in democracy!
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
Windows CE source code is availablei censing/WindowsCE.mspx
http://www.microsoft.com/resources/sharedsource/L
With Windows CE, "OEM customers worldwide can create and distribute commercial derivatives of the Windows CE 5.0 operating system source code for shipping in commercial devices without notifying Microsoft or sharing their derivative works with the embedded community."
Diebold is frequently dinged for their ATMs whenever this topic arises. There are many fair criticisms and accusations against Diebold - this is not one of them. Banking termials are a fundamentally different set of problems than those presented by voting. Hell, aside from that, ATMs can depend on a well-connected private backbone network, with company owned lines and premise equipment.
The Diebold voting outfit was an aquisitio of a startup company, that was demonstrably lax in design and practices. The system cobbled together, of mostly desktop-oriented COTS was little more than a system for demonstration purposes, meeting almost no "behind the scenes" requirements that most anyone could have proposed. I would go as far as to say that this effort was, in likelyhood, a swindle.
Diebold is culpable for aquiring them - after a technology assessment - and continuing in this fashion. Possibly with the intent of enabling fraudulent vote recording and tabulation. Certainly Diebold "stonewalls", misrepresents and obfuscates every attempt to legitimately investigate their capability, practice and compliance.
But I don't worry about their ATMs!
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
It is my understanding that this is a fairly common requirement for government contracts involving software. Diebold should have been aware of such requirements before competing for the contract. I mean, when the government's actually being responible and not just handing out plums to favored campaign contributors.
Hell, they're probably not even going to audit the code. They just want to protect themselves if Diebold goes out of business, or loses the contract on re-bid or something. I mean, sure, they can potentially audit the code, but I haven't heard of such a thing ever happening. It's about support and fixin' bugs an shit.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
In fact, where advancement is needed the most, the incentive for profit is increased, because, unsurprisingly, the chance for big rewards leads people to take big risks.
Risks are called that for a reason. If Boeing wants to take risks developing an aircraft that's their buisness. We're not (supposed to be) obligated to buy it - and if it crashes into the desert, it's abundantly clear that it didn't work.
But voting machines are a different beast. If they don't work (and this is only more of a problem without a paper trail) it's very difficult to prove it. So the real question is this -- do we want people taking risks with the electoral process?
Ultimately there needs to be some metric by which Diebold's (and it's competitors') machines are judged. In the absence of that metric, a free market is impossible and they are quite literally taking risks with our Republic.
Killfile(TGK)
No trees were killed in the creation of this post. However, many electrons were inconvenienced.
Diebold is trying to interpret the statute to mean more than it says.
NC doesn't want to know who coded Windows or to get Windows source code: NC wants to see the software package that tracks and tallies the votes. Yes, you could try to stretch the meaning of the statute, but NC isn't trying to do that: Diebold is trying to in order to claim that compliance with the statute is impossible.
The real issue here is that Diebold doesn't want NC to see what's in Diebold's code. Makes it awfully suspect to me...
Life is short: void the warranty.
I am in the banking business, in IT. I work in downtown Manhattan, at a bank that probably has some of your money in it.
When the voting systems thing hit I got interested in them. They are a vendor we do business with and I started informally asking questions around the watercooler, seeing if the old guys have any stories. For instance, have we ever had security issues with their equipment, etc?
We have. And the stories. Oh, my god, the stories. It's enough to bring tears to your eyes. They've blown it in such amazing, over-the-top ways, you wouldn't believe me if I told you. What I take away from all this is that the only reason many financial institutions stay in business is the (ongoing) laziness of criminals.
So in other words, worry about their ATMs. Worry about anybody who does business with these guys. Before "paperless voting" Diebold was just another bunch of well-connected old white men swindling their buddies with 3rd rate code. But now they're just plain shady.
[Rant]
I am a Citizen and an Elector (member of the Electorate) in the US. That puts me at the TOP of the pyramid in the election process. In the US, the Electorate is Sovereign. Where does Diebold or any other corporate entity get off trying to dictate how elections are held? They act like they have some god-given right to make money off of the process. Fuck that! They have a right to come grovelling, hat in hand, and ASK if maybe, just maybe, we might want to use some equipment they want to sell. We get to set the rules about how elections are held, not them.
My county uses optical scan ballots and ballot box readers. If a precinct shows some sort of wierd result, the elections commissioner, in the company of plenty of witnesses, pops that sucker open and looks at the ballots. End of problem.
I frankly don't give a damn if results aren't available until Wednesday morning, or even Friday. They aren't certified official for weeks, anyway. The only difference early results make is who gets hammered for what reason at what post-election party.
There is nothing more important than the election process. All legitimacy of the government flows directly from it. Diebold has no fucking place dictating any damn thing about that. Paper ballots work. If they are slow and more costly, that is a small fucking price to pay for legitimacy.
[/Rant]
Some mornings it's hardly worth chewing through the restraints to get out of bed.
Or how about you send each registered voter a voting card, which they hand in at a polling station on election day. They get given a voting paper, go into a booth, mark and seal their paper, then drop it into a black box. Votes are then counted by hand later. Say, that could work
The problem with that is that the votes get counted by a human being and human beings have prejudances. Anybody who tells you that they are 100% impartial is lying.
Care to tell me what exactly is wrong with the lever based voting machines that New York has used for the last 40 years? The voter signs in -- if there are any problems they get challenged by an inspector (very rare) -- they go into the machine, they pull down levers, the votes are counted and that's it.
The way some other states (Florida) do elections dumbfounds me. In NYS you are allowed to take anybody into the poll with you other then your employer or union offical. I watched party hacks challenging 85 year old voters in Florida because they asked their 60 year old children for help. WTF is that nonsense? And ID requirements? Yeah, that isn't a way to screw over poor people who might not have a drivers license or DMV ID -- last time I checked those cost money.
In NYS now you are required to give your social security number or drivers license number at the time you register. The State verifies your information against the SSA or DMV database. If you can't provide that information then and only then do you get flagged for ID. And after you have showed it once then you never need to show it again. What's the problem here? There isn't much room for fraud -- in most of the districts the elections inspectors know most of the voters. And we have the right to challenge anything suspicious.
How the hell can other states fuck this up so badly?
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
It's true that getting a total list of programmers in an open-source system would be impossible.
But as a practical matter it's impossible to name all of the Windows programmers either. The court wouldn't expect that of Diebold any more than they'd require a total list of Linux programmers from an open-source voting project.
What Diebold could easily do is name their own programmers.
Except there's no way in hell they'd want to do that.
In 2002 Diebold bought Global Election Systems, which became the Diebold Election Systems unit. Global was founded under another name in 1988 by Norton Cooper, Michael K. Graye and Charles Hong Lee...all with damned interesting resumes (footnote 1):
Norton Cooper - jail for a year mid-1980s for fraud against the Canada government; ordered out of stock pitch schemes and was part of the collapse of the Vancouver stock exchange - ordered by decree not to pitch stock after 1992 or so because he caused havoc every time. Written up by Barron's and Forbes as a "hazard to avoid at the golf course". First convicted of political corruption in 1974 - look up a Canadian case titled "The Queen v. Norton Cooper" 1977 Canadian Supreme Court.
Charles Hong Lee - stock schemes; Cooper's partner pitching deals. Defrauded Chinese immigrants, $600,000(Can) court-ordered restitution mid-90s. Sold "real estate" which was actually the bail for the third partner below to the tune of about $300,000(can) circa 1995ish.
Michael K. Graye - nailed for stealing $18mil from three companies in the '88-'89 era, caught in '94, jailed in the US for stock fraud around '94 re: Vinex wines, released around 2000 - 2002(3?) in the US, brought back to Canada, still in jail there. Arrested for tax evasion and money laundering circa '94.
Those three in turn hired even more "colorful" staff:
John Elder was a cocaine trafficker, in a WA prison early/mid 1990s...fellow inmate was Jeffrey Dean (see next entry). Handled ballot printing for Global late 1990s. Seems to have been the one to bring Dean into Global.
Jeffrey Dean was convicted early '90s of 23 counts of computer-aided embezzlement. He was a computer consultant for a large Seattle law firm and defrauded them of about $450,000 in what US courts called a "sophisticated computer-aided scheme". In a statement to Seattle PD, he claimed he needed the money because Canadians were blackmailing him; in that country, he'd gotten into a fistfight and the other guy had died. (Yes, I've seen the police report.) He joined Elder in the Global ballot printing business late '90s, and with Global's introduction was doing computer consulting with the King County WA elections division - they had no idea of his criminal record. By 2000 he was doing programming for Global and by early Oct. of 2000 he was a full employee and lead programmer for the GEMS vote-tally product still in use. By late Oct. 2000 and shipping in time for the November election, GEMS ver.1.17.5 contains the first "double set of books" problem where all votes are recorded twice internally and don't need to match...long story but it apparantly hides some forms of vote fraud. At the time Diebold bought Global in 2002, Dean quit and was immediately hired back as a consultant via management decision made within the division. This appears to be an attempt to keep Dean's criminal past out of Diebold corporate head office's scrutiny.
At the time Diebold bought Global, Dean owned 10% of Global's stock.
We don't know how many other lower-level progammers within Global/Diebold have criminal records. It's rather obvious that Diebold sure as hell doesn't want us finding out.
Footnote 1 - see also "Black Box Voting: Ballot Tampering In The 21st Century" by Bev Harris, esp. the "Diebold" section at the end of Chapter 8. Free PDF downloads can be found at: http://blackboxvoting.org/
I'm not sure what your problem is with human vote counts. Over here, in Germany, all votes are counted by hand; I've helped with this myself on several occasions.
And there is no way that you could play tricks when counting, either. There'll always be at least six people there at the same time, counting; people who do this are recruited randomly (it's much like jury duty). Furthermore, more often than not, officials from the local administration will be present to oversee the whole thing; and also, the vote counting is open to the public, so everyone who wants to can come in and watch the votes getting counted.
The votes are counted twice, too, so it's relatively unlikely that an error would creep in. If there is any error at all, the whole counting process starts again from scratch.
And finally, the paper ballots are kept for a long period (I know it's a two-digit amount of years, although I'm not sure how long exactly - I'd have to look that up), so *if* someone - anyone! - thinks that the election results are invalid, a recount will be done.
Compare that with the things like the 2000 presidential elections in the USA, where the supreme court ruled that a vote recount was *not* legal - how can you *ever* justify a decision like that? Vote recounts should always be possible.
There's other differences that also give me more confidence in the German voting system; for example, we typically have participation levels around 80 to 85 percent in nation-wide elections, there are no lines when you want to vote (I think the longest I ever had to wait in line to vote in my life was two minutes or so), and you don't have to register to vote - if you're over 18, you'll get a notification in the mail.
So... a paper-based voting system not only can work, but it also can inspire much more confident than an opaque system where you just pull a lever or touch a touchscreen or do something similar without ever knowing how the machine supposed to record your votes actually works - and whether it works at all.
No, electronic voting is a bad thing that needs to be gotten rid of; the whole concept is so open for abuse that it should just be thrown out completely. Even when you have a paper voting trail, who says that the machine recorded the same vote that it printed on your paper slip? The only way to make sure would be to collect the paper slips from *everyone* in the same precinct, but that's pretty much impossible - not to mention that there certainly would be a court again that would forbid it, too.
Stick with paper voting. Everything else is bad for democracy, and voting is such a fundamental process in a democratic system that it should be treated with the utmost care. If you cannot *prove* that the new system you're proposing is not only as safe as the old one but also brings tangible improvements, then it shouldn't be adopted, and electronic voting, in whatever form, does neither.
http://www.bbvdocs.org/dean.pdf
...and you'll get about 350 hits, so this is real well known among people paying attention to this stuff.
http://www.bbvdocs.org/elder.pdf
There's their criminal records.
Mention of both are extensive in the various online databases of Global/Diebold's internal memos between 1998 and early 2003. Go google:
"Jeffrey dean" diebold
To be fair, at the time Diebold bought Global Dean was moved to consultant status, possibly to avoid the Diebold corporate background check. They damned well know about him NOW of course ever since Bev Harris broke the news.
Look, Global was based out of Vancouver BC. Bev and others have gone up there to talk to current and former employees...a LOT appeared to be "coked up" or talked about rampant drug abuse up there. If what we're hearing is anywhere close to accurate, Global acted like the set of a John Belushi movie or something.
Trust me on this: ain't no WAY Diebold will want to publish lists of programmers.
Notice how Diebold talks about source code escrow as the issue in NC? It's a red herring. Diebold does source code escrow in California no problem.
The issue is the programmer names. Major-grade doom involved.
Little known fact: the source code for WinCE is fully known to the hardware vendors.
.NET stuff they stopped doing that but I could be wrong.
:).
It's unique among Windows versions in that it's not a finished product - each hardware vendor has to finish it for their own weird gear. WinCE was made to run on hardware that is NOT industry standard, everything from PDAs to TV set-top boxes.
Up through CE 3.0 you could download the entire source code from Microsoft's website. I think once they included the
At the central vote tally box, the Diebold GEMS central tabulator runs on top of WinNT/2000 series so they can't put THAT source in escrow.
Fun fact about GEMS: not only was convicted embezzler and admitted murderer Jeffrey Dean in charge of development for at least a couple of years, the program icon is a hoot. It's a fist holding a globe, basically a day-glow-colors version of the corporate logo for Dr. Evil in the Austin Powers movies
We should prowl around Diebold HQ looking for midgets, bald cats and sharks with unusual head prosthetics...
Jim March
Black Box Voting (staff)