Slashdot Mirror
Sequoia Threatens Over Voting Machine Evaluation
enodo writes "Voting machine manufacturer Sequoia has sent well-known Princeton professor Ed Felten and his colleague Andrew Appel a letter threatening to sue if New Jersey sends them a machine to evaluate. It's not clear from the letter Sequoia sent whether they intend to sue the professors or the state — presumably that ambiguity was deliberate on Sequoia's part. Put another clipping in your scrapbook of cases of companies invoking 'intellectual property rights' for bogus reasons." Sequoia seems to be claiming that no one can make a "report" regarding their "software" without their permission.
I am sure the state of New Jersey can tell Sequoia to accept this investigation or say good-bye to any certification. Sequoia is just making themselves look bad and like they have something to hide.
Jumpstart the tartan drive.
Yes, that is *exactly* what we want Sequoia to do. Sue a Priceton professor & *security* researcher.
Bullet. Meet foot.
There is a war going on for your mind.
It's not clear from the letter Sequoia sent whether they intend to sue the professors or the state -- presumably that ambiguity was deliberate on Sequoia's part.
In other words, this is a scare tactic with nothing to back it up, pure and simple. If Sequoia thought the would have had actual grounds to sue, you can bet that they would have been chillingly specific in their letter.
When people resort to these sort of tactics to attempt to dissuade you, you can be assured you're doing something right.
____
~ |rip/\/\aster /\/\onkey
and see that the only reason Sequoia is pissed off is that they either
a. are afraid that there are gaping security holes in their machines
b. KNOW that there are gaping security holes in their machines
all the privacy zealots will no doubt say that my "if you have nothing to hide you have nothing to be afraid of" mentality is misguided, but let's take a step back and see what is on the line here. this is NOT about personal data, this is about objectively evaluating the security of a device that is going to be used in a VERY public fashion. do lamp makers threaten Underwriters Laboratories for wanting to make sure their device works as intended?
In Soviet Russia jokes are formulaic and decidedly non-humorous.
That's often the results with certain voting machines.
The Mothership
Just speechless.
:(
You are speechless for the right reasons but the majority of the American public will be speechless for another and far more unfortunate reason
"non compliant analysis"? whats the betting that the only compliant analysis gives it an A-OK rating.
/. for this thread? absolute cobblers.
thats like car salesperson attempting to sell you a car but only if you agree to take his word that it works and he'll sue anybody that you bring in to check the engine. if ever there was a warning bell not to buy their equipment that was it.
whats next? DMCA action against
Yes, but nothing is stopping Sequoia from being hung in the court of public opinion.
Sure there is, apathy.
Maybe that's how this happened. Some clueless board member demands something to be done, slamming his first on the table. The task gets assigned to the CEO, who assigns it to the lawyers, who do "something" that will appease the chain of command all the while knowing how useless it is.
Tsunami -- You can't bring a good wave down!
If this gets thrown out, it will really dent future attempts to use methods like this to shield shoddy products.
If you ask me, Sequoia has been given some very bad legal advice. Didn't anyone stop to think about the public relations nightmare this would cause? Not to mention damage to their business.
Any voting system should be verifiable by any member of the voting populous. Having a PhD in computer science should not be prerequisite for understanding the voting system. You also shouldn't have to take somebody else's word for it either. Pen and paper hand counted ballots make sense, because anybody can see exactly what's going on, and fully understand the process. If voters don't understand the voting system, then they might as well not even be voting.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
If anybody thinks this issue is about EULAs, they need to pull their head out of the sand.
This is about the future of democracy. These voting machine vendors are stripping transparency, security, and auditability out of our elections. None of us should give a damn what licensing agreement Sequoia wrote.
IANAL but I am reasonably confident that Sequoia cannot successfully sue Felten. They may be able to sue New Jersey for breach of contract if in fact they have a contract with New Jersey that forbids such reviews. That may be the case - I believe that the license for MS Windows Server forbids reviews not approved by Microsoft. If there is such a contract, it would be interesting to see if it holds up in court. The "no review" provision is arguably void as being contrary to public policy.
Felten, however, has no contractual relationship with Sequoia and therefore cannot be in breach of contract. Sequoia therefore cannot sue him unless they can come up with another cause of action. Maybe, just maybe, they could sue him for disclosing trade secrets, if New Jersey has really nasty trade secret laws.
> but if they can help a democrat steal an election...
And what's your opinion if it's helping a republican steal an election?
Whatever response you give me, the words "a democrat" did not need to be in your post. Stealing an election is WRONG, whether it's a democrat or a republican. You took a very good post and diminished it with a bit of partisanship. I notice that you said "democrat" where usually the party affiliation is capitalized, so maybe you're scooting by on a technicality. But at that point we're parsing to the degree that we criticize politicians for.
The living have better things to do than to continue hating the dead.
The problem is the lack of even a single impartial ballot counter. Whereas an expertly designed and reviewed machine can be reasonably guaranteed to be bias-free.
Fixing elections is not something that has been enabled by new technology. The problem here is that the technology was supposed to reduce the fraud and inaccuracies, but it turns out it's just as hackable as the old pen & paper or punchcard systems despite the higher cost.
That's why the ballots can be counted, or viewed by multiple parties, who should all agree on the final counts. Anybody should be allowed to stand around and watch the counting. I'm not saying that no fraud would happen, because it's happened in the past, and it will happen in the future. I'm just saying that it should be obvious to the voting public when fraud is happening. The problem with machines, is that even if they are verified, it's impossible to know what code is running on it when you walk up to it on election day. Think of game consoles. They try to make it so you can only run licensed content. But people always find a way to run homebrew/pirated games. You can verify the machine all you want. There's no guaranteeing that the same machine will actually be used on election day. You could probably even put a completely different machine in front of people on election day, possibly in the same casing, although that's not even necessary, and people wouldn't even know they were using the wrong machine, because each polling district uses different machines.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
and you too.
If their contract declares as such then they are in the right.
However, it should be a requirement at the state level, if not federal, to require this sort of outside verification and study. If a manufacturer does not agree to it then they should be considered for the application. Fair is fair.
Don't want to be hold accountable then don't expect our money.
I am quite sure some other company will step forward if there is money to be made and their intellectual property rights are protected. I am all for testing and certification by outside groups but I also realize that there is investment here and that needs protected first. What must come first is OUR rights, our rights to know that outside experts have certified a solution and future implementations will protect our vote. Surely some company will step up to this for the money. Maybe it will be the kick in the pants for some group already in place to do so.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
...have I got this straight?
Their voting machines are paid for by public dollars, used by the majority of the members of the public, to elect public officials, and they claim evaluation of their software cannot occur without their "permission"?
Their voting machines are SOLD (or maybe leased) to the government agencies that operate elections and have a contract specifying terms of use. They're claiming the contract forbids the sort of investigation that is proposed.
Now perhaps there are indeed such terms in the contract. In which case the New Jersey secretary of state (or a past one) made an unwise decision. Nevertheless, the state has a duty to insure that the system is not defective. Inspecting its operation, including that of the software if there is any question about its functionality (or even if there isn't, just to check), is obviously a part of that duty, and being inspected is obviously part of what it is to be a voting machine. So such contract terms, if present and interpreted as Sequoia claims, are clearly unconscionable. On that basis the state should be free to ignore the clause.
Alternatively, if the clause were to stand the resulting terms of use would make the machines "unsuitable for the intended use", violating the implied warranty of fitness. So the state could return them for a full refund. B-)
It would be interesting to see what would happen if Sequoia actually sued. If the contract specified interpretation under the laws of New Jersey (or didn't specify jurisdiction) the state might just refuse to be sued. B-) If it specifies another state (or they sue in their own) it would still be a funny show.
As for suing the professor, either he's acting as an agent of the state (in which case they're suing the state) or he's not (in which case he has no contract with them to enforce.) In the latter they'd have to go after him for something like DMCA violations or some part of contract law I'm unaware of.
Of course IANAL - and especially not a contract lawyer. So take the above with a suitable quantity of salt. B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Sequoia welcomes all such responsibly executed review activities.
... if they've nothing to hide ...
Obviously they don't. Anyone claiming that Ed Felten is unable to responsibly execute such a review should have her head examined. More to the point however, it is equally obvious that they are very much aware of Professor Felten's reputation, and would very much rather he didn't execute a responsible review of their equipment.
Hey
The higher the technology, the sharper that two-edged sword.
No, it's not the same problem. It's easy for people to watch the movements of pieces of paper, make sure they end up where they belong, and count them. It's much harder to do the same with electrons.
The solution for paper ballots is based on four principles: transparency, adversarial conditions, counting everything in a way that, if done right, makes double-entry accounting look like a random number generator, and decentralization.
Transparency means that every step of the process is done in the open, with multiple people watching. Adversarial conditions means that the people watching include representatives (i.e. campaign workers) of all candidates, who are highly motivated to ensure that the others don't cheat. In Scotland, for example, each candidate can even apply their own seal to the ballot boxes in addition to the electoral commission's seals, so they can verify for themselves that boxes haven't been swapped, opened, or lost. A fraudster would have to be able to duplicate the seals of every political party in addition to the electoral commission.
As for counting, every ballot paper must be accounted for. Polling stations start with a known number of blank ballots (verified by all candidates) and they must count the number of ballot papers issued, used, spoiled, and not used, as well as the number of ballots that end up in the ballot box, and if the numbers don't add up right then one can deduce that funny business is going on.
Finally, decentralization is important. With safeguards in place, it may still be possible to cheat in a few locations (although you'd have to get campaign workers from all sides to look the other way), but widespread fraud serious enough to steal a whole election becomes extremely difficult. It is difficult to compromise the process in many locations at once. And even though the central counting facility receives the counts from each polling station and adds them up, it can be made to echo the numbers back and discrepancies can be spotted. A centralized electronic system, though, can be compromised at the center, you don't have to take over every polling station.
"It is the exact same problem."
Hardly.
Think of the issues in logistical terms. In a paper-ballot system, tampering with a ballot box in such a way as to make any appreciable difference in the vote result would require tools, materials, physical access and a certain amount of time and effort within a relatively small window of opportunity.
With an electronic system, if the state isn't allowed to run simulated elections or do detailed inspection of the voting machine and software, the window of opportunity for tampering is huge, the potential for altering the result is high, and the risk of detection is minimal.
Financial systems rely on the fact that the transactions aren't anonymous. Money always goes from one account to another. In the voting process, it's (supposed to be) completely anonymous. A bunch of people come in, and bunch of votes are cast, but nobody should be able to tell who voted for who. Imagine the same with a bank, where deposits have to be made to the correct accounts, but you can't verify which account they are coming from.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
If impartial ballot counter can't be found, how do you expect to find impartial software/hardware designers and reviewers?
At least ballot counters and monitors can be relatively unskilled. You can get a bunch of them with different biases and divide them up into teams to provide checks and balances. Harder to find a whole bunch of designers and reviewers and have them check on each other.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood