Forgot your password?
typodupeerror
Censorship United States Your Rights Online

Diebold Issues Cease and Desist to Indymedia 421

Posted by michael
from the speak-no-evil dept.
h0mee writes "Diebold, manufacturer of election equipment, has issued a Cease and desist notice to the upstream provider of San Francisco Indymedia for having links to mirrors of a leaked internal diebold memo. More than just a case of a leak, Diebold has been raising a lot of questions about the fairness and security of elections in the United States. (Perhaps it's time for peer reviewable software like gnu.free? ;)"
This discussion has been archived. No new comments can be posted.

Diebold Issues Cease and Desist to Indymedia

Comments Filter:
  • by asmithmd1 (239950) * on Saturday October 18, 2003 @08:24AM (#7247687) Homepage Journal
    Here [scoop.co.nz] is a link to the memos thaty actually works
  • Re:Pretty effective (Score:3, Informative)

    by Anonymous Coward on Saturday October 18, 2003 @08:34AM (#7247718)
    Not all is gone. The main links page from the article has some interesting emails. Here are the first 2. Let's see if this gets to be the 2nd round of censorship that VA/Slashdot gets weasled into...


    From Nel Finberg, Technical Writer, Diebold Election Systems

    (Note: Metamor/Ciber is the ITA assigned to certify the software)

    alteration of Audit Log in Access

    To: "support"
    Subject: alteration of Audit Log in Access
    From: "Nel Finberg"
    Date: Tue, 16 Oct 2001 23:31:30 -0700
    Importance: Normal

    Jennifer Price at Metamor (about to be Ciber) has indicated that she can access the
    GEMS Access database and alter the Audit log without entering a password. What is the
    position of our development staff on this issue? Can we justify this? Or should this
    be anathema?
    Nel

    Reply from Ken Clark, principal engineer for Diebold Election Systems

    RE: alteration of Audit Log in Access

    To:
    Subject: RE: alteration of Audit Log in Access
    From: "Ken Clark"
    Date: Thu, 18 Oct 2001 09:55:02 -0700
    Importance: Normal
    In-reply-to:

    Its a tough question, and it has a lot to do with perception. Of course everyone knows perception is reality.

    Right now you can open GEMS' .mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. In VTS, you can open the database with progress and do the same. The same would go for anyone else's system using whatever database they are using. Hard drives are read-write entities. You can change their contents.

    Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the .mdb file. Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out. Ouch! a tough dig at their collegues/competitors.

    It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

    Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor. Uh, oh. I think it's been brought up!

    There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever.Youch! That wasn't nice!

    By the way, all of this is why Texas gets its sh*t in a knot over the log printer. Log printers are not read-write, so you don't have the problem. Of course if I were Texas I would be more worried about modifications to our electronic ballots than to our electron logs, but that is another story I guess. Oh, yeah. A the one everyone *is* worried about!

    Bottom line on Metamor is to find out what it is going to take to make them happy. You can try the old standard of the NT password gains access to the operating system, and that after that point all bets are off. You have to trust the person
    with the NT password at least. This is all about Florida, and we have had VTS certified in Florida under the status quo for nearly ten years.

    I sense a loosing this guy reads /. too much. 'losing', dammit
  • by Anonymous Coward on Saturday October 18, 2003 @08:56AM (#7247776)
    Internal Memos: Diebold Doing End-Runs Around Certification

    Friday, 12 September 2003 (PDT)
    By Bev Harris - blackboxvoting.org

    http://www.blackboxvoting.com

    If certification isn't being done properly, the whole house of cards falls. Below are actual copies of internal Diebold memos which show that uncertified software is being used in elections, and that Diebold programmers intentionally end-run the system.

    Quick backgrounder first, scroll down to see the memos.

    BACKGROUND

    Our voting system, which is part of the public commons has recently been privatized. When this happened, the counting of the votes, which must be a public process, subjected to the scrutiny of many eyes of plain old citizens, became a secret.

    The computerized systems that register voters, will soon sign voters into the polling place using a digital smart card, record the vote we cast, and tally it are now so secret they are not allowed to be examined by any citizens group, or even by academics like the computer scientists at major universities.

    The corporate justification for this secrecy is that these systems adhere to a list of "standards" put out by the Federal Election Commission, and that an "ITA" (Independent Testing Authority) carefully examines the voting system, which is then provided to states for their own certification.

    As it turns out, the states typically do not examine the computer code at all, relying instead on a "Logic and Accuracy" test which will not catch fraud and has frequently missed software programming errors that cause the machines to miscount.

    A Diebold message board has been used since 1999 to help technicians in the field interact with programmers to solve problems. The contents of this message board were quietly sent to reporters and activists around the world, most likely by a Diebold employee. In a letter to WiredNews, Diebold has acknowledged that these memos are from its own staff message boards.

    Without further commentary, judge for yourself whether Diebold has been following certification requirements:

    From Nel Finberg, Technical Writer, Diebold Election Systems

    (Note: Metamor/Ciber is the ITA assigned to certify the software)

    alteration of Audit Log in Access

    To: "support"
    Subject: alteration of Audit Log in Access
    From: "Nel Finberg"
    Date: Tue, 16 Oct 2001 23:31:30 -0700
    Importance: Normal

    Jennifer Price at Metamor (about to be Ciber) has indicated that she can access the GEMS Access database and alter the Audit log without entering a password. What is the position of our development staff on this issue? Can we justify this? Or should this be anathema?
    Nel

    Reply from Ken Clark, principal engineer for Diebold Election Systems

    RE: alteration of Audit Log in Access

    To:
    Subject: RE: alteration of Audit Log in Access
    From: "Ken Clark"
    Date: Thu, 18 Oct 2001 09:55:02 -0700
    Importance: Normal
    In-reply-to:

    Its a tough question, and it has a lot to do with perception. Of course everyone knows perception is reality.

    Right now you can open GEMS' .mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. In VTS, you can open the database with progress and do the same. The same would go for anyone else's system using whatever database they are using. Hard drives are read-write entities. You can change their contents.

    Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the .mdb file. Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out.

    It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

    Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor.

    There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever.

    By the way, all of this is why Texas gets its sh*t in a knot over the log printer. Log printers are not read-write, so you don't have the problem. Of course if I were Texas I would be more worried about modifications to our electronic ballots than to our electron logs, but that is another story I guess.

    Bottom line on Metamor is to find out what it is going to take to make them happy. You can try the old standard of the NT password gains access to the operating system, and that after that point all bets are off. You have to trust the person with the NT password at least. This is all about Florida, and we have had VTS certified in Florida under the status quo for nearly ten years.

    I sense a loosing battle here though. The changes to put a password on the .mdb file are not trivial and probably not even backward compatible, but we'll do it if that is what it is going to take.

    Ken

    Reply by Nel Finberg

    RE: alteration of Audit Log in Access

    To:
    Subject: RE: alteration of Audit Log in Access
    From: "Nel Finberg"
    Date: Wed, 17 Oct 2001 14:48:16 -0700
    Importance: Normal

    Thanks for the response, Ken. For now Metamor accepts the requirement to restrict the server password to authorized staff in the jurisdiction, and that it should be the responsibility of the jurisdiction to restrict knowledge of this password. So no action is necessary in this matter, at this time. Nel

    From Tyler to Ken Clark, Diebold Election Systems

    Re: Nichols Lab

    To: >,
    Subject: Re: Nichols Lab
    From: "Tyler"
    Date: Mon, 15 Feb 1999 14:04:19 -0600

    In point of fact, the user documentation MUST be completed before attempting certification. It is my understanding that the documentation is a certification requirement. I don't know how closely Nichols will scrutinize the documentation, but I wouldn't feel comfortable going forward with certification with what we have for GEMS. Ostensibly, the documentation we submit to Nichols will become the "certified" documentation and we ostensibly shouldn't provide anything but that to customers. But then again, with regards to the entire NASED certification process, I can never quite get a handle on the relationship between "ostensible" and "reality."... :-)

    From Ken Clark

    RE: AVTS - Diagnostics & Installation

    To: "Support Team (E-mail)"
    Subject: RE: AVTS - Diagnostics & Installation
    From: "Ken Clark"
    Date: Tue, 6 Jul 1999 16:41:56 -0500
    Importance: Normal

    > From: owner-support@gesn.com On Behalf Of > Juan Rivera

    > > I do not feel that it is necessary or desired to do this on each and every > election. We, the manufacturer, are supposed to set the > procedures to follow > for this equipment since we build it.

    I hate more than anyone else in the company to bring up a certification issue with this, but a number of jurisdictions require a "system test" before every election. I just helped Knecht yesterday with an RFP from Riverside that required this. That is why the AccuVote displayes the silly ***System Test Passed*** message on boot up instead of "memory test passed", which is all it actually tests.

    No argument from me that it is pointless. You could probably get away with a batch file that prints "system test passed" for all I know. We will do something along those lines with the new unit after a memory test or whatever.

    Ken

    From Ken Clark

    RE: Testing sb100 database 1.14.2 (asap please)

    To: "SUPPORT (E-mail)"
    Subject: RE: Testing sb100 database 1.14.2 (asap please)
    From: "Ken Clark"
    Date: Fri, 7 Jan 2000 09:38:52 -0600
    Importance: Normal

    > Do you all think it would be a good idea to get Jeff Dean to send us 10 or > so precincts by eight parties with pre-printed test decks from one of the > California sites for Jane to test AccuVote and CC???? If so, > I'll call Jeff > Dean and set up asap.

    *Any* testing we can do on 1.14 is a good idea. With the risk of sounding alarmist, 1.14 really needs more testing. Even though much of GEMS looks the same from the outside, the guts changed substantially between 1.11 and 1.14. That's why you see all kinds of things completely unrelated to shadow races broken in the early 1.14 releases.

    Hats off to everyone posting 1.14 bug reports.

    Ken

    (The above memo is important because it documents that the "guts" of GEMS 1.14 are substantially changed from the certified version, 1.11 -- it was then used in elections, but according to Diebold's own chart of which versions were certified, version 1.14 was never certified.)

    From Steve Knecht

    1.14 vs. 1.15 GEMS versions

    (uncertified versions used.)

    To: "Global Support"
    Subject: 1.14 vs. 1.15 GEMS versions
    From: "Steve Knecht"
    Date: Fri, 14 Jan 2000 17:10:34 -0800

    Is it the intention of development staff that California March election will be run on some version of 1.14 or will we end up in the 1.15 range. Can you comment on the following: Are the changes being made now to 1.15 GEMS things that are in the ballot layout realm, and will not impact ballot processing, or tabulation issues?? In other words, is it possible that changes made from now on will break things we're starting to test, such as memory card up/download, central count, etc. We are beginning testing of 1.14.4 this week. Should we be testing with something else?

    I guess a little summary picture of what you expect over the next 3 weeks of testing would be helpful. I'd say we will have to lock down GEMS by mid - February, AVTS ballot station is to go on-line, along with a pollbook function by Feb. 7, but we are supposed to do testing and L&A prior to this. No panic yet, just wondering where we're going to lock some of this down for the March primary.

    Here is the related memo from Ken Clark:

    Needless to say, the changes were extensive. The paint is still wet, and I expect people will want some tweaks in functionality as well as the obligatory bug fixes. We'll treat the early 1.15 series as "prereleases" for LHS testing so California does not have to suffer. Once 1.15 looks at least as solid as 1.14 though, we'll end the 1.14 branch. 1.14 and earlier Databases will upgrade to 1.15 without harm as usual. People testing 1.14 are encouraged to try out 1.15 to avoid any surprises when they are forced to upgrade.

    Ken

    (Here is a whole series of odd memos pertaining to how they should handle the inconvenience of an uncertified version number popping up on the screen in Florida)

    From Greg Forsythe

    Florida Certified Versions

    To: "Support"
    Subject: Florida Certified Versions
    From: "Greg Forsythe"
    Date: Thu, 17 Feb 2000 11:12:02 -0500
    Organization: Global Election Systems, Inc

    Just received a call from Beverly Hill, Alachua County. She has a survey form from the state regarding versions and things. She is at the SA screen and the version is 1.92-15. Saturday, Feb. 12 she created a screen test database. This copy has 1.92-14. 1.92-14 is certified, 1.92-15 is not. SOLUTION REQUIRED! Greg Forsythe

    Re: Florida Certified Versions

    From Nel Finberg

    To:
    Subject: Re: Florida Certified Versions
    From: "Nel Finberg"
    Date: Thu, 17 Feb 2000 09:51:10 -0800

    I am currently looking into the problem with Beverly. Nel

    From Greg Forsythe

    Re: Florida Certified Versions

    To:
    Subject: Re: Florida Certified Versions
    From: "Greg Forsythe"
    Date: Thu, 17 Feb 2000 12:55:09 -0500
    Organization: Global Election Systems, Inc
    References: 1.14 qualifies as long haul or not. That really depends on your comfort level. There is never any harm in ordering a CD. Other frequently asked questions while I am here:

    Features are always propagated forward. I suppose one day we might remove a feature, but I've never seen it happen.

    Baring bugs, artwork and memory cards are still compatible after GEMS upgrade unless there is a big announcement to the contrary. Its only happened once that artwork was incompatible after upgrade, and memory cards have never been incompatible.

    The database changes between major releases (1.15->1.16) but not minor releases (1.16.1->1.16.2). You can downgrade out of trouble between minor releases, but a major release upgrade is a one way trip.

    Ken

    From Jeff Hintz

    Software for Los Angelas, CA

    To: "Support Team (E-mail)"
    Subject: Software for Los Angelas, CA
    From: "Jeff Hintz"
    Date: Thu, 31 Aug 2000 12:31:06 -0500
    Importance: Normal

    I am going out to LA next week, and I would like to know what software version of Gems & AVTS is being sent out on their equipement. Thanks, Jeff Hintz

    (uncertified versions used.)

    From Rodney D Turner

    RE: Software for Los Angelas, CA

    To:
    Subject: Re: Software for Los Angelas, CA
    From: "Rodney D Turner"
    Date: Thu, 31 Aug 2000 13:31:55 -0500
    References:

    Is this a "testing" release or not? (Ashamed to ask). I think the hallucinations ought to be resurfacing with Steve already. Ken

    From Talbot Iredale

    (uncertified versions used.)

    RE: GEMS-1-17-1

    To:
    Subject: Re: GEMS-1-17-1
    From: "Talbot Iredale"
    Date: Thu, 31 Aug 2000 16:14:23 -0700
    References:

    This is no more of a test release than 1.16.9 was though I would not be surprised if we have to make more changes to fully support LA and Alameda. Tab Re: Software for Los Angelas, CA

    To:
    Subject: Re: Software for Los Angelas, CA
    From: "Steve Knecht"
    Date: Fri, 1 Sep 2000 09:10:49 -0700
    References:

    (uncertified versions used.)

    Jeff, I think my thread may be out of sync, but discussion with Tab yesterday indicated that you'd be at least at 1.17.1 or higher to provide you with the "import" capability with their database. I believe Rodney / Mike would have to tell you what they loaded onto AVTS. Tab is still working on several programs that may affect what AVTS Rev and GEMS rev we both end up with.

    From Tari Runyan

    1-17-7-5 testing

    To: "SUPPORT (E-mail)"
    Subject: 1-17-7-5 testing
    From: "Tari Runyan"
    Date: Mon, 23 Oct 2000 08:21:16 -0600

    (uncertified versions used.)

    I have tested this version to the extent I am able - twice even and unless anyone else has discovered anything - i think it can be released to the Ca Counties - Let me know if anyone else has any concerns as I would like to get this out this morning. Thank you

    (There are dozens more memos like this, and hundreds that document the use of uncertified versions of the voting system, spanning a period from 1999 to 2003.)

    Bev Harris is author of Black Box Voting: Ballot Tampering In The 21st Century ... See http://www.blackboxvoting.com/ and it's activist arm http://www.blackboxvoting.org/

    homepage: http://www.scoop.co.nz/mason/stories/HL0309/S00150 .htm
  • Re:Pretty effective (Score:3, Informative)

    by byolinux (535260) on Saturday October 18, 2003 @09:28AM (#7247873) Journal
    Google has HTMLd it.

    http://tinyurl.com/rej1 [tinyurl.com]
  • Re:Here is the link (Score:3, Informative)

    by Saint Aardvark (159009) * on Saturday October 18, 2003 @10:30AM (#7248129) Homepage Journal
    I've put up another copy of the book at http://saintaardvarkthecarpeted.com/bbv [saintaardv...rpeted.com]
    . Let's see who gets a cease-and-desist first :-).
  • by Troed (102527) on Saturday October 18, 2003 @11:34AM (#7248362) Homepage Journal
    Thanks for the Freenet-link, worked just fine. Redoing it here as a real link [localhost] to localhost for those with FProxy installed.
  • by dfn_deux (535506) <datsun510&gmail,com> on Saturday October 18, 2003 @01:53PM (#7248928) Homepage
    Noam chomsky has since said that the introduction was used without his permission and further more that he disagrees with the "findings" of the book. His introduction is about supporting research of all kinds and not discrediting research just because the findings may be contrary to the popular belief.

Never say you know a man until you have divided an inheritance with him.

Working...