Diebold Threatens to Pull Out of North Carolina 615
foobaric writes "A North Carolina judge ruled that Diebold may not be protected from criminal prosecution if it fails to disclose the code behind its voting machines as required by law. In response, Diebold has threatened to pull out of North Carolina." From the article: "The dispute centers on the state's requirement that suppliers place in escrow 'all software that is relevant to functionality, setup, configuration, and operation of the voting system,' as well as a list of programmers responsible for creating the software. That's not possible for Diebold's machines, which use Microsoft Windows, Hanna said. The company does not have the right to provide Microsoft's code, he said, adding it would be impossible to provide the names of every programmer who worked on Windows."
Hmm... (Score:4, Interesting)
Hey Diebold, don't let the door hit you in the ass on the way out!
(Not that state regulators which didn't require a voter-verified paper trail up front have qualifications for anything but a prison cell, but hey...)
as well as a list of programmers (Score:4, Informative)
If they were using Linux, do you really think they could provide a list of programmers? I mean come on think of the thousands upon thousands who have contributed, many times without mention...
-everphilski-
Re:as well as a list of programmers (Score:4, Insightful)
Re:as well as a list of programmers (Score:3, Insightful)
But I agree - why they can't hire some people to custom-write some software to do this is beyond me. It'd probably end up cheaper and more stable. Kinda makes you wonder what Diebold expects North Carolina to pay them for when Microsoft did most of their work for them.
Diebold DOES have the WinCE source code! (Score:5, Informative)
It's unique among Windows versions in that it's not a finished product - each hardware vendor has to finish it for their own weird gear. WinCE was made to run on hardware that is NOT industry standard, everything from PDAs to TV set-top boxes.
Up through CE 3.0 you could download the entire source code from Microsoft's website. I think once they included the
At the central vote tally box, the Diebold GEMS central tabulator runs on top of WinNT/2000 series so they can't put THAT source in escrow.
Fun fact about GEMS: not only was convicted embezzler and admitted murderer Jeffrey Dean in charge of development for at least a couple of years, the program icon is a hoot. It's a fist holding a globe, basically a day-glow-colors version of the corporate logo for Dr. Evil in the Austin Powers movies
We should prowl around Diebold HQ looking for midgets, bald cats and sharks with unusual head prosthetics...
Jim March
Black Box Voting (staff)
Re:Diebold DOES have the WinCE source code! (Score:3, Interesting)
Great. Now I'm going to be thinking the worst next time I vote. Grr.
Some Diebold programmers were criminals (Score:5, Informative)
But as a practical matter it's impossible to name all of the Windows programmers either. The court wouldn't expect that of Diebold any more than they'd require a total list of Linux programmers from an open-source voting project.
What Diebold could easily do is name their own programmers.
Except there's no way in hell they'd want to do that.
In 2002 Diebold bought Global Election Systems, which became the Diebold Election Systems unit. Global was founded under another name in 1988 by Norton Cooper, Michael K. Graye and Charles Hong Lee...all with damned interesting resumes (footnote 1):
Norton Cooper - jail for a year mid-1980s for fraud against the Canada government; ordered out of stock pitch schemes and was part of the collapse of the Vancouver stock exchange - ordered by decree not to pitch stock after 1992 or so because he caused havoc every time. Written up by Barron's and Forbes as a "hazard to avoid at the golf course". First convicted of political corruption in 1974 - look up a Canadian case titled "The Queen v. Norton Cooper" 1977 Canadian Supreme Court.
Charles Hong Lee - stock schemes; Cooper's partner pitching deals. Defrauded Chinese immigrants, $600,000(Can) court-ordered restitution mid-90s. Sold "real estate" which was actually the bail for the third partner below to the tune of about $300,000(can) circa 1995ish.
Michael K. Graye - nailed for stealing $18mil from three companies in the '88-'89 era, caught in '94, jailed in the US for stock fraud around '94 re: Vinex wines, released around 2000 - 2002(3?) in the US, brought back to Canada, still in jail there. Arrested for tax evasion and money laundering circa '94.
Those three in turn hired even more "colorful" staff:
John Elder was a cocaine trafficker, in a WA prison early/mid 1990s...fellow inmate was Jeffrey Dean (see next entry). Handled ballot printing for Global late 1990s. Seems to have been the one to bring Dean into Global.
Jeffrey Dean was convicted early '90s of 23 counts of computer-aided embezzlement. He was a computer consultant for a large Seattle law firm and defrauded them of about $450,000 in what US courts called a "sophisticated computer-aided scheme". In a statement to Seattle PD, he claimed he needed the money because Canadians were blackmailing him; in that country, he'd gotten into a fistfight and the other guy had died. (Yes, I've seen the police report.) He joined Elder in the Global ballot printing business late '90s, and with Global's introduction was doing computer consulting with the King County WA elections division - they had no idea of his criminal record. By 2000 he was doing programming for Global and by early Oct. of 2000 he was a full employee and lead programmer for the GEMS vote-tally product still in use. By late Oct. 2000 and shipping in time for the November election, GEMS ver.1.17.5 contains the first "double set of books" problem where all votes are recorded twice internally and don't need to match...long story but it apparantly hides some forms of vote fraud. At the time Diebold bought Global in 2002, Dean quit and was immediately hired back as a consultant via management decision made within the division. This appears to be an attempt to keep Dean's criminal past out of Diebold corporate head office's scrutiny.
At the time Diebold bought Global, Dean owned 10% of Global's stock.
We don't know how many other lower-level progammers within Global/Diebold have criminal records. It's rather obvious that Diebold sure as hell doesn't want us finding out.
Footnote 1 - see also "Black Box Voting: Ballot Tampering In The 21st Century" by Bev Harris, esp. the "Diebold" section at the end of Chapter 8. Free PDF downloads can be found at: http://blackboxvoting.org/ [blackboxvoting.org]
WTF WTF WTF WHAT. THE. FUCK?!!! (Score:5, Interesting)
Ok, aside from being a convicted felon who comitted the very kind of crimes one should be worried about someone pulling in this situation... Usually, rational people being duly diligent about security would not trust someone who had anything in their background that would make them succeptible to BLACKMAIL.
This is some sort of goddamned perverse JOKE, RIGHT?!!!
Re:WTF - here's the criminal records! (Score:5, Informative)
http://www.bbvdocs.org/elder.pdf [bbvdocs.org]
There's their criminal records.
Mention of both are extensive in the various online databases of Global/Diebold's internal memos between 1998 and early 2003. Go google:
"Jeffrey dean" diebold
To be fair, at the time Diebold bought Global Dean was moved to consultant status, possibly to avoid the Diebold corporate background check. They damned well know about him NOW of course ever since Bev Harris broke the news.
Look, Global was based out of Vancouver BC. Bev and others have gone up there to talk to current and former employees...a LOT appeared to be "coked up" or talked about rampant drug abuse up there. If what we're hearing is anywhere close to accurate, Global acted like the set of a John Belushi movie or something.
Trust me on this: ain't no WAY Diebold will want to publish lists of programmers.
Notice how Diebold talks about source code escrow as the issue in NC? It's a red herring. Diebold does source code escrow in California no problem.
The issue is the programmer names. Major-grade doom involved.
Re:Some Diebold programmers were criminals (Score:4, Funny)
I'm sure glad my government hasn't entrusted its vote-counting to criminals.
Re:That is democracy (Score:3, Funny)
Re:Is that a threat or a promise? (Score:4, Interesting)
And even spookier, this link [commondreams.org] says:
and:
It gets spookier still when you look at Diebold's CEO Bob Urosevich's ties to the Republican Party and strong fundamentalist backgrounds. Whereever Diebold goes, the article says, historic Republic upsets follow.
Re:Hmm... (Score:5, Interesting)
The Diebold voting outfit was an aquisitio of a startup company, that was demonstrably lax in design and practices. The system cobbled together, of mostly desktop-oriented COTS was little more than a system for demonstration purposes, meeting almost no "behind the scenes" requirements that most anyone could have proposed. I would go as far as to say that this effort was, in likelyhood, a swindle.
Diebold is culpable for aquiring them - after a technology assessment - and continuing in this fashion. Possibly with the intent of enabling fraudulent vote recording and tabulation. Certainly Diebold "stonewalls", misrepresents and obfuscates every attempt to legitimately investigate their capability, practice and compliance.
But I don't worry about their ATMs!
Re:Hmm... (Score:3, Interesting)
Votes, on the other hand, are abysmally audited. There is no totally seperate system keeping accurat
Re:Hmm... (Score:5, Insightful)
Or how about you send each registered voter a voting card, which they hand in at a polling station on election day. They get given a voting paper, go into a booth, mark and seal their paper, then drop it into a black box. Votes are then counted by hand later. Say, that could work
The problem with that is that the votes get counted by a human being and human beings have prejudances. Anybody who tells you that they are 100% impartial is lying.
Care to tell me what exactly is wrong with the lever based voting machines that New York has used for the last 40 years? The voter signs in -- if there are any problems they get challenged by an inspector (very rare) -- they go into the machine, they pull down levers, the votes are counted and that's it.
The way some other states (Florida) do elections dumbfounds me. In NYS you are allowed to take anybody into the poll with you other then your employer or union offical. I watched party hacks challenging 85 year old voters in Florida because they asked their 60 year old children for help. WTF is that nonsense? And ID requirements? Yeah, that isn't a way to screw over poor people who might not have a drivers license or DMV ID -- last time I checked those cost money.
In NYS now you are required to give your social security number or drivers license number at the time you register. The State verifies your information against the SSA or DMV database. If you can't provide that information then and only then do you get flagged for ID. And after you have showed it once then you never need to show it again. What's the problem here? There isn't much room for fraud -- in most of the districts the elections inspectors know most of the voters. And we have the right to challenge anything suspicious.
How the hell can other states fuck this up so badly?
Re:Hmm... (Score:3, Insightful)
Centralized vote counting is the root of the corruption in the US voting system. Moving ballot boxes to "counting centers" is wrong - it allows focused corruption. Computer counting is wrong - it allows focused corruption. Distributed counting is *much* harder to coopt.
Re:Hmm... (Score:3, Interesting)
The multi-lateral committee is important - you should be able to find at least one Republican and one Democrat (plus as many independants as care) to observe/do the count. Each box should have a small enough number of ballots to count in less than an hour. Then you wind up having to buy off a *lot* of people to steal an election. Sure you can buy the count at a couple of boxes, but that's way less than you can now.
They already have those committees. And the Democrat or Republican always winds up challen
Re:Hmm... (Score:5, Insightful)
It's a productive system for what it's supposed to produce- an honest count. It's not designed to produce millions of counts an hour. It's not designed to do things fast. It's designed to do things ACCURATELY.
Re:Hmm... (Score:5, Insightful)
And there is no way that you could play tricks when counting, either. There'll always be at least six people there at the same time, counting; people who do this are recruited randomly (it's much like jury duty). Furthermore, more often than not, officials from the local administration will be present to oversee the whole thing; and also, the vote counting is open to the public, so everyone who wants to can come in and watch the votes getting counted.
The votes are counted twice, too, so it's relatively unlikely that an error would creep in. If there is any error at all, the whole counting process starts again from scratch.
And finally, the paper ballots are kept for a long period (I know it's a two-digit amount of years, although I'm not sure how long exactly - I'd have to look that up), so *if* someone - anyone! - thinks that the election results are invalid, a recount will be done.
Compare that with the things like the 2000 presidential elections in the USA, where the supreme court ruled that a vote recount was *not* legal - how can you *ever* justify a decision like that? Vote recounts should always be possible.
There's other differences that also give me more confidence in the German voting system; for example, we typically have participation levels around 80 to 85 percent in nation-wide elections, there are no lines when you want to vote (I think the longest I ever had to wait in line to vote in my life was two minutes or so), and you don't have to register to vote - if you're over 18, you'll get a notification in the mail.
So... a paper-based voting system not only can work, but it also can inspire much more confident than an opaque system where you just pull a lever or touch a touchscreen or do something similar without ever knowing how the machine supposed to record your votes actually works - and whether it works at all.
No, electronic voting is a bad thing that needs to be gotten rid of; the whole concept is so open for abuse that it should just be thrown out completely. Even when you have a paper voting trail, who says that the machine recorded the same vote that it printed on your paper slip? The only way to make sure would be to collect the paper slips from *everyone* in the same precinct, but that's pretty much impossible - not to mention that there certainly would be a court again that would forbid it, too.
Stick with paper voting. Everything else is bad for democracy, and voting is such a fundamental process in a democratic system that it should be treated with the utmost care. If you cannot *prove* that the new system you're proposing is not only as safe as the old one but also brings tangible improvements, then it shouldn't be adopted, and electronic voting, in whatever form, does neither.
Re:Hmm... (Score:4, Insightful)
Certainly. However, there are many issues at play here, some of which may have not been reported (or with any emphasis) overseas.
The first big issue is that the rules for determining a valid ballot were changed for the recount. So, the rest of the US was using one method, and a few counties in FL were using another.
The argument made by Democrats is that the vote distribution would be same no matter the method. The argument made by Republicans is that the vote distribution would change, given that the method changed.
The second issue is that individual counties were being cherry-picked for recounts. Republicans wanted a few where Republican voters turned out strong, Democrats wanted a few others where Democrats turned out strong. Third parties were ignored.
The third issue was the worst. The FL state supreme court is completely made up of Democrats. The US Supreme court is more balanced, but with a conservative (Republican) edge to it.
With the first count, the Republicans won by a slim margin of votes. Close enough that the Democrats filed a lawsuit for a recount. The FL supreme court allowed it. The gap between the Republicans and Democrats closed a little. The Democrats wanted another recount. The FL supreme court allowed it. The US Supreme court steps in, and rules Bush the winner. Later (press initiated) recounts declare Bush the winner.
So, this is the source of continued controversy, in which each side continues to report misinformation about the events that took place.
Re:Hmm... (Score:3, Insightful)
The actual sequence of events seems relatively accurate, however I think the more important fact here is that studies after the fact showed that a full statewide recount would've been decided in Gore's favor (there was an issue about the overvotes that never got counted, all the disputes dealt with undervotes ). So what it looks like really happened is that the Gore team made tactical errors in cherry-picking their r
Re:Hmm... (Score:3, Interesting)
Why should you trust the computer, why should you trust people, why should you trust punchcard machines? I would personally place more trust in a well designed system which by definition cannot do something it is not programmed to do than a human which is far more susceptible to mistakes. Computers are based on logic and maths, barring hardware error there is no way they can do something against their program. And even the most rudimentary error checking will deal with hardware issues.
Yes, and there is n
Re:Hmm... (Score:5, Interesting)
When the voting systems thing hit I got interested in them. They are a vendor we do business with and I started informally asking questions around the watercooler, seeing if the old guys have any stories. For instance, have we ever had security issues with their equipment, etc?
We have. And the stories. Oh, my god, the stories. It's enough to bring tears to your eyes. They've blown it in such amazing, over-the-top ways, you wouldn't believe me if I told you. What I take away from all this is that the only reason many financial institutions stay in business is the (ongoing) laziness of criminals.
So in other words, worry about their ATMs. Worry about anybody who does business with these guys. Before "paperless voting" Diebold was just another bunch of well-connected old white men swindling their buddies with 3rd rate code. But now they're just plain shady.
Re:Hmm... (Score:4, Interesting)
Unfortunately for the electorate, if the voting equipment screws up, it undermines the very foundation of a democratic country. And in this particular case, the customer is being asked to give up any hope of proving the equipment is flawed.
you're kidding, right? (Score:3, Informative)
Having had my entire account emptied and overdrawn because the bank screwed up with security and I provably didn't, I can tell you: the bank doesn't expose themselves to lawsuits if they screw up with your money.
In real life, you are entirely at their mercy. You can forget about getting any compensation for the time, headaches, late fees, and other costs re
Re:Hmm... (Score:3, Insightful)
Hell, aside from that, ATMs can depend on a well-connected private backbone network, with company owned lines and premise equipment.
Well connected? The last time I checked most ATMs at grocery/convinance stores used dialup to connect. Bank owned ATMs may or may not have a leased line (the ones my credit union uses do).
So how exactly is a hybrid network of 56k leased lines and dialup connections any better connected then most residential homes? Because it's a private network instead of the internet?
Re:Hmm... (Score:3, Insightful)
Verify that a miscount did not take place.
Prove that each voter's vote was recorded as they intended.
Show that only voters eligible to vote voted, and
that each only voted once.
Re:Hmm... (Score:4, Insightful)
Wrong. A script that purports to be a copy of the source may be open for everybody to read. The source that actually gets used is on a corporate computer where it can only be read by a few programmers, and the binaries that are produced are invisible magnetic patterns that can't be read by anybody. In between the purported source code and the actual binary code are half a dozen places where someone could have broken in to the system (whether physically, electronically, or just by handing over enough money) and inserted a back door.
Although it may be possible [voterverifiable.com] to create a primarily electronic system which doesn't allow votes to be undetectably changed or removed, it's not simple, and it requires you to cope with the possibility that the hardware or software may be tampered with. This isn't an easy problem, which is why most democracy advocates want to replace it with a simpler problem: creating a primarily paper system with electronic interfaces that allow paper ballots to be more easily and accurately created and counted.
don't go acting all : surprised ... (Score:5, Insightful)
It is my understanding that this is a fairly common requirement for government contracts involving software. Diebold should have been aware of such requirements before competing for the contract. I mean, when the government's actually being responible and not just handing out plums to favored campaign contributors.
Hell, they're probably not even going to audit the code. They just want to protect themselves if Diebold goes out of business, or loses the contract on re-bid or something. I mean, sure, they can potentially audit the code, but I haven't heard of such a thing ever happening. It's about support and fixin' bugs an shit.
Re:don't go acting all : surprised ... (Score:3, Interesting)
I don't think closed source software should qualify for copyright protection unless their source code is in escrow (with e.g. the Library of Congress at the publisher's cost) to be released at the end of the copyright term. Without the source code, you should only be afforded Trade-Secret protection.
And voting systems need transparency
Re:Hmm... (Score:5, Insightful)
NC doesn't want to know who coded Windows or to get Windows source code: NC wants to see the software package that tracks and tallies the votes. Yes, you could try to stretch the meaning of the statute, but NC isn't trying to do that: Diebold is trying to in order to claim that compliance with the statute is impossible.
The real issue here is that Diebold doesn't want NC to see what's in Diebold's code. Makes it awfully suspect to me...
Re:Hmm... (Score:5, Insightful)
Diebold is trying to interpret the statute to mean more than it says.
Actually the statute says exactly what Diebold was afraid it was saying. The state wants the source code to everything running on the voting machines. The second you start splitting the software into "disclosed" and "non-disclosed" boxes, the vendors will find a way to hide as much of their source code as possible. So we cut that off by requiring everything.
Note: I worked with members of the General Assembly on the original draft of the law, its numerous revisions, and the lawsuit.
-jdm
Re:Hmm... (Score:5, Interesting)
If the government makes an acknowledgement that certain components of the working system, including hardware and software, are proprietary materials owned by unrelated third parties and that Diebold is not responsible for the intellectual property pertaining to those components, then Diebold ought to be more than willing, certainly able, to comply with the order for those materials specifically under their own control.
That argument is fine for commercial activities like banking, airplanes, etc, etc, but this is voting we're talking about here. No one forced Diebold to use Windows. It was a design decision. I'm all for the free market solutions, but when the problem is how citizens select their representative government, any arguments in favor of "secret counting methods" just won't fly.
Why not just put a Diebold employee at each precinct and have each voter whisper their choice to that person through a curtain? Then, at the end of the day, the Diebold employee just tells us what the total is. If anyone questions their accuracy, they can point to some tic marks they made on a piece of paper (not that any voter actually saw these tic marks made) to "prove" they did it right.
Oh, and Diebold won't let us do background checks on these people because they hired some of these people from a temp company, and that temp company doesn't like publicising who works for them. Does that sound fair?
Besides, the source code is being held in escrow and is available only to certain NC Elections employees, and under NDA. If, even then, Diebold doesn't want to or can't comply, it's not our fault. It's my vote, not your experiment.
-jdm
Re:Hmm... (Score:5, Insightful)
Re:Hmm... (Score:3, Insightful)
Re:Hmm... (Score:3, Informative)
So how exactly did you expect anyone to comply? There will always be an operating system, probably either windows or a *nix.
Or a home-brew embedded system. Which is how four other vendors were able to comply with the provisions of the new law and bid without also filing a lawsuit. The computer world is not just Windows, *nix, and Mac.
And while you're right in that the auditors won't go through most of the code, it's useful to have the whole ball of wax for several reasons, such as being able to rec
Re:Hmm... (Score:4, Insightful)
Uh. How about, "To ensure that the someone has not hidden code in the graphics drivers to rearrange the names of the candidates onscreen so the votes get tallied for the wrong person".
Why would you NOT want to review all the code? Blissful ignorance?
Re:Hmm... (Score:5, Insightful)
Damn hard to PROVE when the machines in question were quickly locked up after the election, and there was NO official investigation into the complaints after Kerry ignored his constituents and conceded the election in Ohio. I heard the report on Air America Radio nearly a year ago now- in among other reports of 14 hour lines when the polls were only open for 12 hours due to misallocation of voting machines, ballots that were cast on paper but never counted, and upper class Republican neighborhoods getting preferential treatment for problems. I believe you could probably find something about it in Randi Rhodes' blog- which is about as useful for proof as Rush Limbaugh's blog.
btw, I do think Diebold's machines are probably corrupt, but your claim is ridiculous.
Why? If the code can be done as a joke, why NOT in a corrupt voting machine? And besides- my claim is only thirdhand knowledge at best- I said that there were reports of such behavior, not that I had seen it myself! I was 2000 miles away at the time!
portion of leaked code (Score:3, Funny)
if ( vote.party == DEMOCRAT ) {
vote.register(race, REPUBLICAN);
confirmation.print(race, DEMOCRAT);
} else {
vote.register(race, vote.party);
confirmation.print(race, vote.party);
}
Strawman's defence (Score:3, Interesting)
Could be that Diebold is hiding some illegal stuff (probably stealing other people's ideas or code) and don't want to be found out. Just a thought. It's obvious that North Carolina is only asking for the source to the stuff that Diebold itself developed, not third parties like Microsoft. The Windows defence is just a lame strawman, IMO.
good! (Score:2, Insightful)
Is North Carolina...... (Score:2)
The headline should read: (Score:5, Informative)
"Under pressure to comply with State Law, Diebold insead chooses to leave the field to its competitors."
Re:The headline should read: (Score:5, Interesting)
"Under pressure to comply with State Law, Diebold comes up with great excuse".
There is no way they will meet the law, because once it becomes apparent that the software has holes that allow vote manipulation, the remaining states will do the same.
Of course, the darkside is still trying to keep the public in the dark [bbvforums.org], at least in California.
Here's the rules that BlackBoxVoting must meet.
California protocols sent to Black Box Voting when they invited us to do the test Nov. 30:
- The media cannot attend
- The public cannot attend
- The number of people we can bring is so small that we cannot bring our attorney or a court reporter
- We cannot videotape, record, or keep explicit notes on it
- We cannot retain our own work product
- We cannot tell anyone what happened in the test
Put up or... (Score:5, Insightful)
*You are unwilling to
*You do not find it feasible to
*You find it technically impossible to
list the code in and programmers of your mission critical software that could have effects of the national security variety. The first? Maybe just greed. The second? Probably not a good sign. The third? If these people aren't getting the hint, something is seriously, seriously wrong here.
Re:Put up or... (Score:3, Interesting)
Re:Put up or... (Score:5, Insightful)
Risks are called that for a reason. If Boeing wants to take risks developing an aircraft that's their buisness. We're not (supposed to be) obligated to buy it - and if it crashes into the desert, it's abundantly clear that it didn't work.
But voting machines are a different beast. If they don't work (and this is only more of a problem without a paper trail) it's very difficult to prove it. So the real question is this -- do we want people taking risks with the electoral process?
Ultimately there needs to be some metric by which Diebold's (and it's competitors') machines are judged. In the absence of that metric, a free market is impossible and they are quite literally taking risks with our Republic.
Re:Put up or... (Score:5, Insightful)
But voting machines are a different beast. If they don't work (and this is only more of a problem without a paper trail) it's very difficult to prove it. So the real question is this -- do we want people taking risks with the electoral process?
No they're not!
A voting machine is a machine. An airplane is a machine. We know they work or don't work by testing them.
Your comparison is flawed, because you allow testing on the airplane. Anybody who gets on your example airplane after it crashes in the desert is an idiot, as is anybody who gets on before the plane makes a few hundred safe trips. Anybody who bought those diebold machines before knowing anything about them was an idiot [whitehouse.gov], anybody who bought them when the problems were coming out is an idiot [house.gov], and anybody who buys them in the future is an idiot [senate.gov].
The problem in this case, is nobody has tested this product adequately. A smart consumer wouldn't buy an airplane held together with duct tape and powered by rubber bands, and that's essentially what the diebold machines are with their numerous security flaws, and lack of paper trail.
In this case, the problem is that there is no smart consumer. There is only the government.
Proprietary shitware (Score:5, Insightful)
It suprises me that Diebold fails at this stuff so badly, considering how they've been doing it for years. I cringe every time I roll up to an ATM with their name on it. Luckily, my bank uses mostly NCR hardware
Use Linux instead? (Score:2, Insightful)
Re:Proprietary shitware (Score:5, Informative)
The list of developer names is pretty unreasonable, but code escrow is something that happens all the time, and only Microsoft manages to get out of it.
Re:Proprietary shitware (Score:5, Informative)
Second, your comment is interesting, considering two things:
First, that this is an article about how Diebold can't profide North Carolina with source escrow because it can't provide the Windows code. (You did read the article, right? Or perhaps you'd like to borrow some clue?) Regardless, the shared source license it part of the marketing bullshit that Microsoft uses to create their special case, and you've completely bought into it. Source escrow typically guarantees your right to continue to redistribute and advance development a third party product should the producer cease to exist or to terminate support for a particular product. Find that guarantee in the Microsoft Shared Source license. If Microsoft terminated production of CE, people who make products based on it would be screwed. The shared source license is not even close to equivalent to source escrow.
Second that it's naive to think that any developer list is complete, or that there is even a remote chance of proving it either way. Require it all you want, but in the end you're going to end up with a worthless list of names with no way to know if it's complete, or correct.
Re:Proprietary shitware (Score:4, Informative)
Only some of the code from the operating systems your listed is available under the shared source license.
Re:Proprietary shitware (Score:5, Insightful)
Because the groups buying the slot machines (casinos) have a vested interest in having quality products so they can make money. Therefore, they won't risk anything but the best.
Politicians & bureaucrats don't care. They're nearly impossible to fire (no matter how badly they screw up), and when they do leave, they have lucrative retirement benefits, and offers from lobbyist firms or the firms they took bribes...er I mean...campaign contributions from while in office.
Re:Proprietary shitware (Score:5, Insightful)
Re:Proprietary shitware (Score:4, Insightful)
Exactly. And that's a great requirement. The application in question is so sensitive, so important, and so specialised that I'm happy, as a taxpayer, to pay 2 or 5 or 10 times what it would cost to develop an off-the-shelf solution. The software in most military hardware is (or at least was until very recently) all purpose-built by contractors operating under some restrictions very similar to these: security clearances for all employees involved, which means names and background checks, code escrow, and even multiple independent implementations from different contractors used together in failsafe configurations. All of these safeguards and any others we can think of are appropriate for voting machines as well. I can't imagine that our nation is imperiled any more by a defective Tomahawk than it is by crooked voting machines. Death and slavery are, from the perspective of a democratic state, indistinguishable.
The requirements are entirely reasonable. If they can't be met by Diebold's current designs, Diebold can either design something that can meet the requirements (and increase their bids accordingly) or decline to bid on the project. Undercutting the competition by deciding not to honour some of the constraints isn't fair to the competition and it doesn't serve the needs of the buyer. Since the bidding process in NC is long since over, the only options at this point are altering the software to meet the constraints and eating the cost, or withdrawing from the contract. I don't really care which they do but simply refusing to perfom is not an option.
A Threat? (Score:3, Insightful)
Exactly how is this a threat? It's like terrorists threatening to take their ball and go home.
Message Loud and Clear... (Score:3, Interesting)
It seems to be clear that the intent was to have the actual source code and not just a copy of the software. Also, it isn't at all clear if that means the underlying platform or just the voting application on top of it, but why take a chance. And really, what would be the point of having access to half of the software stack?
Either the state of North Carolina really doesn't want a windows based voting solution or they are accidentally sending the message that "no closed source solutions need apply".
In either case poor, misunderstood Diebold may have to take their ball and go home. I think we can all agree that given their [bbvforums.org] track [bbvdocs.org] record [wired.com], this is a good thing.
Re:Message Loud and Clear... (Score:5, Insightful)
I think you guys are really reaching here. I don't see how what OS an application has to do with it. Providing the source code for the application should be enough. If Diebold is really taking this position, I think they are doing so to spread FUD. I don't think the state regulators care about the OS but rather the software used to control the voting machine. For you guys to buy into this is quite unfortunate and you are only helping Diebolds case by being sucked in by it.
Re:Message Loud and Clear... (Score:4, Insightful)
Please tell me someone capitalizing on open source voting is standing around to seize the opportunity.
Re:Message Loud and Clear... (Score:4, Insightful)
Re:Message Loud and Clear... (Score:4, Informative)
You haven't read Ken Thompson's famous bit on how to trojan the compiler and a particular application [bell-labs.com] so that you can't find any trace of the trojan in the source code for either one, then? (Was the first hit on a Google for "compiler trojan trust".)
Basically, if you don't have the entire stack, and a completely independent way to compile it, you have no idea what is happening in a completed stack. Especially if the code running at high privilege; you could have your I/O drivers replacing code blocks on load so that the application suite audits correctly.
Look at how much spyware for Windows works by intercepting basic system calls. Unless you have a trustable, independent way of re-creating the software stack, and then verifying that exact stack is actually running on the machine, you've got no reason to trust the box.
So, for any environment where trust is important, almost any operating system is too complicated.
Maybe not "COMMODORE BASIC V2", even though it's from Microsoft.
*Who* threatens? (Score:5, Insightful)
Something must be very wrong if the supplier is threatening the customer. What happened to the free market? If Diebold don't want the business, I'm sure another enterprising company will appreciate it.
Re:*Who* threatens? (Score:5, Informative)
If Diebold pulls out and somebody else steps in Diebold will sue the state for choosing a vendor which did not qualify under the original bid.
Most often laws and bids are written to benefit just one company like when a law gets passed exempting "any aluminum processing company which employs more then 300 people in a designated enterprise zone" meaning the alcoa plant down the street.
Procurement is the same. The specs are written so that only product complies.
Re:*Who* threatens? (Score:3, Funny)
Re:*Who* threatens? (Score:3, Insightful)
What has the free market to do with this?
This is a political issue, with political intent behind. Federal administration wants Diebold, some states resist. It is very obvious why.
USA citizens have a charming naivete about their political system that's kind of amusing.
For the rest of the world, a government insisting on a black box voting machine, is shouting FRAUD! FRAUD! from the rooftops.
Why do you b
What a dodge... (Score:2)
Um, yeah, complete dodge. Of course they don't mean to turn over windows code.
For the real reason I'd suspect he doesn't want to show the code: blackboxvoting.org
Thus, thanks to the partnership with Diebold (Score:2)
I wonder if Linspire will offer licenses to replace Windows boxen there?
Diebold threatens to pull out of North Carolina (Score:5, Funny)
Re:My thoughts... (Score:3, Insightful)
One down and 49 to go.
Great! (Score:2)
Yes you can (Score:3, Interesting)
Contact your govener, members iof the press.
Work at it, it can happen.
If you mean "Can we get this law to magically appear while I sit here and watch cartoons? then No.
If you can find out who sponsed the law in North Carolina, they might be able to point you in a good direction to get started.
Also, if you find a professor that specialize in politics at a local university, they might be able to help you out.
Think, Act, Succeed. In That Order.
Closed source is not the best tool (Score:4, Interesting)
My only question is how far down do these legal requirements go? If the operating system the voting software is running on needs to be open sourced, what about the hardware firmware? Does it need to be open source as well?
Re: (Score:2)
Threatened or promised? (Score:2)
If Microsoft is responsible for 99% of the code on a voting machine, (i.e. the OS and underlying libraries - basically everything Diebold didn't write), you really can't guarantee that an attacker won't compromise the system by targeting his attack against the 99% of the code that can't be examined.
Under such a circumstance, if I were on a standards board for voting equipment, (and assuming further that I was more interested in the integrity of the voting process
Pull Out? (Score:3, Funny)
I'll be here all week.
I say red herring/deflection (Score:2)
Sheesh...
word image: shames
(and, how appropriate...)
did you catch the judge's name? (Score:5, Funny)
God, Southerners have the coolest names.
So do it embedded. (Score:2)
It's a VOTING SYSTEM. Not the space shuttle.
How about disclosing circuit designs for the chip? (Score:3, Interesting)
the hardware might be designed to ignore software instructions
and give a different set of voting results.
questionable code (Score:4, Insightful)
i for one do not welcome our new data enabled overlords....
Such a shame... (Score:5, Funny)
Gee, that would be such a shame if that were to happen. I mean, North Carolina needs voting machines that are compromised by design, made by a company that has a vested interest in who wins the election, right?
Oh, whatever is North Carolina to do without voting machines made by an upstanding company like Diebold? Why, their voters might have to use the old paper ballot system instead! The horror!
Please stay, Diebold! Only a good rigged election can give us confidence in democracy!
Aren't these guys using Windows CE? (Score:5, Informative)
http://www.microsoft.com/resources/sharedsource/L
With Windows CE, "OEM customers worldwide can create and distribute commercial derivatives of the Windows CE 5.0 operating system source code for shipping in commercial devices without notifying Microsoft or sharing their derivative works with the embedded community."
Interpretation of responsible (Score:4, Interesting)
However, I'm fairly sure that you could meet that requirement with a list of the *responsible* programmers - i.e., the people in charge making decisions. Thus, you don't need to list every programmer - the person in charge of your particular embedded system fork ought to be sufficient.
So tell me again (Score:3, Insightful)
And more suspiciously, why are they threatening to leave instead of complying as much as possible? The court (i.e. ruling judge) should be able to apply the law in such a way that Diebold discloses all of their code, and then any remaining proprietary code from other vendors can be handled with those other vendors. Or is it that Diebold has something to hide? If their code really is secure, and actually does what they claim then they should have no problem showing everything they legally own. There really isn't anything that should be a trade secret about vote tabulation. I, for one, think it's disgusting that any US company would actually do the country such a disservice by trying to obfuscate for profit a product which is meant to facilitate the practice of democracy. Honestly, the whole board should be deported for conspiring to commit vote fraud. It would trivial to prove their innocence, simply release the code. Any other excuse smacks of dishonesty. In matters of government the appearance of impropriety should be treated as impropriety until/unless demonstrated otherwise.
In addition... (Score:3, Funny)
The may not want to be identified.
It's obvious (Score:3, Insightful)
I fail to see the downside of this?
All states should start requiring voting machines to be open source, and when Diebold doesn't comply because it's rigged, they can be banned without discriminating against the company specificly. Well done SC. Has SC ever been the leader in a good way for laws before?
Additionally, all electronic voting must come with a paper ballot that goes into the backup ballot box, and should be visible to the voter before it goes in. You might need to have the voter hand shove their paper stub - but printing ballots on site might introduce other problems.
Background info (Score:5, Informative)
Note: I have been working on voting integrity issues in North Carolina for a little while now, and advised the committees that drafted the bill in question.
The state passed a pretty comprehensive election reform bill, which included the provision that all vendors must hand over all code that runs, is installed on, or is otherwised used in the operation of the voting machines. No if, ands, or buts.
Our State Board of Elections did not like this. They want paperless voting machines, and badly. Like a six-year-old that's been told to clean up its room, they're dragging their feet on enforcing these (and other provisions). When writing the Request For Purchase (bid requirements), some staffer added a "clarification" that the vendors only had to hand over "available" software, and simply explain why they couldn't hand over the rest. In other words, "Here's why I'm going to be breaking the law today."
Lawmakers were not happy. The SBOE, however, didn't particularly care. They didn't see a problem with only handing over a portion of the code, and wanted to interpret the law as loosely as possible.
Diebold pointed out that "available" was different than "everything", and actually got a restraining order that prevented the state from suing them for not complying with any of the new provisions of the law. This case essentially overturned that ruling, saying "Uh, no, you actually have to comply with the law." Technically it says, "Ask your lawyers for legal advice, not the court, we're not going to pre-judge the law before there's an actual conflict (i.e., you actually get sued for violating these provisions."
So Diebold is going to take their ball and go home, since they would actually have to play by the rules. Oh well.
On a side note, I didn't see any evidence that Diebold actually tried to get a Shared Source [microsoft.com] license from Microsoft, which would actually let them escrow the code. Maybe Diebold didn't actually want to escrow, well, anything?
Imagine that.
-jdm
Re:Background info (Score:4, Informative)
To be honest, I think that the software's the wrong thing to be looking at. Simply require an audit trail that's independent of the machine count and will let you verify whether the machine tallies are correct without having to assume any part of the machine side is accurate, eg. a paper ballot printed, inspected by the voter and deposited in a ballot box handled seperately from the machine's memory packs.
The law also requires that. But examining the source code also gives you insight into the development process, not just the product.
Then mandate random comparisons of a sample of the machine results with the audit trail, with any significant discrepancy triggering an automatic across-the-board audit.
The law also requires that. It's a pretty good election reform law, across-the-board.
-jdm
Headline should read (Score:4, Funny)
This Is Just Ass Backwards (Score:5, Insightful)
I am a Citizen and an Elector (member of the Electorate) in the US. That puts me at the TOP of the pyramid in the election process. In the US, the Electorate is Sovereign. Where does Diebold or any other corporate entity get off trying to dictate how elections are held? They act like they have some god-given right to make money off of the process. Fuck that! They have a right to come grovelling, hat in hand, and ASK if maybe, just maybe, we might want to use some equipment they want to sell. We get to set the rules about how elections are held, not them.
My county uses optical scan ballots and ballot box readers. If a precinct shows some sort of wierd result, the elections commissioner, in the company of plenty of witnesses, pops that sucker open and looks at the ballots. End of problem.
I frankly don't give a damn if results aren't available until Wednesday morning, or even Friday. They aren't certified official for weeks, anyway. The only difference early results make is who gets hammered for what reason at what post-election party.
There is nothing more important than the election process. All legitimacy of the government flows directly from it. Diebold has no fucking place dictating any damn thing about that. Paper ballots work. If they are slow and more costly, that is a small fucking price to pay for legitimacy.
[/Rant]
Evidence of guilt. (Score:5, Interesting)
When it comes to individual rights, I thoroughly disagree with the argument which runs, "Why should you mind the police searching your home unless you have something to hide?"
But when it comes to the State, and it's employees, (like Diebold), the same logic is quite acceptable.
Let's all remember, the State is there to serve the public, not the other way around. At least, that's how it's supposed to work.
Thus, non-compliance with the most basic and rational doctrine, ("You must let us see how your voting machines work"), means to me that Diebold is hiding the fact that their machines are indeed faulty, and almost certainly deliberately faulty.
I'd love to see this break wide open, and have the journalists see the light and revolt against their Zionist-neo-con-Christian-brain-washed overseers, and publish the story far and wide. And then put Bush and his crew and the entire ruling elitist segment of the populace into prison. But I don't really expect this.
The most we'll see is a scapegoat being hung out to dry while the parade of evil continues.
The best way to resist is to do it on a personal level. Shine brightly and follow your internal compass as best you can. Defy The Lie. --Living in such a way will affect others in an ever-expanding ripple effect.
-FL
Diebold + Windows + hidden NSA key = hmmm... (Score:3, Interesting)
Interesting. [heise.de] Maybe it's not the Supreme Court deciding elections that we need to be worrying about... Maybe this is another reason why Diebold is so resistant to voter-verified paper trails.
Hanna basically said: (Score:3, Insightful)
I hate Diebold (Score:3, Funny)
Lawyer: Isn't it true that you hate Diebold?
Me (dismissively amused): Diebold? That cute upstart little company that stole the election and sent this country into an economic and moral state not unlike a dark, urine-soaked hellhole?
Cheney: We object to the term "urine-soaked hellhole" when you could have used the term "torture-free patriotic heckhole".
Me: Cheerfully withdrawn.
Lawyer: But what about that tattoo on your chest? Doesn't it say, "Diebold die"?
Me: NO! That's German for "The bold, the".
Re:I knew it! (Score:5, Insightful)
Why not? That's what we use in the UK for all national, reginal and local elections. It's worked well enough for a few hundred years.
Not True (Score:3, Insightful)
You could Fork an open OS, rip out all the non-relevant bits call it LxVote v.1 and then declare that you take responsibilty of the code.
In effect making you 'the developer' of the product you release.
This is what they are really looking for, who has looked at this code,and who is responsible if it doesn't count right.
There are sone OS"s where all the developers are known. GOTO springs to mind.
Re:Not True (Score:3, Insightful)
Due to the wording of the law, this may not be sufficient. Remember, it is the letter of the law and not the intent that causes problems.
Re:how about california (Score:3, Informative)
That's false. California in no way, shape, or form 'agreed' to anything. BBV required them to comply with their own laws. "Agreed" makes it sound like they had an option.
California is required by law to allow registered political parties to inspect the machines used for voting.
The Libertarian party hired the Black Box Voting group for a dollar
Re:paper trail, seriously. (Score:5, Insightful)
Because that would make it easier to prove election-fraud. See? It's simple when you hear the answer.
TWW