Sequoia Threatens Over Voting Machine Evaluation 221
enodo writes "Voting machine manufacturer Sequoia has sent well-known Princeton professor Ed Felten and his colleague Andrew Appel a letter threatening to sue if New Jersey sends them a machine to evaluate. It's not clear from the letter Sequoia sent whether they intend to sue the professors or the state — presumably that ambiguity was deliberate on Sequoia's part. Put another clipping in your scrapbook of cases of companies invoking 'intellectual property rights' for bogus reasons." Sequoia seems to be claiming that no one can make a "report" regarding their "software" without their permission.
No permission should be needed (Score:5, Insightful)
Sweet. (Score:5, Insightful)
Bullet. Meet foot.
The ambiguity is a dead giveaway. (Score:5, Insightful)
In other words, this is a scare tactic with nothing to back it up, pure and simple. If Sequoia thought the would have had actual grounds to sue, you can bet that they would have been chillingly specific in their letter.
When people resort to these sort of tactics to attempt to dissuade you, you can be assured you're doing something right.
Let's call a spade a spade: (Score:5, Insightful)
a. are afraid that there are gaping security holes in their machines
b. KNOW that there are gaping security holes in their machines
all the privacy zealots will no doubt say that my "if you have nothing to hide you have nothing to be afraid of" mentality is misguided, but let's take a step back and see what is on the line here. this is NOT about personal data, this is about objectively evaluating the security of a device that is going to be used in a VERY public fashion. do lamp makers threaten Underwriters Laboratories for wanting to make sure their device works as intended?
Re:Speechless. (Score:5, Insightful)
That's often the results with certain voting machines.
Re:Speechless. (Score:4, Insightful)
You are speechless for the right reasons but the majority of the American public will be speechless for another and far more unfortunate reason
"non compliant analysis"? (Score:4, Insightful)
thats like car salesperson attempting to sell you a car but only if you agree to take his word that it works and he'll sue anybody that you bring in to check the engine. if ever there was a warning bell not to buy their equipment that was it.
whats next? DMCA action against
Re:Yes but... (Score:5, Insightful)
Sure there is, apathy.
Re:Check, Meet Balance (Score:3, Insightful)
Re:No permission should be needed (Score:4, Insightful)
handy though (Score:5, Insightful)
If you ask me, Sequoia has been given some very bad legal advice. Didn't anyone stop to think about the public relations nightmare this would cause? Not to mention damage to their business.
Re:Check, Meet Balance (Score:5, Insightful)
Re:Reverse engineering (Score:4, Insightful)
This is about the future of democracy. These voting machine vendors are stripping transparency, security, and auditability out of our elections. None of us should give a damn what licensing agreement Sequoia wrote.
threat of suit (Score:3, Insightful)
IANAL but I am reasonably confident that Sequoia cannot successfully sue Felten. They may be able to sue New Jersey for breach of contract if in fact they have a contract with New Jersey that forbids such reviews. That may be the case - I believe that the license for MS Windows Server forbids reviews not approved by Microsoft. If there is such a contract, it would be interesting to see if it holds up in court. The "no review" provision is arguably void as being contrary to public policy.
Felten, however, has no contractual relationship with Sequoia and therefore cannot be in breach of contract. Sequoia therefore cannot sue him unless they can come up with another cause of action. Maybe, just maybe, they could sue him for disclosing trade secrets, if New Jersey has really nasty trade secret laws.
Re:Voting versus Gambling (Score:5, Insightful)
And what's your opinion if it's helping a republican steal an election?
Whatever response you give me, the words "a democrat" did not need to be in your post. Stealing an election is WRONG, whether it's a democrat or a republican. You took a very good post and diminished it with a bit of partisanship. I notice that you said "democrat" where usually the party affiliation is capitalized, so maybe you're scooting by on a technicality. But at that point we're parsing to the degree that we criticize politicians for.
Re:Check, Meet Balance (Score:4, Insightful)
Fixing elections is not something that has been enabled by new technology. The problem here is that the technology was supposed to reduce the fraud and inaccuracies, but it turns out it's just as hackable as the old pen & paper or punchcard systems despite the higher cost.
Re:handy though (Score:5, Insightful)
It's true, however, that IP claims are getting out of hand when a government and/or institution doing some work for the government is threatened with a lawsuit over testing hardware. These events are only going to get more egregious and ludicrous until Washington and the courts start handing these abusers their proverbial balls on a platter.
Re:Check, Meet Balance (Score:5, Insightful)
I Agree with Sequoia on this (Score:5, Insightful)
If their contract declares as such then they are in the right.
However, it should be a requirement at the state level, if not federal, to require this sort of outside verification and study. If a manufacturer does not agree to it then they should be considered for the application. Fair is fair.
Don't want to be hold accountable then don't expect our money.
I am quite sure some other company will step forward if there is money to be made and their intellectual property rights are protected. I am all for testing and certification by outside groups but I also realize that there is investment here and that needs protected first. What must come first is OUR rights, our rights to know that outside experts have certified a solution and future implementations will protect our vote. Surely some company will step up to this for the money. Maybe it will be the kick in the pants for some group already in place to do so.
Re:Ok, I RTFA, but still... (Score:4, Insightful)
Their voting machines are paid for by public dollars, used by the majority of the members of the public, to elect public officials, and they claim evaluation of their software cannot occur without their "permission"?
Their voting machines are SOLD (or maybe leased) to the government agencies that operate elections and have a contract specifying terms of use. They're claiming the contract forbids the sort of investigation that is proposed.
Now perhaps there are indeed such terms in the contract. In which case the New Jersey secretary of state (or a past one) made an unwise decision. Nevertheless, the state has a duty to insure that the system is not defective. Inspecting its operation, including that of the software if there is any question about its functionality (or even if there isn't, just to check), is obviously a part of that duty, and being inspected is obviously part of what it is to be a voting machine. So such contract terms, if present and interpreted as Sequoia claims, are clearly unconscionable. On that basis the state should be free to ignore the clause.
Alternatively, if the clause were to stand the resulting terms of use would make the machines "unsuitable for the intended use", violating the implied warranty of fitness. So the state could return them for a full refund. B-)
It would be interesting to see what would happen if Sequoia actually sued. If the contract specified interpretation under the laws of New Jersey (or didn't specify jurisdiction) the state might just refuse to be sued. B-) If it specifies another state (or they sue in their own) it would still be a funny show.
As for suing the professor, either he's acting as an agent of the state (in which case they're suing the state) or he's not (in which case he has no contract with them to enforce.) In the latter they'd have to go after him for something like DMCA violations or some part of contract law I'm unaware of.
Of course IANAL - and especially not a contract lawyer. So take the above with a suitable quantity of salt. B-)
Re:No permission should be needed (Score:5, Insightful)
If they do not have enough confidence in their system's security or accuracy to allow it to be tested, then it is not good enough to be used for e-voting. They have just demonstrated that their system can not be trusted.
Re:Sweet. (Score:4, Insightful)
But... New Jersey might file a countersuit against Sequoia claiming that they interfering with New Jersey's ability to verify that the machines are suitable for use in actual elections (before the elections are held and found to be invalid). Imagine GM suing a customer because they took their car to a non-GM mechanic to verify that some work had been done properly. I doubt the courts would look kindly on that.
If I were a New Jersey state elections employee, I'd be looking seriously at returning the equipment, informing Sequoia that it was unsuitable for use, and demanding my money back.
Finally, I'm guessing that Sequoia isn't all that interested in staying in the electronic voting machine business. This act will pretty much have everyone who's still considering even using electronic voting equipment making a mental note to cross Sequoia off their short list of vendors.
Re:Here is Sequoia's response from their website.. (Score:5, Insightful)
Obviously they don't. Anyone claiming that Ed Felten is unable to responsibly execute such a review should have her head examined. More to the point however, it is equally obvious that they are very much aware of Professor Felten's reputation, and would very much rather he didn't execute a responsible review of their equipment.
Hey
Re:threat of suit (Score:3, Insightful)
Yes indeed, and this behavior on the part of private corporations is hardly limited to the voting industry. It's happening all over the place. The Taser is another excellent example: medical examiners being threatened and sued by the manufacturer of that device if they put "death by Tasing" in their official reports. Doesn't matter one bit if the person who was killed did die from a tasing. The company doesn't want the publicity and will send their lawyers after anyone that makes a complaint, legitimate or otherwise.
Now, this is serious shit, because it is giving corporations the power to intimidate and influence public servants who are simply doing their jobs, jobs that We the People pay them to do. That's just WRONG and needs to be addressed at some point. Really, what we're seeing here is what happens when a society becomes fundamentally amoral: America operated on what was essentially an honor system for centuries. People didn't do this kind of thing because, well
Now that we've become very much a cutthroat capitalist society, nothing matters so long as you have your way, no matter who is hurt in the process. That's not the America I grew up in, let me tell you.
Re:threat of suit (Score:3, Insightful)
In any event, I am noticing that there are things that simply were not done in the past that are now commonplace, such as threatening public servants with impunity. I'm generally against the government (any government) here in the U.S. coming up with more law, but it does seem like corporations like Sequoia and the Taser outfit need to get slapped back. Maybe the Justice Department or the FBI could lay off the media-driven "piracy" bandwagon for a couple years, and put some of these corporate assholes in their place.
Re:Check, Meet Balance (Score:4, Insightful)
The solution for paper ballots is based on four principles: transparency, adversarial conditions, counting everything in a way that, if done right, makes double-entry accounting look like a random number generator, and decentralization.
Transparency means that every step of the process is done in the open, with multiple people watching. Adversarial conditions means that the people watching include representatives (i.e. campaign workers) of all candidates, who are highly motivated to ensure that the others don't cheat. In Scotland, for example, each candidate can even apply their own seal to the ballot boxes in addition to the electoral commission's seals, so they can verify for themselves that boxes haven't been swapped, opened, or lost. A fraudster would have to be able to duplicate the seals of every political party in addition to the electoral commission.
As for counting, every ballot paper must be accounted for. Polling stations start with a known number of blank ballots (verified by all candidates) and they must count the number of ballot papers issued, used, spoiled, and not used, as well as the number of ballots that end up in the ballot box, and if the numbers don't add up right then one can deduce that funny business is going on.
Finally, decentralization is important. With safeguards in place, it may still be possible to cheat in a few locations (although you'd have to get campaign workers from all sides to look the other way), but widespread fraud serious enough to steal a whole election becomes extremely difficult. It is difficult to compromise the process in many locations at once. And even though the central counting facility receives the counts from each polling station and adds them up, it can be made to echo the numbers back and discrepancies can be spotted. A centralized electronic system, though, can be compromised at the center, you don't have to take over every polling station.
Re:Check, Meet Balance (Score:5, Insightful)
Hardly.
Think of the issues in logistical terms. In a paper-ballot system, tampering with a ballot box in such a way as to make any appreciable difference in the vote result would require tools, materials, physical access and a certain amount of time and effort within a relatively small window of opportunity.
With an electronic system, if the state isn't allowed to run simulated elections or do detailed inspection of the voting machine and software, the window of opportunity for tampering is huge, the potential for altering the result is high, and the risk of detection is minimal.
Re:Check, Meet Balance (Score:3, Insightful)
Re:Check, Meet Balance (Score:2, Insightful)
If impartial ballot counter can't be found, how do you expect to find impartial software/hardware designers and reviewers?
At least ballot counters and monitors can be relatively unskilled. You can get a bunch of them with different biases and divide them up into teams to provide checks and balances. Harder to find a whole bunch of designers and reviewers and have them check on each other.