Diebold Issues Cease and Desist to Indymedia

h0mee writes "Diebold, manufacturer of election equipment, has issued a Cease and desist notice to the upstream provider of San Francisco Indymedia for having links to mirrors of a leaked internal diebold memo. More than just a case of a leak, Diebold has been raising a lot of questions about the fairness and security of elections in the United States. (Perhaps it's time for peer reviewable software like gnu.free? ;)"

Link to memo that works

[asmithmd1]

Here [scoop.co.nz] is a link to the memos thaty actually works

Re:Pretty effective

[Anonymous Coward]

Not all is gone. The main links page from the article has some interesting emails. Here are the first 2. Let's see if this gets to be the 2nd round of censorship that VA/Slashdot gets weasled into...


From Nel Finberg, Technical Writer, Diebold Election Systems

(Note: Metamor/Ciber is the ITA assigned to certify the software)

alteration of Audit Log in Access

To: "support"
Subject: alteration of Audit Log in Access
From: "Nel Finberg"
Date: Tue, 16 Oct 2001 23:31:30 -0700
Importance: Normal

Jennifer Price at Metamor (about to be Ciber) has indicated that she can access the
GEMS Access database and alter the Audit log without entering a password. What is the
position of our development staff on this issue? Can we justify this? Or should this
be anathema?
Nel

Reply from Ken Clark, principal engineer for Diebold Election Systems

RE: alteration of Audit Log in Access

To:
Subject: RE: alteration of Audit Log in Access
From: "Ken Clark"
Date: Thu, 18 Oct 2001 09:55:02 -0700
Importance: Normal
In-reply-to:

Its a tough question, and it has a lot to do with perception. Of course everyone knows perception is reality.

Right now you can open GEMS' .mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. In VTS, you can open the database with progress and do the same. The same would go for anyone else's system using whatever database they are using. Hard drives are read-write entities. You can change their contents.

Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the .mdb file. Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out. Ouch! a tough dig at their collegues/competitors.

It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor. Uh, oh. I think it's been brought up!

There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever.Youch! That wasn't nice!

By the way, all of this is why Texas gets its sh*t in a knot over the log printer. Log printers are not read-write, so you don't have the problem. Of course if I were Texas I would be more worried about modifications to our electronic ballots than to our electron logs, but that is another story I guess. Oh, yeah. A the one everyone *is* worried about!

Bottom line on Metamor is to find out what it is going to take to make them happy. You can try the old standard of the NT password gains access to the operating system, and that after that point all bets are off. You have to trust the person
with the NT password at least. This is all about Florida, and we have had VTS certified in Florida under the status quo for nearly ten years.

I sense a loosing this guy reads /. too much. 'losing', dammit

Incriminating text of the memos

[Anonymous Coward]

Internal Memos: Diebold Doing End-Runs Around Certification

Friday, 12 September 2003 (PDT)
By Bev Harris - blackboxvoting.org

http://www.blackboxvoting.com

If certification isn't being done properly, the whole house of cards falls. Below are actual copies of internal Diebold memos which show that uncertified software is being used in elections, and that Diebold programmers intentionally end-run the system.

Quick backgrounder first, scroll down to see the memos.

BACKGROUND

Our voting system, which is part of the public commons has recently been privatized. When this happened, the counting of the votes, which must be a public process, subjected to the scrutiny of many eyes of plain old citizens, became a secret.

The computerized systems that register voters, will soon sign voters into the polling place using a digital smart card, record the vote we cast, and tally it are now so secret they are not allowed to be examined by any citizens group, or even by academics like the computer scientists at major universities.

The corporate justification for this secrecy is that these systems adhere to a list of "standards" put out by the Federal Election Commission, and that an "ITA" (Independent Testing Authority) carefully examines the voting system, which is then provided to states for their own certification.

As it turns out, the states typically do not examine the computer code at all, relying instead on a "Logic and Accuracy" test which will not catch fraud and has frequently missed software programming errors that cause the machines to miscount.

A Diebold message board has been used since 1999 to help technicians in the field interact with programmers to solve problems. The contents of this message board were quietly sent to reporters and activists around the world, most likely by a Diebold employee. In a letter to WiredNews, Diebold has acknowledged that these memos are from its own staff message boards.

Without further commentary, judge for yourself whether Diebold has been following certification requirements:

From Nel Finberg, Technical Writer, Diebold Election Systems

(Note: Metamor/Ciber is the ITA assigned to certify the software)

alteration of Audit Log in Access

To: "support"
Subject: alteration of Audit Log in Access
From: "Nel Finberg"
Date: Tue, 16 Oct 2001 23:31:30 -0700
Importance: Normal

Jennifer Price at Metamor (about to be Ciber) has indicated that she can access the GEMS Access database and alter the Audit log without entering a password. What is the position of our development staff on this issue? Can we justify this? Or should this be anathema?
Nel

Reply from Ken Clark, principal engineer for Diebold Election Systems

RE: alteration of Audit Log in Access

To:
Subject: RE: alteration of Audit Log in Access
From: "Ken Clark"
Date: Thu, 18 Oct 2001 09:55:02 -0700
Importance: Normal
In-reply-to:

Its a tough question, and it has a lot to do with perception. Of course everyone knows perception is reality.

Right now you can open GEMS' .mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. In VTS, you can open the database with progress and do the same. The same would go for anyone else's system using whatever database they are using. Hard drives are read-write entities. You can change their contents.

Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the .mdb file. Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out.

It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the d

Re:Pretty effective

[byolinux]

Google has HTMLd it.

http://tinyurl.com/rej1 [tinyurl.com]

Re:Here is the link

[Saint Aardvark]

I've put up another copy of the book at http://saintaardvarkthecarpeted.com/bbv [saintaardv...rpeted.com]
. Let's see who gets a cease-and-desist first :-).

Re:Fwd:this link should help

[Troed]

Thanks for the Freenet-link, worked just fine. Redoing it here as a real link [localhost] to localhost for those with FProxy installed.

Re:Read what Noam has to say.

[dfn_deux]

Noam chomsky has since said that the introduction was used without his permission and further more that he disagrees with the "findings" of the book. His introduction is about supporting research of all kinds and not discrediting research just because the findings may be contrary to the popular belief.