Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Diebold Issues Cease and Desist to Indymedia

Posted by michael on Sat Oct 18, 2003 06:54 AM
from the speak-no-evil dept.
Censorship United States
h0mee writes "Diebold, manufacturer of election equipment, has issued a Cease and desist notice to the upstream provider of San Francisco Indymedia for having links to mirrors of a leaked internal diebold memo. More than just a case of a leak, Diebold has been raising a lot of questions about the fairness and security of elections in the United States. (Perhaps it's time for peer reviewable software like gnu.free? ;)"
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Diebold Issues Cease and Desist to Indymedia 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Only in America (Score:2, Insightful)

    by Anonymous Coward

    could the goverment actually convice its people that by pressing a button on an ordinary computer you have a democracy

  • Support Indymedia! (Score:5, Interesting)

    by quigonn (80360) on Saturday October 18 2003, @07:06AM (#7247640) Homepage
    Indymedia is a very important platform in the current world where most people are influenced by mass media. So, support them by giving them webspace outside of the USA, so that they will be able to continue exercising their right to free speech!
      • Dear AC, this happens because the very same kind of fools although right winged get their rants blared on FOX, SKY, CNN and big newspapers. It's only fair that our share of cretins get to blow off in less known websites, hosted on cheap beige boxes. Don't like this national hero bashing? There's plenty regimes left you can move to, some are even friendly countries according to the USA.
  • Given the current overly coroprate friendly environment in US-Justice and vice-versa, I would like to take a bet that this will not be resolved and that Diebold will be free to win elections for it's favourite party.
    • I don't seem to recall this many investigations, procescutions, and leaks since the days of Reagan near the time of the S&L crisis.

      Seems to me a lot of companines are now coming under scrutiny from a combination of things. Public sentitment, investor anger, and a Justice department that does act.

      Yes they allow some things to slip by, but do the other 3 groups.

      Remember, the DOJ just isn't in Washington. Ashcroft is a favorite whipping boy because he is the most visible part. He gets credit for some

  • Open Sofware Not The Only Solution (Score:3, Flamebait)

    by Little Brother (122447) <kg4wwn@qsl.net> on Saturday October 18 2003, @07:09AM (#7247651) Journal
    Guys, like always, you're jumping the gun a little bit in favour of Free Software. I do not deny that an open project could be usefull in voting machine technologies, but that is far from the only solution. All that is truly needed is accountability built into the system. If a commercial product created a paper-trail that could appeald to in case of a challenge of the voting results (and the voters could see their vote choice printed) it would solve the major problems the diebold systems were designed to have. True, a GPL'd solution could do this as well, but when we start saying that no commercial product will work, we start to look like zealots who's primary goal is to get Free Software out everywhere. The issue this time isn't free vrs non-free software, it is free vrs. non-free elections: if such is possible this is a more important issue than Free Software proliferation.
    • Just use paper! Is it really that hard?
    • GPLed software does not rule out a commercial solution. You can still pay someone for writing the software and since it is linked to the hardware anyway, what speaks against opening the source. It does not even have to be GPLed, you just need to be able to verify the software.
      I for one would like to have a system, where I get some kind of receipt (maybe a chipcard or a code number) which I can use to verfy my vote anonymously on the internet or at a verification station.
      All this is possible and can be done
    • Now, michael didn't say Free Software is the only way to go, he just suggested it as one possible solution. I don't see a problem with that. Interestingly, if you actually follow the link he provided to free-project.org, it contains this statement:

      We used to develop the GNU.FREE Internet Voting software and we retain a strong interest in electronic voting issues, primarily through advocating why we feel it's an undesirable advance. Apparently, they're no longer fully interested in developing internet

    • Re:Open Sofware Not The Only Solution (Score:5, Insightful)

      by nagora (177841) on Saturday October 18 2003, @07:36AM (#7247724)
      All that is truly needed is accountability built into the system. If a commercial product created a paper-trail that could appeald

      Which means open-source of some sort. Anything else can be rigged, including the paper trail it produces. No part of the election process should be hidden from the electorate, whether comuterised or mechanical. Is that zealotry? It sounds like Common Sense to me.

      TWW

    • True, a GPL'd solution could do this as well, but when we start saying that no commercial product will work, we start to look like zealots who's primary goal is to get Free Software out everywhere.

      There is no conflict between Free Software and commercial products. In fact, it's very likely that any Free Software-based voting system would be a commercial product. The point here is that voting machines are a major component in the engine of democracy and that there is absolutely no reason why they should

    • Re:Open Sofware Not The Only Solution (Score:5, Insightful)

      by kfg (145172) on Saturday October 18 2003, @07:57AM (#7247777)
      Please see Ken Thompson's totally moby hack of Unix, providing a back door even if a system was built from audited code.

      http://catb.org/~esr/jargon/html/B/back-door.htm l

      A "Paper Trail" is worthless with computer based voting machines unless the entire system is completely transparent to outside observers.

      When it comes to elections no one, no one company and no one thing can be trusted without massive public oversight.

      And most specifically the governement itself is the entity least trustable to "certify" that an election process is fair and properly conducted. I'm an American but I've lived through "democratic" elections in a third world country.

      If the the press cannot hire its own experts to completely examine the system and freely publish its results there is no democracy.

      KFG

      KFG

      KFG
    • I'm usually considered a moderate bordering on Microsoft apologist but this time I whole-heartedly side with the zealots.

      Transparency is the key to this. Any hidden source code is a bad thing.
    • The useful half of this really matters. This is a case where I don't care if we can sell competing products, but I do care very much that the source open for review.

      Even a Microsoft-style shared source license would be better than the status quo, though it pains me to say so.
  • We need someone to come up with a GPL'd project that is an OS that does ballots on the x86 platform which is open source and workable, freely downloadable and testable then get people together to demand that it be put on election systems instead of using questionable ones.

  • It is not time for gnu-free (Score:5, Insightful)

    by johannesg (664142) on Saturday October 18 2003, @07:11AM (#7247658)
    E-voting is simply a bad idea. Voting needs to be done using paper, in order to keep accountability. Paper, once written, cannot be changed and can always be recounted. Software offers no such guarantee, not even if a thousand 'experts' all proclaim the software to be safe.
    • No, e-voting can make things much simpler. But for reasons of security, these machines must also print a audit trail on paper, so that the votes counted eletronically can be checked against the audit trail, and it must be written in a way that the voter can check whether it was written correctly. The Diebold machines do not meet these criteria, writing an audit trail only into an Access database.
      • these machines must also print a audit trail on paper, so that the votes counted eletronically can be checked against the audit trail,

        So why bother with the electronic counting? If you are going to count the audit trail there's no point in the electronic count and if the audit trail isn't counted then the electronic system can happily push the vote 2 or 3 percent towards the paying candidate, while printing a fake paper trail, and no one will ever know.

        TWW

    • E-voting is simply a bad idea. (Score:5, Insightful)

      by harriet nyborg (656409) on Saturday October 18 2003, @07:46AM (#7247752)
      E-voting is simply a bad idea.

      Hear, hear.

      The important thing in democracy is not the voting, it's the counting.

      Any technology introduced to improve the act of voting cannot make the act of counting less transparent or democracy suffers.

      It is apparent that Diebold's systems (not to mention Diebold's paranoia for secrecy) render the act of counting less accountable and less transparent. Ergo, democracy suffers.

      If used in a close election - where exit polling and other secondary measurements are unable to confirm the results of the counting - the wrong person might actually get elected President of the United States of America.

      With no sense of responsibility to the coutry at large, this illegitimate President might launch a series of Napoleonic wars to to compensate for his own feelings of inadequacy.

      I digress into fantasy... the little blue ones I washed down with all those adult beverages must be kicking in.

    • E-voting itself is not a bad idea (the convenience of not having to deal with reams of paper ballots, fewer counting mistakes ("hanging Chad"), etc.). However, there needs to be a better audit trail left. If the voting machine simply reports the count, then it is noy good. It should be hooked up to a printer, where it can print out a little cards with a 2-D barcode (like PDF417, with lots of error-correction) on them, which can be counted with high accuracy on a scanner, in case of a dispute.

    • Paper, once written, cannot be changed and can always be recounted.

      This matters only in theory. Apparently, the US voting system is so flawed that electronic voting is "good enough", compared to the other irregularities. Please keep in mind that the result of the last US presidental election in Florida was determined by (re)counting, but by a decision of the locall state parliament, and also that voter registration seems to introduce quite a bias in who is eligible to vote.
      • I agree that there were irregularities in Florida, but disagree with this statement:

        . . . and also that voter registration seems to introduce quite a bias in who is eligible to vote.

        Voter registration, per se, does not introduce any bias (abuses like erroneous felon lists in Florida notwithstanding). It does cause a self-selection--that is, those who vote are those willing to take the time to register. This is why I oppose laws like "Motor Voter" and other efforts to make registration automatic. I also ve

    • I agree 100% on accountability, BUT e-voting is like any other technology something that can make the system much quicker and more efficient.

      It takes a lot of time, effort and man power to count thousands or millions of votes. eVoting would defintely speed up and cheapen that process...

      but again, I agree that before e-voting takes off there must be accountability on par with or better than our current system.
      • It is _much_ harder to commit fraud using paper. For one thing, with software it requires just one guy making one change to a piece of software to bend the election results for an entire nation. With paper the same thing can be done on a local scale, but it is very hard to pull it off nationwide without people noticing.

        Where I live I can go and watch elections as they happen (I can ask to be an observer and that request must be granted). I cannot do that with electronic voting, since I cannot watch what g

  • Link to memo that works (Score:3, Informative)

    by asmithmd1 (239950) * on Saturday October 18 2003, @07:24AM (#7247687) Homepage Journal
    Here [scoop.co.nz] is a link to the memos thaty actually works
  • How about just an electronic voting system that has redundancy. Example:
    1) User votes for who they want to and it is recorded
    2) Machine prints out card with users vote
    3) Card is checked by user for accuracy
    4) Card is then re-inserted into machine to generate the backup tally.

    If the tallies from 1 and 4 don't match, the cards are "certified" and then rerun.

    • 3) Card is checked by user for accuracy

      How often do you think this actually happens? Generally, you're lucky if you can get people out to vote for Tweedledum or Tweedledee, asking them to do some work when they get there is going too far.

      Even if they do check I can think of a couple of ways to rig it anyway if you just need or want a few percent onto your candidate/brother's vote.

      Just get a piece of paper, put a mark on it, get a bunch of people to count the marks.

      TWW

      • If people are put off by putting in a little effort, it's just fine with me that they don't vote. People who are willing to put forth effort will decide elections, and everyone will benefit.
        • People who are willing to put forth effort will decide elections, and everyone will benefit.

          Which is, of course, an argument for not having any electronic voting. Which is fine by me.

          TWW

      • 3) Card is checked by user for accuracy

        How often do you think this actually happens? Generally, you're lucky if you can get people out to vote for Tweedledum or Tweedledee, asking them to do some work when they get there is going too far.

        It doesn't matter if it's only 1% of people who are doing that - if they notice that the machine hasn't printed what they asked for, they'll kick up a stink. More than a couple of people do that and the whole system will be called into question.

        It's the same basis on
        • It doesn't matter if it's only 1% of people who are doing that - if they notice that the machine hasn't printed what they asked for, they'll kick up a stink. More than a couple of people do that and the whole system will be called into question.

          Which is why you don't do it on every ballot and you allow a "re-try" option which is programmed to work correctly and various other methods of alaying suspicion.

          TWW

    • I am reminded of an old adage, paraphrased here because I cannot find the exact text. "When headed to sea, take 1 compass or 3, but never 2."

      To make matters worse, having a card printed out allows for chain voting. This is a scheme in which one voter sneaks their card out of the polling place, shows it to someone who pays them for their vote, and hands it to the next person who drops it in after they're done voting, and brings their card to get paid, and so it goes and so it goes. The first person can s

  • this is the most serious threat to America (Score:2, Insightful)

    by Anonymous Coward
    This isn't the only site that Diebold has shut down. I guess it just finally went far enough to get posted here. blackboxvoting.org is another one.

    No educated person can believe that these systems are anything but a predesigned plan to subvert elections. It is impossible to make computer voting secure without compromising the secret ballot. Even the most basic steps to make these systems secure have not been taken.

    There's no way to fix computer voting. Diebold will "fix" their security problems and it wi

  • A hash is made based on the votes selections, voting location, vote submittal time, etc. Basically everything but the voters name (one (wo)man, one vote doesn't mean traceable).

    This hash is printed and/or emailed to a voter-defined email address (which could default to a 3rd party organization if the voter has no email). This email would contain a link that when clicked would query the central database of tallied votes. If the user-passed hash string is contained within the tallied votes, all is A-OK. If i

    • Not anonymous (Score:5, Insightful)

      by Effugas (2378) on Saturday October 18 2003, @08:57AM (#7247999) Homepage
      The fundamental problem is that it needs to be impossible for me to prove to a vote buyer that I voted one way or another.

      If I can prove to myself my vote was counted a certain way, so too can it be proved to others. And then votes get bought.

      This is a _hard_ problem, and alot of it comes from misunderstanding the nature of it.

      --Dan

  • Incriminating text of the memos (Score:5, Informative)

    by Anonymous Coward on Saturday October 18 2003, @07:56AM (#7247776)
    Internal Memos: Diebold Doing End-Runs Around Certification

    Friday, 12 September 2003 (PDT)
    By Bev Harris - blackboxvoting.org

    http://www.blackboxvoting.com

    If certification isn't being done properly, the whole house of cards falls. Below are actual copies of internal Diebold memos which show that uncertified software is being used in elections, and that Diebold programmers intentionally end-run the system.

    Quick backgrounder first, scroll down to see the memos.

    BACKGROUND

    Our voting system, which is part of the public commons has recently been privatized. When this happened, the counting of the votes, which must be a public process, subjected to the scrutiny of many eyes of plain old citizens, became a secret.

    The computerized systems that register voters, will soon sign voters into the polling place using a digital smart card, record the vote we cast, and tally it are now so secret they are not allowed to be examined by any citizens group, or even by academics like the computer scientists at major universities.

    The corporate justification for this secrecy is that these systems adhere to a list of "standards" put out by the Federal Election Commission, and that an "ITA" (Independent Testing Authority) carefully examines the voting system, which is then provided to states for their own certification.

    As it turns out, the states typically do not examine the computer code at all, relying instead on a "Logic and Accuracy" test which will not catch fraud and has frequently missed software programming errors that cause the machines to miscount.

    A Diebold message board has been used since 1999 to help technicians in the field interact with programmers to solve problems. The contents of this message board were quietly sent to reporters and activists around the world, most likely by a Diebold employee. In a letter to WiredNews, Diebold has acknowledged that these memos are from its own staff message boards.

    Without further commentary, judge for yourself whether Diebold has been following certification requirements:

    From Nel Finberg, Technical Writer, Diebold Election Systems

    (Note: Metamor/Ciber is the ITA assigned to certify the software)

    alteration of Audit Log in Access

    To: "support"
    Subject: alteration of Audit Log in Access
    From: "Nel Finberg"
    Date: Tue, 16 Oct 2001 23:31:30 -0700
    Importance: Normal

    Jennifer Price at Metamor (about to be Ciber) has indicated that she can access the GEMS Access database and alter the Audit log without entering a password. What is the position of our development staff on this issue? Can we justify this? Or should this be anathema?
    Nel

    Reply from Ken Clark, principal engineer for Diebold Election Systems

    RE: alteration of Audit Log in Access

    To:
    Subject: RE: alteration of Audit Log in Access
    From: "Ken Clark"
    Date: Thu, 18 Oct 2001 09:55:02 -0700
    Importance: Normal
    In-reply-to:

    Its a tough question, and it has a lot to do with perception. Of course everyone knows perception is reality.

    Right now you can open GEMS' .mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. In VTS, you can open the database with progress and do the same. The same would go for anyone else's system using whatever database they are using. Hard drives are read-write entities. You can change their contents.

    Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the .mdb file. Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out.

    It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the d
  • >what this means is the software used in these elections was never looked at by ANYONE except a handful of programmers in Canada.

    Don't you guys trust us Canadians? :)

    Seriously, isnt't there something legalwise that any private citizen can do to stop or correct this sort of crap from happening?

  • Re: Diebold machines (Score:5, Interesting)

    by blibbleblobble (526872) on Saturday October 18 2003, @08:35AM (#7247905)
    Quote from the leaked email
    "It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.


    Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor.

    There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever."

    Oh come on! It's as if the last 30 years of cryptographic knowledge never happened. Of course it's possible to digitally sign electronic data, and nobody with a clue about electronic voting would even consider not doing it.

    These people are supplying voting machines, and they don't even know how to create tamper-evident databases? They even have the gall to assume their competitors are using the same simpleton technology as they are.

    I suggest that anyone involved with these systems read Peter Wayner's Translucent Databases [wayner.org] for a primer on how databases can be made secure, even against those who know the root password. [not that Diebold machines seem to have a root password]

    For further reading, Diebold might want to read some of Bruce Schnier's books [amazon.com], which are an interesting read on what can be done with cryptography, and what are its limitations. They might even consider hiring a competant expert, e.g. some of Schneier's peers.

    p.s. I claim the quote above as fair use, under english copyright law.

    • Re: Diebold machines (Score:4, Insightful)

      by rthille (8526) <web-slashdotNO@SPAMrangat.org> on Saturday October 18 2003, @10:33AM (#7248359) Homepage Journal
      Of course it's possible to digitally sign electronic data, and nobody with a clue about electronic voting would even consider not doing it.

      Why bother? If you don't trust the system that does the signing, or the people who created the key it's signed with, then why bother to sign the data? It just gives a false sense of security.

      Unless the system produces a human readable, physical record of votes that the voter can verify before submitting then the system is open to fraud.
    • Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

      Oh really is the above aluding to :
      A. election-fraud.
      B. just plain bad software from Diebold.
      C. piss-poor administration by some local-yocal election officials
      D. All of the above

  • Voting fraud should not be tolerated (Score:3, Insightful)

    by TheRealStyro (233246) on Saturday October 18 2003, @08:57AM (#7248001) Homepage
    All evidence at this point stands to up to reason and makes clear the implications for a high level of vote taking, accounting, and tabulation fraud. The evidence presented should be enough to warrant any reasonable governments to bring the processes, in detail, into question and to suspend use of this voting platform until a grand jury can form an opinion and/or verdict on the continued use of these types of voting platforms.

    OK, the above possibly being true, why haven't voters caused an uproar over this potentially corrupt system being used? Simple - apathy. Most citizens are too worried about other things to care about the government. Most people want the government out of their lives and in exchange they will stay away from government functions. This plays right into the hands of those willing to put a system, such as this, into production. What can be done about the citizenry? Very little. A possible route is to find a way into the mass media and announce this fraud to the world. But the world already knows and can't change our system so what is your point already.

    The only way to attack this system and initiate change is to use the power of government against the system. Find a politician that has power and is willing accept reason. Convince him/her to find a way to present charges of vote process fraud, and hope like hell that a committee will suspend the use of the process until a full investigation by independent panels can write an opinion. This will be time-consuming, and the result may not be what is desired, but as I see it, the only way to stop this potential fraud and abuse of the voting system.

  • Things to do (Score:3, Interesting)

    by Animats (122034) on Saturday October 18 2003, @11:30AM (#7248566) Homepage
    Print out the site. Send it to your Congressman. Ask that it be added to the Congressional Record as an "extension of remarks".

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.