Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sequoia Threatens Over Voting Machine Evaluation

Posted by kdawson on from the don't-look-in-there dept.

enodo writes "Voting machine manufacturer Sequoia has sent well-known Princeton professor Ed Felten and his colleague Andrew Appel a letter threatening to sue if New Jersey sends them a machine to evaluate. It's not clear from the letter Sequoia sent whether they intend to sue the professors or the state — presumably that ambiguity was deliberate on Sequoia's part. Put another clipping in your scrapbook of cases of companies invoking 'intellectual property rights' for bogus reasons." Sequoia seems to be claiming that no one can make a "report" regarding their "software" without their permission.

64 of 221 comments (clear)

  1. No permission should be needed by Midnight+Thunder · · Score: 4, Insightful

    I am sure the state of New Jersey can tell Sequoia to accept this investigation or say good-bye to any certification. Sequoia is just making themselves look bad and like they have something to hide.

    --
    Jumpstart the tartan drive.
    1. Re:No permission should be needed by falconwolf · · Score: 4, Interesting

      I am sure the state of New Jersey can tell Sequoia to accept this investigation or say good-bye to any certification. Sequoia is just making themselves look bad and like they have something to hide.

      I agree however New Jersey probably has already paid for the machines. I can't see Sequoia telling the state they can't test them, have them tested scientifically, if they haven't already been paid for. This case can however be used to show other potential buyers just how the company operates.

      Falcon
      --
      Should there be a Law?
    2. Re:No permission should be needed by moderatorrater · · Score: 3, Insightful

      With the company threatening legal action, why even consider going forward with the investigation? Threats usually come from feeling that what you're threatening is dangerous in some way, so it's highly likely there are security problems to be found. Additionally, the state shouldn't even consider using a company that opposes a comprehensive security evaluation.

    3. Re:No permission should be needed by Rick17JJ · · Score: 4, Insightful

      If they do not have enough confidence in their system's security or accuracy to allow it to be tested, then it is not good enough to be used for e-voting. They have just demonstrated that their system can not be trusted.

  2. Sweet. by Jaysyn · · Score: 5, Insightful

    Yes, that is *exactly* what we want Sequoia to do. Sue a Priceton professor & *security* researcher.

    Bullet. Meet foot.

    --
    There is a war going on for your mind.
    1. Re:Sweet. by l2718 · · Score: 3, Interesting

      Actually, threatening Felten with a lawsuit is quite effective. Now actual lawsuit needs to be filed. Since this would be consulting work, not research, he would not be covered by Princeton's Lawyers and will have to fend for himself, which is quite expensive -- so the threat of litigation might be enough to deter him. New Jersey, being a state, cannot be sued without its consent.

    2. Re:Sweet. by rnturn · · Score: 3, Insightful

      But... New Jersey might file a countersuit against Sequoia claiming that they interfering with New Jersey's ability to verify that the machines are suitable for use in actual elections (before the elections are held and found to be invalid). Imagine GM suing a customer because they took their car to a non-GM mechanic to verify that some work had been done properly. I doubt the courts would look kindly on that.

      If I were a New Jersey state elections employee, I'd be looking seriously at returning the equipment, informing Sequoia that it was unsuitable for use, and demanding my money back.

      Finally, I'm guessing that Sequoia isn't all that interested in staying in the electronic voting machine business. This act will pretty much have everyone who's still considering even using electronic voting equipment making a mental note to cross Sequoia off their short list of vendors.

      --
      CUR ALLOC 20195.....5804M
  3. The ambiguity is a dead giveaway. by TripMaster+Monkey · · Score: 4, Insightful

    It's not clear from the letter Sequoia sent whether they intend to sue the professors or the state -- presumably that ambiguity was deliberate on Sequoia's part.

    In other words, this is a scare tactic with nothing to back it up, pure and simple. If Sequoia thought the would have had actual grounds to sue, you can bet that they would have been chillingly specific in their letter.

    When people resort to these sort of tactics to attempt to dissuade you, you can be assured you're doing something right.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

    1. Re:The ambiguity is a dead giveaway. by sm62704 · · Score: 3, Informative
      In other words, this is a scare tactic with nothing to back it up, pure and simple.

      I'm wondering "how thay can threaten their customer?" Who do they think they are, the RIAA and that New Jersey is a mom on food stamps?

      But perhaps they can. This cynical old man thinks there's a lot more here than meets the eye - Sequoia may surreptuously funnel cash to the campaigns of some of the high ranking New Jersey goons, er, excuse me, lawmakers/bureaucrats.

      But then I'm in Illinois where the last Democrat Governor went to prison, and the last Republican Governor then went to prison. I'm thinking if a Republican wins the next Governor election, Blago will join Ryan in a cell.

      Rich powerful people don't play nice. You don't get to be a rich, powerful man by giving a rat's ass about anyone or anything except your money and power.

      -mcgrew

      (background on Illinois Politics):

      Politics in the state, particularly Chicago machine politics, have been famous for highly visible corruption cases, as well as for crusading reformers such as governors Adlai Stevenson (D) and James Thompson (R). In 2006, former Governor George Ryan (R) was convicted of racketeering and bribery. In the late 20th century Congressman Dan Rostenkowski (Dem) was imprisoned for mail fraud; former governor and federal judge Otto Kerner, Jr. (D) was imprisoned for bribery; and State Auditor of Public Accounts (Comptroller) Orville Hodge (R) was imprisoned for embezzlement. In 1912 William Lorimer, the GOP boss of Chicago, was expelled from the U.S. Senate for bribery, and in 1921 Governor Len Small (R) was found to have defrauded the state of a million dollars.[58][27][15]
      --
      mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  4. Check, Meet Balance by CheeseburgerBrown · · Score: 4, Interesting

    A voting apparatus without a clear path for auditing of every system and sub-system is an invitation to corruption. Comparable mechanisms in governance have checks and balances to ensure fidelity.

    Why do these shifty porkchops think they ought to be exempt? Because it may make their investors nervous?

    This is definitely a situation where the bottom line should be drawn by logic, not by dollars.

    --
    These stories are free but worth money.
    1. Re:Check, Meet Balance by markov_chain · · Score: 2, Insightful

      Maybe that's how this happened. Some clueless board member demands something to be done, slamming his first on the table. The task gets assigned to the CEO, who assigns it to the lawyers, who do "something" that will appease the chain of command all the while knowing how useless it is.

      --
      Tsunami -- You can't bring a good wave down!
    2. Re:Check, Meet Balance by CastrTroy · · Score: 4, Insightful

      Any voting system should be verifiable by any member of the voting populous. Having a PhD in computer science should not be prerequisite for understanding the voting system. You also shouldn't have to take somebody else's word for it either. Pen and paper hand counted ballots make sense, because anybody can see exactly what's going on, and fully understand the process. If voters don't understand the voting system, then they might as well not even be voting.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    3. Re:Check, Meet Balance by ivan256 · · Score: 3, Insightful

      The problem is the lack of even a single impartial ballot counter. Whereas an expertly designed and reviewed machine can be reasonably guaranteed to be bias-free.

      Fixing elections is not something that has been enabled by new technology. The problem here is that the technology was supposed to reduce the fraud and inaccuracies, but it turns out it's just as hackable as the old pen & paper or punchcard systems despite the higher cost.

    4. Re:Check, Meet Balance by CastrTroy · · Score: 4, Insightful

      That's why the ballots can be counted, or viewed by multiple parties, who should all agree on the final counts. Anybody should be allowed to stand around and watch the counting. I'm not saying that no fraud would happen, because it's happened in the past, and it will happen in the future. I'm just saying that it should be obvious to the voting public when fraud is happening. The problem with machines, is that even if they are verified, it's impossible to know what code is running on it when you walk up to it on election day. Think of game consoles. They try to make it so you can only run licensed content. But people always find a way to run homebrew/pirated games. You can verify the machine all you want. There's no guaranteeing that the same machine will actually be used on election day. You could probably even put a completely different machine in front of people on election day, possibly in the same casing, although that's not even necessary, and people wouldn't even know they were using the wrong machine, because each polling district uses different machines.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    5. Re:Check, Meet Balance by FailedTheTuringTest · · Score: 4, Insightful

      No, it's not the same problem. It's easy for people to watch the movements of pieces of paper, make sure they end up where they belong, and count them. It's much harder to do the same with electrons.

      The solution for paper ballots is based on four principles: transparency, adversarial conditions, counting everything in a way that, if done right, makes double-entry accounting look like a random number generator, and decentralization.

      Transparency means that every step of the process is done in the open, with multiple people watching. Adversarial conditions means that the people watching include representatives (i.e. campaign workers) of all candidates, who are highly motivated to ensure that the others don't cheat. In Scotland, for example, each candidate can even apply their own seal to the ballot boxes in addition to the electoral commission's seals, so they can verify for themselves that boxes haven't been swapped, opened, or lost. A fraudster would have to be able to duplicate the seals of every political party in addition to the electoral commission.

      As for counting, every ballot paper must be accounted for. Polling stations start with a known number of blank ballots (verified by all candidates) and they must count the number of ballot papers issued, used, spoiled, and not used, as well as the number of ballots that end up in the ballot box, and if the numbers don't add up right then one can deduce that funny business is going on.

      Finally, decentralization is important. With safeguards in place, it may still be possible to cheat in a few locations (although you'd have to get campaign workers from all sides to look the other way), but widespread fraud serious enough to steal a whole election becomes extremely difficult. It is difficult to compromise the process in many locations at once. And even though the central counting facility receives the counts from each polling station and adds them up, it can be made to echo the numbers back and discrepancies can be spotted. A centralized electronic system, though, can be compromised at the center, you don't have to take over every polling station.

    6. Re:Check, Meet Balance by moeinvt · · Score: 4, Insightful

      "It is the exact same problem."

      Hardly.

      Think of the issues in logistical terms. In a paper-ballot system, tampering with a ballot box in such a way as to make any appreciable difference in the vote result would require tools, materials, physical access and a certain amount of time and effort within a relatively small window of opportunity.

      With an electronic system, if the state isn't allowed to run simulated elections or do detailed inspection of the voting machine and software, the window of opportunity for tampering is huge, the potential for altering the result is high, and the risk of detection is minimal.

    7. Re:Check, Meet Balance by CastrTroy · · Score: 2, Insightful

      Financial systems rely on the fact that the transactions aren't anonymous. Money always goes from one account to another. In the voting process, it's (supposed to be) completely anonymous. A bunch of people come in, and bunch of votes are cast, but nobody should be able to tell who voted for who. Imagine the same with a bank, where deposits have to be made to the correct accounts, but you can't verify which account they are coming from.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    8. Re:Check, Meet Balance by Mr.+Slippery · · Score: 2, Insightful

      The problem is the lack of even a single impartial ballot counter. Whereas an expertly designed and reviewed machine can be reasonably guaranteed to be bias-free.

      If impartial ballot counter can't be found, how do you expect to find impartial software/hardware designers and reviewers?

      At least ballot counters and monitors can be relatively unskilled. You can get a bunch of them with different biases and divide them up into teams to provide checks and balances. Harder to find a whole bunch of designers and reviewers and have them check on each other.

      --
      Tom Swiss | the infamous tms | my blog
      You cannot wash away blood with blood
  5. I for one... by Jumphard · · Score: 2

    ...don't think that Sequoias should be voting in the first place.

    1. Re:I for one... by sjames · · Score: 2, Funny

      ...don't think that Sequoias should be voting in the first place.

      I'm not so sure. Perhaps they would have known enough to tell Bush to try again when he grows up. I'm pretty sure they would have given Ficus a landslide victory.

  6. Let's call a spade a spade: by jockeys · · Score: 4, Insightful

    and see that the only reason Sequoia is pissed off is that they either
    a. are afraid that there are gaping security holes in their machines
    b. KNOW that there are gaping security holes in their machines

    all the privacy zealots will no doubt say that my "if you have nothing to hide you have nothing to be afraid of" mentality is misguided, but let's take a step back and see what is on the line here. this is NOT about personal data, this is about objectively evaluating the security of a device that is going to be used in a VERY public fashion. do lamp makers threaten Underwriters Laboratories for wanting to make sure their device works as intended?

    --

    In Soviet Russia jokes are formulaic and decidedly non-humorous.
    1. Re:Let's call a spade a spade: by orclevegam · · Score: 4, Interesting

      I for one say we need to amend the patent and copyright acts to make devices used to voting unpatentable, and exempt from copyright, or barring that, that the certification process requires all rights to be signed over to the government. These machines by their very nature should be open to the most detailed scrutiny imaginable by anyone who feels so inclined. If the companies want to make money on them sell maintenance and manufacturing contracts, but there should be no way to claim trade secrets on anything used for voting.

      --
      Curiosity was framed, Ignorance killed the cat.
    2. Re:Let's call a spade a spade: by Migraineman · · Score: 4, Interesting

      Lamp manufacturers pay UL for the privelege of being certified. UL doesn't randomly grab equipment and force a cert upon it. The voting machine manufacturers should be more than interested in having third-party audits of their equipment ... unless they are either crap or corrupt. I suspect the former, but the latter isn't too far behind.

      Regardless, I don't see how the manufacturer could impose restrictions on the equipment if it has been sold. Leased? Yeah, that'd come with a use restriction because title never was transferred.

    3. Re:Let's call a spade a spade: by NeutronCowboy · · Score: 4, Interesting

      Someone mod this guy up. I find it unconscionable that it is possible to patent or copyright something that is absolutely critical to the fundamental processes of democracy. Sequoia might as well demand that they be made Emperors of America.

      --
      Those who can, do. Those who can't, sue.
    4. Re:Let's call a spade a spade: by RobBebop · · Score: 3, Informative

      I find it unconscionable that it is possible to patent or copyright something that is absolutely critical to the fundamental processes of democracy.

      Also unconscionable is the notion that the underlaying software algorithm would essencially boil down to a very simple statement that looks something like the following:

      vote++;

      You could argue that there is some finesse involved in getting that data from the machine it was cast at to the central tallying point where it is counted and tabulated, but NOTHING in that process is any more complicated than the Automated Teller Machines which function in a similar way to take data from client nodes and send it up to the hub... so "prior art" in the realm of basic concepts of networking makes those patents unattainable.

      --
      Support the 30 Hour Work Week!!!
  7. Ok, I RTFA, but still... by The+Ancients · · Score: 3, Interesting

    ...have I got this straight?

    Their voting machines are paid for by public dollars, used by the majority of the members of the public, to elect public officials, and they claim evaluation of their software cannot occur without their "permission"?

    (Even my 9 year old nephew read this and thought it was "dumb")

    --
    The Mothership
    1. Re:Ok, I RTFA, but still... by jd · · Score: 3, Interesting
      The DMCA cripples reverse-engineering and software analysis. There was another "unified copyright" bill around the same time that forbid the review, or publication of any review, of software without the permission of the company selling it. Never heard if that made it into law. If it did, then yes, Felton's review would be illegal. If it didn't, but the review process would necessarily violate the DMCA, then it is also illegal.

      Is this stupid? Yes. Is this hostile to the interests of Americans? Yes. Was it voted for by a Congressman you have re-elected since? That I don't know, obviously, but it's something you may want to check on before this election. If you're not planning onvoting for whoever is currently elected, you might also want to find out the views of the opponents, particularly if the region is tech-savvy enough (or even tech-phobic enough) to be suspicious of voting machines. The candidate you're looking at might enjoy playing around with Sequoia's attitude problem as a (minor, to them) campaign issue.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    2. Re:Ok, I RTFA, but still... by Sir.Cracked · · Score: 3, Informative

      The DMCA was passed in the House by voice vote, and the Senate by Unanimous Concent.

      See the "Major Actions" section of this address
      http://thomas.loc.gov/cgi-bin/bdquery/z?d105:HR02281:@@@L&summ2=m&

      So, if your congresscritter was in office in 1998, you really have to assume he/she voted for it. I suppose you could troll the attendence logs for the day in question and see if they were absent, but I don't know how much that washes their hands. And potentialy, House reps may have voice voted against it, but it's unlikley.

      So, Pretty much any Senator/Rep who's been in office for more than 10 years is responsible.

      --
      Where are we going, and why am I in this handbasket?
    3. Re:Ok, I RTFA, but still... by CastrTroy · · Score: 2, Interesting

      Or maybe they let somebody else vote for them.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    4. Re:Ok, I RTFA, but still... by Ungrounded+Lightning · · Score: 3, Insightful

      ...have I got this straight?

      Their voting machines are paid for by public dollars, used by the majority of the members of the public, to elect public officials, and they claim evaluation of their software cannot occur without their "permission"?

      Their voting machines are SOLD (or maybe leased) to the government agencies that operate elections and have a contract specifying terms of use. They're claiming the contract forbids the sort of investigation that is proposed.

      Now perhaps there are indeed such terms in the contract. In which case the New Jersey secretary of state (or a past one) made an unwise decision. Nevertheless, the state has a duty to insure that the system is not defective. Inspecting its operation, including that of the software if there is any question about its functionality (or even if there isn't, just to check), is obviously a part of that duty, and being inspected is obviously part of what it is to be a voting machine. So such contract terms, if present and interpreted as Sequoia claims, are clearly unconscionable. On that basis the state should be free to ignore the clause.

      Alternatively, if the clause were to stand the resulting terms of use would make the machines "unsuitable for the intended use", violating the implied warranty of fitness. So the state could return them for a full refund. B-)

      It would be interesting to see what would happen if Sequoia actually sued. If the contract specified interpretation under the laws of New Jersey (or didn't specify jurisdiction) the state might just refuse to be sued. B-) If it specifies another state (or they sue in their own) it would still be a funny show.

      As for suing the professor, either he's acting as an agent of the state (in which case they're suing the state) or he's not (in which case he has no contract with them to enforce.) In the latter they'd have to go after him for something like DMCA violations or some part of contract law I'm unaware of.

      Of course IANAL - and especially not a contract lawyer. So take the above with a suitable quantity of salt. B-)

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  8. History lesson by i.r.id10t · · Score: 5, Interesting

    Mebbe they need a history lesson...

    Anyone care to guess when the last armed revolt against government was here in the US and the reasons behind it?

    Answer - Battle of Athens, Tenn. 1946. And it was over voting issues...

    http://en.wikipedia.org/wiki/Battle_of_Athens

    --
    Don't blame me, I voted for Kodos
    1. Re:History lesson by notthepainter · · Score: 4, Informative
      The wiki page is pretty short on details.

      See http://www.constitution.org/mil/tn/batathen.htminstead.

    2. Re:History lesson by ragerover · · Score: 2, Informative

      Or another, as some folks in New Mexico would point out: http://en.wikipedia.org/wiki/Tierra_Amarilla%2C_New_Mexico

  9. Re:Speechless. by The+Ancients · · Score: 5, Insightful

    Just speechless.

    That's often the results with certain voting machines.

    --
    The Mothership
  10. "Really"? by truthsearch · · Score: 4, Funny

    Sequoia seems to be claiming that no one can make a "report" regarding their "software" without their permission.

    I "beg" to "differ".

    --
    Developers: We can use your help.
  11. Re:Speechless. by garcia · · Score: 3, Insightful

    Just speechless.

    You are speechless for the right reasons but the majority of the American public will be speechless for another and far more unfortunate reason :(

  12. "non compliant analysis"? by apodyopsis · · Score: 3, Insightful

    "non compliant analysis"? whats the betting that the only compliant analysis gives it an A-OK rating.

    thats like car salesperson attempting to sell you a car but only if you agree to take his word that it works and he'll sue anybody that you bring in to check the engine. if ever there was a warning bell not to buy their equipment that was it.

    whats next? DMCA action against /. for this thread? absolute cobblers.

  13. Re:Yes but... by garcia · · Score: 4, Insightful

    Yes, but nothing is stopping Sequoia from being hung in the court of public opinion.

    Sure there is, apathy.

  14. Update and more details on this by MrAtoz · · Score: 5, Informative

    It was Union County, NJ that was planning to send sample machines to Dr. Felten. They were threatened by Sequoia and have backed down from their plan as a result. The whole thing happened because several counties in NJ reported errors with the Sequoia machines in the February primary election. Sequoia reviewed these and just said that it was "user error" and not a problem. The counties understandably didn't find this an acceptable response, and Union County wanted to get an outside opinion. All the details can be found in this NJ Star-Ledger story.

  15. In other news... by Bullfish · · Score: 2, Funny

    Four mob families in conjunction with a number of street gangs is suing the US Department of Justice for restriction of trade.

  16. handy though by rucs_hack · · Score: 4, Insightful

    If this gets thrown out, it will really dent future attempts to use methods like this to shield shoddy products.

    If you ask me, Sequoia has been given some very bad legal advice. Didn't anyone stop to think about the public relations nightmare this would cause? Not to mention damage to their business.

    1. Re:handy though by Firehed · · Score: 3, Interesting

      If this gets thrown out? Surely no court could be so stupid to think that a third party's opinions of an available product can be stifled on the grounds of intellectual property laws. I can't think of anything even reasonably close to a valid excuse to allow it to go through. Perhaps they expect that it will come across as libelous (meaning a completely valid and accurate assessment that portrays them in a negative light - which just means that your company/product sucks), but the review would have to be out there first. I don't think a gag order can be issued in this kind of situation, and an NDA violation (assuming they ever held up in court, which is very rarely the case) hardly applies here.

      I don't think a PR nightmare really applies. This kind of stuff rarely if ever hits mainstream media, and us geeks of Slashdot aren't really the type to buy into proprietary tools in general, let alone ones used for voting.

      --
      How are sites slashdotted when nobody reads TFAs?
    2. Re:handy though by MightyMartian · · Score: 5, Insightful

      There is an alternative to all of this. New Jersey can simple remove Sequoia from the list of companies they're considering for voting machines. I mean, if they don't have it already, they can simply pass law stating that all those submitting bids for supplying the state with voting machines must make a machine available for independent review by an organization or institution of the state's choice. If Sequoia doesn't like those terms, they don't have to bid.

      It's true, however, that IP claims are getting out of hand when a government and/or institution doing some work for the government is threatened with a lawsuit over testing hardware. These events are only going to get more egregious and ludicrous until Washington and the courts start handing these abusers their proverbial balls on a platter.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    3. Re:handy though by Darinbob · · Score: 5, Informative

      If this gets thrown out? Surely no court could be so stupid to think that a third party's opinions of an available product can be stifled on the grounds of intellectual property laws. I can't think of anything even reasonably close to a valid excuse to allow it to go through. That's where "intellectual property" becomes such a vague and dubious notion. Consider if this were a medical device. If health risks were involved, could a company forbid the FDA from investigating the device because someone signed a licensing agreement? Or if the FDA has no interest, what about restriction a state board of health from investigating the device?

      In the past, less than one hundred years ago, it was extremely difficult to investigate dangerous products or workplaces. The government just didn't feel it was important enough to get involved in. There had to be major media effort to bring these problems to the public eye before there was enough pressure on the government to put pressure on companies. Such as hair products that could cause blindness and disfigurement, sometimes death (the reason that we have animal testing for cosmetics today). Companies didn't care if customer's were hurt, as long as they got their money first; but bad publicity made them at least pretend to care.

      Or the use of radium on watch dials; a company where the chemists would use lead shields to deal with radium would suggest to the factory workers that they could lick the brushes used to pain the dials. That took a media campaign to publicize slow painful deaths of young women before the public demanded change. It's interesting here that US Radium threatened to sue to prevent publication of a damning report, since the author had signed a confidentiality agreement (deja vu).

      But in this case, the danger is to elections, not someone's health. The question is whether this rises to the same level of concern. In the health cases, people had to die or become disfigured before the government and the public took any action. Do we have to wait for a stolen or hacked election before the people decide that the public's interests in this matter overrides intellection property? ("intellectual", hah, there's nothing so special about the technology here; shoddy hardware, shoddy software, slick marketting)

      I don't think a PR nightmare really applies. This kind of stuff rarely if ever hits mainstream media, and us geeks of Slashdot aren't really the type to buy into proprietary tools in general, let alone ones used for voting. But this needs to hid the mainstream media. Otherwise companies just go on with business as usual. Governments will never take any action unless they detect some sort of public outcry, especially in the modern climate where pro-active governments are frowned upon.
    4. Re:handy though by kesuki · · Score: 2, Interesting

      Ironically, the US radium paint was toxic for 2 reasons. 1. radium 2. phosphorus most of the women died from the phosphorus poisoning that degraded away their bones, not from the radium poisoning. and you know what?
      in france, where radium was discovered, they used 'cotton swabs' to apply the paint rather than horsehair brushes. cotton swabs had no need to be licked (the horsehair brushes had to be licked ever 2-3 strokes)

      analysis of public voting machines will turn up ugly bugs like being able to report 100% of the district voting for one candidate, while 67% voted for the other. there are so many things that can go wrong with voting machine software, not to mention a lot of the machines are shipped by companies with strong political ties, who some argue 'rig' the firmwares results for specific elections. the latter is why I'd bet they don't want random voting machine testing. people finding 'bugs' for you will just cost a little programming work to debug it, the only reason i can see for them to sue, is if they really are rigging the elections for a price.

      --
      https://www.gnu.org/philosophy/free-sw.html
  17. Trivial Workaround by sunderland56 · · Score: 2, Interesting

    The State of New Jersey just needs to hire Professors Felten and Appel as consultants. Nothing in the so-called "established Sequoia licensing Agreement for use of the voting system" can prevent a State employee from accessing a State machine.

  18. Re:Reverse engineering by flaming+error · · Score: 3, Insightful

    If anybody thinks this issue is about EULAs, they need to pull their head out of the sand.

    This is about the future of democracy. These voting machine vendors are stripping transparency, security, and auditability out of our elections. None of us should give a damn what licensing agreement Sequoia wrote.

  19. threat of suit by belmolis · · Score: 2, Insightful

    IANAL but I am reasonably confident that Sequoia cannot successfully sue Felten. They may be able to sue New Jersey for breach of contract if in fact they have a contract with New Jersey that forbids such reviews. That may be the case - I believe that the license for MS Windows Server forbids reviews not approved by Microsoft. If there is such a contract, it would be interesting to see if it holds up in court. The "no review" provision is arguably void as being contrary to public policy.

    Felten, however, has no contractual relationship with Sequoia and therefore cannot be in breach of contract. Sequoia therefore cannot sue him unless they can come up with another cause of action. Maybe, just maybe, they could sue him for disclosing trade secrets, if New Jersey has really nasty trade secret laws.

    1. Re:threat of suit by ScrewMaster · · Score: 2, Insightful

      The real issue is, how did things get so fucked up that companies feel entitled to operating in such secrecy?

      Yes indeed, and this behavior on the part of private corporations is hardly limited to the voting industry. It's happening all over the place. The Taser is another excellent example: medical examiners being threatened and sued by the manufacturer of that device if they put "death by Tasing" in their official reports. Doesn't matter one bit if the person who was killed did die from a tasing. The company doesn't want the publicity and will send their lawyers after anyone that makes a complaint, legitimate or otherwise.

      Now, this is serious shit, because it is giving corporations the power to intimidate and influence public servants who are simply doing their jobs, jobs that We the People pay them to do. That's just WRONG and needs to be addressed at some point. Really, what we're seeing here is what happens when a society becomes fundamentally amoral: America operated on what was essentially an honor system for centuries. People didn't do this kind of thing because, well ... good people just didn't do this kind of thing. Even corporate leaders had some respect for the system.

      Now that we've become very much a cutthroat capitalist society, nothing matters so long as you have your way, no matter who is hurt in the process. That's not the America I grew up in, let me tell you.

      --
      The higher the technology, the sharper that two-edged sword.
    2. Re:threat of suit by ScrewMaster · · Score: 2, Insightful

      Oh, sure ... some corporations have always been cutthroat, and it has largely been government's role to counterbalance that to one degree or another, to correct the really egregious excesses. Overall though, the United States' business community generally was not cutthroat to the degree that we're seeing now. Corporations have always done bad things in the name of profit, but we're seeing a new set of extremes nowadays. Hell, if you want to see what unbridled corporate nastiness looks like, China is a much better example than the U.S. at its worst. I really don't think we want to go there, but we are.

      In any event, I am noticing that there are things that simply were not done in the past that are now commonplace, such as threatening public servants with impunity. I'm generally against the government (any government) here in the U.S. coming up with more law, but it does seem like corporations like Sequoia and the Taser outfit need to get slapped back. Maybe the Justice Department or the FBI could lay off the media-driven "piracy" bandwagon for a couple years, and put some of these corporate assholes in their place.

      --
      The higher the technology, the sharper that two-edged sword.
  20. Re:Speechless. by gnick · · Score: 3, Funny

    the majority of the American public will be speechless for another and far more unfortunate reason So - Let's let them be heard. Let's put the decision on whether or not to use the machines to a vote. It can be a trial run for Sequoia's machines. If Sequoia tells us that we voted in favor of using their machines, we know they're lying and ditch 'em.
    --
    He's getting rather old, but he's a good mouse.
  21. Re:Voting versus Gambling by dpilot · · Score: 4, Insightful

    > but if they can help a democrat steal an election...

    And what's your opinion if it's helping a republican steal an election?

    Whatever response you give me, the words "a democrat" did not need to be in your post. Stealing an election is WRONG, whether it's a democrat or a republican. You took a very good post and diminished it with a bit of partisanship. I notice that you said "democrat" where usually the party affiliation is capitalized, so maybe you're scooting by on a technicality. But at that point we're parsing to the degree that we criticize politicians for.

    --
    The living have better things to do than to continue hating the dead.
  22. Open Source Secure Voting Application by hattig · · Score: 2, Interesting

    Well it has been several years of voting machine shenanigans, with each Slashdot topic resulting in posts saying that an open source solution is required.

    So, has it been done yet?

    Or is the problem one of it being rather impossible to create a completely secure voting application, however great the code is, however many security specialists have reviewed it?

    1. Re:Open Source Secure Voting Application by david_thornley · · Score: 2, Informative

      I wouldn't trust one. Even if I had something that purported to be the source, how am I to know that that's exactly what was loaded into the machine? How am I to know that the combination of software and machine does something the software alone doesn't?

      The only solution is a paper trail. The voting machines used around here have paper ballots that are scanned for counting. Quick returns, and actually verifiable.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  23. Nice to see they are so confident... by Kazoo+the+Clown · · Score: 2, Funny

    in the quality of their product...

  24. Disappointing by bobdehnhardt · · Score: 2, Informative

    This is just disappointing. I had Sequoia pegged as one of the good guys. When we selected them here in Nevada, they willingly submitted to every test, including review by the gaming board (who know a thing or two about fairness and anti-tampering in electronic devices - they have to certify all slot and video gaming machines). Sequoia passed the tests, including having a paper trail. That's not to say they're perfect or infallible, but they sure seemed cooperative and focused in the right direction.

    This just doesn't fit with their actions back then. Has there been a change in management?

  25. I Agree with Sequoia on this by Shivetya · · Score: 4, Insightful

    and you too.

    If their contract declares as such then they are in the right.

    However, it should be a requirement at the state level, if not federal, to require this sort of outside verification and study. If a manufacturer does not agree to it then they should be considered for the application. Fair is fair.

    Don't want to be hold accountable then don't expect our money.

    I am quite sure some other company will step forward if there is money to be made and their intellectual property rights are protected. I am all for testing and certification by outside groups but I also realize that there is investment here and that needs protected first. What must come first is OUR rights, our rights to know that outside experts have certified a solution and future implementations will protect our vote. Surely some company will step up to this for the money. Maybe it will be the kick in the pants for some group already in place to do so.

    --
    * Winners compare their achievements to their goals, losers compare theirs to that of others.
    1. Re:I Agree with Sequoia on this by Darinbob · · Score: 3, Informative

      If their contract declares as such then they are in the right.
      Not necessarily. A contract is not the totality of the law. Contracts can be found to be null and void.

      In this case, I'd say just basic consumer protection laws would apply. The consumer has the right to determine if the product they purchased does what it claims to do. No "contract" can forbid that. That'd be like an auto maker forbidding the customer in a signed sales agreement from looking under the hood to see if there's an engine present.

      I suspect the contract doesn't forbid verifying that the device performs as claimed, but that they disallow giving the device to a third party. Thus they may be relying on the elections board themselves, without the help of consultants, having enough technical knowledge to tell if the device meets their needs.

      But I do agree with you on the point that New Jersey should just ship the product back and say "this does not meet our needs at this time". Or if they want the money back, say "since we are forbidden from determining if the device is the same one as described in the contract, we have to declare the contract void, so kindly send us back our citizens' money."
  26. Parsing this out by KnightNavro · · Score: 2

    Sequoia isn't saying they think the professors will be stealing intellectual property. They are saying that if New Jersey lets the professors test the software, NJ is breaking the terms of the software license. In short, NJ signed the license agreement, which presumably says that NJ can't give the voting machines to outside testers for evaluation and reporting. It's software as a licensed service and not as property, which is also a heap of bovine excrement. What should be happening is states putting a line in the request for proposals saying something along the lines of "All proposed systems that prohibit independent testing and evaluation will not be considered by STATE," only in legalese.

  27. Here is Sequoia's response from their website... by HotNeedleOfInquiry · · Score: 4, Funny

    3/18/2008
    Sequoia Voting Systems supports third party reviews and testing of its election equipment

    In response to some recent media reports, Sequoia is has issued a statement found at . Through this statement, we hope to educate individuals on the third party review mechanisms already in place in the election industry as well as our company's business practices regarding third party reviews and testing of its election equipment.

    An independent review of a voting system is a complex and interdisciplinary process involving a broad knowledge of election law, public administration and technical matters. Many independent reviews have been successfully conducted within the framework of Sequoia's license rights pursuant to appropriate and mutually agreeable arrangements between Sequoia and governmental agencies charged by law with the authority to conduct such reviews. Sequoia welcomes all such responsibly executed review activities.

    Please see the Election Technology Council's "Guidelines for States conducting Top-to-Bottom Reviews" found on the organization's website at for additional information.

    - Michelle Shafer, VP of Communications

    --
    "Eve of Destruction", it's not just for old hippies anymore...
  28. Why not just breach the license agreement? by harryHenderson · · Score: 2, Interesting

    If this is really just a contract matter... why can't NJ just breach the contract?
    I seem to remember that there is a breach of contract defense available when the contract violates public policy. Does NJ recognize this defense? Do the terms of this license agreement rise to the level of a public policy violation as recognized in the courts?

  29. Re:Here is Sequoia's response from their website.. by ScrewMaster · · Score: 4, Insightful

    Sequoia welcomes all such responsibly executed review activities.

    Obviously they don't. Anyone claiming that Ed Felten is unable to responsibly execute such a review should have her head examined. More to the point however, it is equally obvious that they are very much aware of Professor Felten's reputation, and would very much rather he didn't execute a responsible review of their equipment.

    Hey ... if they've nothing to hide ...

    --
    The higher the technology, the sharper that two-edged sword.
  30. Re:Yes. And why does UL do it? by dbc · · Score: 3, Interesting
    Neveda Gaming Commission

    I hear they are pretty good a doing hardware/software system audits and design reviews.

  31. Re:Here is Sequoia's response from their website.. by Anonymous Coward · · Score: 2, Informative

    Many independent reviews have been successfully conducted within the framework of Sequoia's license rights It is hilarious that they attempt to masquerade as "successful reviews" studies that found abysmal problems in their products. For example, in the California Top-To-Bottom-Review (mentioned in their press release) university researchers examined the Sequoia machines in use in California, performed source code and red team analysis, identified a huge number of vulnerabilities (and plain bugs), and developed working exploits (even in the form of virus) capable of modifying the results of an election.
    The reports are publicly available: source code review, red team review.