Diebold Issues Cease and Desist to Indymedia

h0mee writes "Diebold, manufacturer of election equipment, has issued a Cease and desist notice to the upstream provider of San Francisco Indymedia for having links to mirrors of a leaked internal diebold memo. More than just a case of a leak, Diebold has been raising a lot of questions about the fairness and security of elections in the United States. (Perhaps it's time for peer reviewable software like gnu.free? ;)"

Only in America

[Anonymous Coward]

could the goverment actually convice its people that by pressing a button on an ordinary computer you have a democracy

Support Indymedia!

[quigonn]

Indymedia is a very important platform in the current world where most people are influenced by mass media. So, support them by giving them webspace outside of the USA, so that they will be able to continue exercising their right to free speech!

Re:Support Indymedia!

[curious.corn]

Dear AC, this happens because the very same kind of fools although right winged get their rants blared on FOX, SKY, CNN and big newspapers. It's only fair that our share of cretins get to blow off in less known websites, hosted on cheap beige boxes. Don't like this national hero bashing? There's plenty regimes left you can move to, some are even friendly countries according to the USA.

It's not the "hero bashing"

[DAldredge]

It's the articles/posts on Indymedia calling for the deaths of Jews and other that they don't like that bother some of us.

IMC has trolls, like everywhere else.

[bacchusrx]

Right--and Slashdot is just so free of trolls ;) You could serve dinner on a -1 threshold.

IMC newswires are largely unmoderated. People are as free to post filth as they are to post insight. Some editorial groups will hide (though not delete) obvious trolls, hate speech, and the like... but other editorial groups don't.

The software that operates the vast majority of the IMC sites (variants of Active and dadaIMC) has no concept of "community moderation" -- so most of the moderation that happens is done by

Re:Support Indymedia!

[op00to]

Indeed! If you're not with us, you're against us!

Re:Support Indymedia!

[Pig Hogger]

The reason why jews are able to get away with murder is that each time someone says something againt a jew, he shouts "ANTISEMITE!!!". Well, it won't work here, truncated penis, because I'm not afraid of being labelled an antisemite, 'cause it's bullshit.

I'm not antisemite, I'm anti asshole.

Re:Support Indymedia!

[HiThere]

Does it bother you that people who believe ideas you find silly should have a forum? Are they pretending to be anything other than what they are?

And, FWIW, one could create an analogy of known and attested facts that drew parallels between GWB and the Schickelgruber. Analogies aren't a firm basis for reasoning, but they are a means of determining suggestions as to where to look for additional information. And when other information is lacking, they are the firmest available basis for decisions.

Also, if

Re:Support Indymedia!

[akb]

AC,

From that link I see that some anonymous person called someone else a Nazi on an open posting medium. A flamewar ensued. Film at 11.

Indymedia is the home of intellectual dunces, and mental midgets who believe George W. Bush is equivalent to Hitler, that some right-wing cabal is pulling all the strings, and supporters of cop-killers, terrorists, and murderers.

To make that statment more accurate you'd also have to add something about the people that produce radio pieces on raising awareness about A [indymedia.org]

I would like to take a bet

[theolein]

Given the current overly coroprate friendly environment in US-Justice and vice-versa, I would like to take a bet that this will not be resolved and that Diebold will be free to win elections for it's favourite party.

DOJ ain't THAT business friendly.

[Shivetya]

I don't seem to recall this many investigations, procescutions, and leaks since the days of Reagan near the time of the S&L crisis.

Seems to me a lot of companines are now coming under scrutiny from a combination of things. Public sentitment, investor anger, and a Justice department that does act.

Yes they allow some things to slip by, but do the other 3 groups.

Remember, the DOJ just isn't in Washington. Ashcroft is a favorite whipping boy because he is the most visible part. He gets credit for some

Open Sofware Not The Only Solution

[Little Brother]

Guys, like always, you're jumping the gun a little bit in favour of Free Software. I do not deny that an open project could be usefull in voting machine technologies, but that is far from the only solution. All that is truly needed is accountability built into the system. If a commercial product created a paper-trail that could appeald to in case of a challenge of the voting results (and the voters could see their vote choice printed) it would solve the major problems the diebold systems were designed to have. True, a GPL'd solution could do this as well, but when we start saying that no commercial product will work, we start to look like zealots who's primary goal is to get Free Software out everywhere. The issue this time isn't free vrs non-free software, it is free vrs. non-free elections: if such is possible this is a more important issue than Free Software proliferation.

DAMN!

[DAldredge]

Just use paper! Is it really that hard?

Re:DAMN!

[op00to]

If you use paper, then you actually have to LIE about the election results to make them in your favor instead of just altering them in the database.

Re:DAMN!

[Detritus]

Just use paper! Is it really that hard?

Yes.

It adds a whole new set of problems. Adding an electromechanical device like a printer would greatly reduce system reliability and increase maintenance and operation costs. Making things worse, these systems sit in storage for months between elections. What are the environmental controls, if any, in the storage facility? The customer expects to pull these units from storage, power them up, and have them work. The customer is not going to have a dedicated gro

Re:DAMN!

[DAldredge]

No. Paper and A pen. Nothing that uses electricity.

Re:DAMN!

[HalfFlat]

You know, pencils are really cheap.

Re:DAMN!

[Kwelstr]

I'm sorry, but that sounds like hogwash. Have you ever played the lotto? Don't they give you a print out on your bet? The information goes to a central database, but you DO get a paper receipt. Of course... but we are talking something very important here: money.

Re:DAMN!

[canajin56]

I don't think he's talking about a receipt. The lotto receipt was just an example of how data can go into a database AND be printed out. He's just talking about a little print out that records each vote, so a person can go and read it and make sure it is the same number that the database has.

Re:DAMN!

[DAldredge]

There is just a LITTLE bit more incentive for someone to rig an election than steal from an ATM and/or kiosk.

Re:Open Sofware Not The Only Solution

[mocm]

GPLed software does not rule out a commercial solution. You can still pay someone for writing the software and since it is linked to the hardware anyway, what speaks against opening the source. It does not even have to be GPLed, you just need to be able to verify the software.
I for one would like to have a system, where I get some kind of receipt (maybe a chipcard or a code number) which I can use to verfy my vote anonymously on the internet or at a verification station.
All this is possible and can be done

Re:Open Sofware Not The Only Solution

[CTho9305]

People have proposed this idea... but how what happens when your boss asks you for your secret number? If you don't give it to him, he assumes you voted against his candidate of choice... if you do, he knows.

Re:Open Sofware Not The Only Solution

[TRACK-YOUR-POSITION]

Now, michael didn't say Free Software is the only way to go, he just suggested it as one possible solution. I don't see a problem with that. Interestingly, if you actually follow the link he provided to free-project.org, it contains this statement:

We used to develop the GNU.FREE Internet Voting software and we retain a strong interest in electronic voting issues, primarily through advocating why we feel it's an undesirable advance. Apparently, they're no longer fully interested in developing internet

Re:Open Sofware Not The Only Solution

[nagora]

All that is truly needed is accountability built into the system. If a commercial product created a paper-trail that could appeald

Which means open-source of some sort. Anything else can be rigged, including the paper trail it produces. No part of the election process should be hidden from the electorate, whether comuterised or mechanical. Is that zealotry? It sounds like Common Sense to me.

TWW

Re:Open Sofware Not The Only Solution

[roystgnr]

Anything else can be rigged, including the paper trail it produces.

Open source can be rigged too. In order to rig a simple system of printed paper ballots (where for example a touchscreen voting system prints out a ballot which only has the desired candidate names printed, in easily scannable fonts, and the voter then folds this ballot to hide the vote from view and places it through a slot into a transparent case), one would have to physically interfere with the ballots at many separate polling places.

Re:Open Sofware Not The Only Solution

[1010011010]

Closed source software suffers from those same problems, but on a much larger scale.

If we have to have electronic voting, open source is the only good solution -- it's the only OPEN system. Combine it with a signed build which can be verified by the local operators, and that's about as good as e-voting will get.

Of course, good old low-tech paper ballots are still better. You know, the kind where the voter draws a line between arrows with a permanent marker, rather than relying on a machine to correctly re

Re:Open Sofware Not The Only Solution

[HiThere]

My favorite is a large piece of paper and a bingo marker. If you MUST, you could put it on heavy paper and run it through an optical scanner, but it's easy to count by hand. And cheaper. And probably more reliable. And harder to cheat at.

Re:Open Sofware Not The Only Solution

[djtack]

My favorite is a large piece of paper and a bingo marker. If you MUST, you could put it on heavy paper and run it through an optical scanner

This is more or less what we do in Iowa (and it's been this way for a long time). The ballots are marked with a No. 2 pencil, and scanned by machine. The results of our elections are available within minutes of the election's end. But, the ballots are very clear and easy to hand-count, should it be necessary. Here [johnson-county.com] is an example of what the ballots look like.

Re:Open Sofware Not The Only Solution

[Ian Bicking]

A voter-verified paper trail should be hard to rig, unless you tampered with the rest of the process (allowing non-registered voters to vote, multiple votes, deliberately invalidating votes, putting up police roadblocks in front of some voting stations, etc). All of these are possible in any system, and are done. (It's disgraceful that people paid so much attention to hanging chads in Florida, when black voters were much more maliciously and deliberately denied their right to vote in 2000)

Voter-verifie

Re:Open Sofware Not The Only Solution

[ichimunki]

True, a GPL'd solution could do this as well, but when we start saying that no commercial product will work, we start to look like zealots who's primary goal is to get Free Software out everywhere.

There is no conflict between Free Software and commercial products. In fact, it's very likely that any Free Software-based voting system would be a commercial product. The point here is that voting machines are a major component in the engine of democracy and that there is absolutely no reason why they should

Re:Open Sofware Not The Only Solution

[kfg]

Please see Ken Thompson's totally moby hack of Unix, providing a back door even if a system was built from audited code.

http://catb.org/~esr/jargon/html/B/back-door.htm l

A "Paper Trail" is worthless with computer based voting machines unless the entire system is completely transparent to outside observers.

When it comes to elections no one, no one company and no one thing can be trusted without massive public oversight.

And most specifically the governement itself is the entity least trustable to "certify" that an election process is fair and properly conducted. I'm an American but I've lived through "democratic" elections in a third world country.

If the the press cannot hire its own experts to completely examine the system and freely publish its results there is no democracy.

KFG

KFG

KFG

Re:Open Sofware Not The Only Solution

[Talez]

I'm usually considered a moderate bordering on Microsoft apologist but this time I whole-heartedly side with the zealots.

Transparency is the key to this. Any hidden source code is a bad thing.

Shared Source License and Peer Review

[abe ferlman]

The useful half of this really matters. This is a case where I don't care if we can sell competing products, but I do care very much that the source open for review.

Even a Microsoft-style shared source license would be better than the status quo, though it pains me to say so.

No, free software IS the only solution.

[twitter]

True, a GPL'd solution could do this as well, but when we start saying that no commercial product will work, we start to look like zealots who's primary goal is to get Free Software out everywhere.

That's not the first time a comercial software advocate has stooped to name calling. I'll ignore it because it adds nothing.

I'd like you to name one advantage of closed source software and tell me how this outwheighs the need for public transparency in the electoral process. I can easily show that closed sourc

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Open Sofware Not The Only Solution

[1010011010]

An open solution is the ONLY solution. With paper ballots, the system is open to inspection and review. With closed software OF ANY TYPE, it is not.

Like always, you're jumping the gun a little bit in favour of Commercial Software.

Re:Open Sofware Not The Only Solution

[fname]

A lot of the respondents below are missing Little Brother's point. Salon had a great interview [salon.com] with Bev Harris disussing this. Anytime there is no paper trail, there's always going to be a question about the veracity of the audit log. For example, the machines could be tampered with at the point of voting. Yes, I'm sure the open-source wizards would come up with the perfect solution, because we all know there are no vulnerabilities in Linux, right?

The solution is simple. Touch screen voting. The machine

Time for an election GPL project.

[TyrranzzX]

We need someone to come up with a GPL'd project that is an OS that does ballots on the x86 platform which is open source and workable, freely downloadable and testable then get people together to demand that it be put on election systems instead of using questionable ones.

It is not time for gnu-free

[johannesg]

E-voting is simply a bad idea. Voting needs to be done using paper, in order to keep accountability. Paper, once written, cannot be changed and can always be recounted. Software offers no such guarantee, not even if a thousand 'experts' all proclaim the software to be safe.

Re:It is not time for gnu-free

[quigonn]

No, e-voting can make things much simpler. But for reasons of security, these machines must also print a audit trail on paper, so that the votes counted eletronically can be checked against the audit trail, and it must be written in a way that the voter can check whether it was written correctly. The Diebold machines do not meet these criteria, writing an audit trail only into an Access database.

Re:It is not time for gnu-free

[nagora]

these machines must also print a audit trail on paper, so that the votes counted eletronically can be checked against the audit trail,

So why bother with the electronic counting? If you are going to count the audit trail there's no point in the electronic count and if the audit trail isn't counted then the electronic system can happily push the vote 2 or 3 percent towards the paying candidate, while printing a fake paper trail, and no one will ever know.

TWW

E-voting is simply a bad idea.

[harriet nyborg]

E-voting is simply a bad idea.

Hear, hear.

The important thing in democracy is not the voting, it's the counting.

Any technology introduced to improve the act of voting cannot make the act of counting less transparent or democracy suffers.

It is apparent that Diebold's systems (not to mention Diebold's paranoia for secrecy) render the act of counting less accountable and less transparent. Ergo, democracy suffers.

If used in a close election - where exit polling and other secondary measurements are unable to confirm the results of the counting - the wrong person might actually get elected President of the United States of America.

With no sense of responsibility to the coutry at large, this illegitimate President might launch a series of Napoleonic wars to to compensate for his own feelings of inadequacy.

I digress into fantasy... the little blue ones I washed down with all those adult beverages must be kicking in.

Re:E-voting is simply a bad idea.

[Mostly a lurker]

If used in a close election - where exit polling and other secondary measurements are unable to confirm the results of the counting - the wrong person might actually get elected President of the United States of America.

That probably happened in the last election for US President. I say "probably" because so much spin surrounded the shenanigans over postal ballots and turning away of registered voters (erroneously barred as former felons) that I may have misinterpreted the evidence.

Re:E-voting is simply a bad idea.

[goon america]

The important thing in democracy is not the voting, it's the counting.

I think that really, voting is as important as the counting, and neither can be had without the other.

Re:It is not time for gnu-free

[Quixote]

E-voting itself is not a bad idea (the convenience of not having to deal with reams of paper ballots, fewer counting mistakes ("hanging Chad"), etc.). However, there needs to be a better audit trail left. If the voting machine simply reports the count, then it is noy good. It should be hooked up to a printer, where it can print out a little cards with a 2-D barcode (like PDF417, with lots of error-correction) on them, which can be counted with high accuracy on a scanner, in case of a dispute.

Re:It is not time for gnu-free

[Florian Weimer]

Paper, once written, cannot be changed and can always be recounted.

This matters only in theory. Apparently, the US voting system is so flawed that electronic voting is "good enough", compared to the other irregularities. Please keep in mind that the result of the last US presidental election in Florida was determined by (re)counting, but by a decision of the locall state parliament, and also that voter registration seems to introduce quite a bias in who is eligible to vote.

Re:It is not time for gnu-free

[vegetablespork]

I agree that there were irregularities in Florida, but disagree with this statement:

. . . and also that voter registration seems to introduce quite a bias in who is eligible to vote.

Voter registration, per se, does not introduce any bias (abuses like erroneous felon lists in Florida notwithstanding). It does cause a self-selection--that is, those who vote are those willing to take the time to register. This is why I oppose laws like "Motor Voter" and other efforts to make registration automatic. I also ve

Re:It is not time for gnu-free

[Istealmymusic]

You're just a right-wing Republican that realizes if more people vote, Democrats will regain control of the government.

Re:It is not time for gnu-free

[Dutchmaan]

I agree 100% on accountability, BUT e-voting is like any other technology something that can make the system much quicker and more efficient.

It takes a lot of time, effort and man power to count thousands or millions of votes. eVoting would defintely speed up and cheapen that process...

but again, I agree that before e-voting takes off there must be accountability on par with or better than our current system.

Re:It is not time for gnu-free

[EvilTwinSkippy]

I hear that. If I'm going to fight and be dragged through the muck, let it be over an RFC or IEEE spec about secure vote tallying over an open network, and documenting standards for electronic machines.

The government has standardized the diameter of fire hoses, the output of a voting machine should be cake.

Re:It is not time for gnu-free

[Brian_Ellenberger]

Right, cause there is NEVER any fraud using paper.

Paper ballots can be conveniently lost or stolen, altered, miscounted by biased observers, or a affected by a whole host of bad behavior.

With a free and open source e-voting system, we can elminiate much of the bias by having a neutral, unemotional party tally the vote. And hopefully in the future we can cross reference voters with databases so insure they haven't voted twice, are legal citizens, aren't dead, and aren't felons.

Brian Ellenberger

Re:It is not time for gnu-free

[El]

Can't you provide the best of both worlds, i.e. computer enter and automatically tabulate results, but still provide multiple paper copies of each vote (one for voter and one for electoral commission) that can be verified later? And yes, the voters themselves need to verify that the audit trail copy to be saved for recounts matches their actual intentions, so a Write Once Read Many (WORM) drive or any other media that is not directly readable by a human being is worthless.

Re:Paper is not infallible

[johannesg]

It is _much_ harder to commit fraud using paper. For one thing, with software it requires just one guy making one change to a piece of software to bend the election results for an entire nation. With paper the same thing can be done on a local scale, but it is very hard to pull it off nationwide without people noticing.

Where I live I can go and watch elections as they happen (I can ask to be an observer and that request must be granted). I cannot do that with electronic voting, since I cannot watch what g

Link to memo that works

[asmithmd1]

Here [scoop.co.nz] is a link to the memos thaty actually works

Simple System

[sjlutz]

How about just an electronic voting system that has redundancy. Example:
1) User votes for who they want to and it is recorded
2) Machine prints out card with users vote
3) Card is checked by user for accuracy
4) Card is then re-inserted into machine to generate the backup tally.

If the tallies from 1 and 4 don't match, the cards are "certified" and then rerun.

Re:Simple System

[nagora]

3) Card is checked by user for accuracy

How often do you think this actually happens? Generally, you're lucky if you can get people out to vote for Tweedledum or Tweedledee, asking them to do some work when they get there is going too far.

Even if they do check I can think of a couple of ways to rig it anyway if you just need or want a few percent onto your candidate/brother's vote.

Just get a piece of paper, put a mark on it, get a bunch of people to count the marks.

TWW

Re:Simple System

[vegetablespork]

If people are put off by putting in a little effort, it's just fine with me that they don't vote. People who are willing to put forth effort will decide elections, and everyone will benefit.

Re:Simple System

[nagora]

People who are willing to put forth effort will decide elections, and everyone will benefit.

Which is, of course, an argument for not having any electronic voting. Which is fine by me.

TWW

Re:Simple System

[Bronster]

3) Card is checked by user for accuracy

How often do you think this actually happens? Generally, you're lucky if you can get people out to vote for Tweedledum or Tweedledee, asking them to do some work when they get there is going too far.

It doesn't matter if it's only 1% of people who are doing that - if they notice that the machine hasn't printed what they asked for, they'll kick up a stink. More than a couple of people do that and the whole system will be called into question.

It's the same basis on

Re:Simple System

[nagora]

It doesn't matter if it's only 1% of people who are doing that - if they notice that the machine hasn't printed what they asked for, they'll kick up a stink. More than a couple of people do that and the whole system will be called into question.

Which is why you don't do it on every ballot and you allow a "re-try" option which is programmed to work correctly and various other methods of alaying suspicion.

TWW

Simple Fraud.

[twitter]

Let's use your admirable system, but assume that DiBold implements it. DiBold can change the results within the accuracy of a hand count and change the result of an election. The memos leaked indicate that this was not only possible, but that it was easy to do.

The attitude of DiBold's staff is unacceptable. Here's two outright shockers:

Ken Clark, dismmising a concern about no password being needed to modify the audit logs, "Of course everyone knows perception is reality." The idiot then goes on to des

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Simple System

[YrWrstNtmr]

4) Card is then re-inserted into machine to generate the backup tally.
If the tallies from 1 and 4 don't match, the cards are "certified" and then rerun.

And the software has a routine in it to report a 'match' between the real and the backup tally, no matter what the actual result.

At any point in the stream, the s/w could be made to report whatever the people who wrote want.
Unless there is a LOT more stringent pre-election auditing and security.

Re:Simple System

[ca1v1n]

I am reminded of an old adage, paraphrased here because I cannot find the exact text. "When headed to sea, take 1 compass or 3, but never 2."

To make matters worse, having a card printed out allows for chain voting. This is a scheme in which one voter sneaks their card out of the polling place, shows it to someone who pays them for their vote, and hands it to the next person who drops it in after they're done voting, and brings their card to get paid, and so it goes and so it goes. The first person can s

this is the most serious threat to America

[Anonymous Coward]

This isn't the only site that Diebold has shut down. I guess it just finally went far enough to get posted here. blackboxvoting.org is another one.

No educated person can believe that these systems are anything but a predesigned plan to subvert elections. It is impossible to make computer voting secure without compromising the secret ballot. Even the most basic steps to make these systems secure have not been taken.

There's no way to fix computer voting. Diebold will "fix" their security problems and it wi

How is this for a pear review-able while anonymous

[thecampbeln]

A hash is made based on the votes selections, voting location, vote submittal time, etc. Basically everything but the voters name (one (wo)man, one vote doesn't mean traceable).

This hash is printed and/or emailed to a voter-defined email address (which could default to a 3rd party organization if the voter has no email). This email would contain a link that when clicked would query the central database of tallied votes. If the user-passed hash string is contained within the tallied votes, all is A-OK. If i

Not anonymous

[Effugas]

The fundamental problem is that it needs to be impossible for me to prove to a vote buyer that I voted one way or another.

If I can prove to myself my vote was counted a certain way, so too can it be proved to others. And then votes get bought.

This is a _hard_ problem, and alot of it comes from misunderstanding the nature of it.

--Dan

Re:Not anonymous

[HiThere]

You know, buying votes is less bad than the current approach.

That says all about the current approach that needs to be said.

Well first off...

[thecampbeln]

This could consist of "Prior Art", where by invalidating anyone who could try to (file a bullshit software) patent this idea (plus the tongue-in-cheek attitude the comment was made in).

Second, it's a COMPUTER voting system, it's connected, besides... a voter-defined email address (which could default to a 3rd party organization if the voter has no email)

As for SPAM, valid potential problem, that's in intrinsic problem with email. As for email is not a reliable medium, and you'd get corrupted votes that wa

Incriminating text of the memos

[Anonymous Coward]

Internal Memos: Diebold Doing End-Runs Around Certification

Friday, 12 September 2003 (PDT)
By Bev Harris - blackboxvoting.org

http://www.blackboxvoting.com

If certification isn't being done properly, the whole house of cards falls. Below are actual copies of internal Diebold memos which show that uncertified software is being used in elections, and that Diebold programmers intentionally end-run the system.

Quick backgrounder first, scroll down to see the memos.

BACKGROUND

Our voting system, which is part of the public commons has recently been privatized. When this happened, the counting of the votes, which must be a public process, subjected to the scrutiny of many eyes of plain old citizens, became a secret.

The computerized systems that register voters, will soon sign voters into the polling place using a digital smart card, record the vote we cast, and tally it are now so secret they are not allowed to be examined by any citizens group, or even by academics like the computer scientists at major universities.

The corporate justification for this secrecy is that these systems adhere to a list of "standards" put out by the Federal Election Commission, and that an "ITA" (Independent Testing Authority) carefully examines the voting system, which is then provided to states for their own certification.

As it turns out, the states typically do not examine the computer code at all, relying instead on a "Logic and Accuracy" test which will not catch fraud and has frequently missed software programming errors that cause the machines to miscount.

A Diebold message board has been used since 1999 to help technicians in the field interact with programmers to solve problems. The contents of this message board were quietly sent to reporters and activists around the world, most likely by a Diebold employee. In a letter to WiredNews, Diebold has acknowledged that these memos are from its own staff message boards.

Without further commentary, judge for yourself whether Diebold has been following certification requirements:

From Nel Finberg, Technical Writer, Diebold Election Systems

(Note: Metamor/Ciber is the ITA assigned to certify the software)

alteration of Audit Log in Access

To: "support"
Subject: alteration of Audit Log in Access
From: "Nel Finberg"
Date: Tue, 16 Oct 2001 23:31:30 -0700
Importance: Normal

Jennifer Price at Metamor (about to be Ciber) has indicated that she can access the GEMS Access database and alter the Audit log without entering a password. What is the position of our development staff on this issue? Can we justify this? Or should this be anathema?
Nel

Reply from Ken Clark, principal engineer for Diebold Election Systems

RE: alteration of Audit Log in Access

To:
Subject: RE: alteration of Audit Log in Access
From: "Ken Clark"
Date: Thu, 18 Oct 2001 09:55:02 -0700
Importance: Normal
In-reply-to:

Its a tough question, and it has a lot to do with perception. Of course everyone knows perception is reality.

Right now you can open GEMS' .mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. In VTS, you can open the database with progress and do the same. The same would go for anyone else's system using whatever database they are using. Hard drives are read-write entities. You can change their contents.

Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the .mdb file. Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out.

It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the d

All the code use the English way of spelling.

[GoofyBoy]

>what this means is the software used in these elections was never looked at by ANYONE except a handful of programmers in Canada.

Don't you guys trust us Canadians? :)

Seriously, isnt't there something legalwise that any private citizen can do to stop or correct this sort of crap from happening?

Re:All the code use the English way of spelling.

[EvilTwinSkippy]

Sure, raise hell at our representative's office.

A phone call to your Federal/State representative is a) welcome and b) useful. A dead-tree letter is even better. And no, a form letter is NOT effective. Write your ideas in your own words, take the 2 minute out to track down where your representative's office is, lick a stamp, and send your thoughts on its way.

Use this republic for what it's designed for!

Re: Diebold machines

[blibbleblobble]

Quote from the leaked email

"It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor.

There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever."

Oh come on! It's as if the last 30 years of cryptographic knowledge never happened. Of course it's possible to digitally sign electronic data, and nobody with a clue about electronic voting would even consider not doing it.

These people are supplying voting machines, and they don't even know how to create tamper-evident databases? They even have the gall to assume their competitors are using the same simpleton technology as they are.

I suggest that anyone involved with these systems read Peter Wayner's Translucent Databases [wayner.org] for a primer on how databases can be made secure, even against those who know the root password. [not that Diebold machines seem to have a root password]

For further reading, Diebold might want to read some of Bruce Schnier's books [amazon.com], which are an interesting read on what can be done with cryptography, and what are its limitations. They might even consider hiring a competant expert, e.g. some of Schneier's peers.

p.s. I claim the quote above as fair use, under english copyright law.

Re: Diebold machines

[rthille]

Of course it's possible to digitally sign electronic data, and nobody with a clue about electronic voting would even consider not doing it.

Why bother? If you don't trust the system that does the signing, or the people who created the key it's signed with, then why bother to sign the data? It just gives a false sense of security.

Unless the system produces a human readable, physical record of votes that the voter can verify before submitting then the system is open to fraud.

Re: Diebold machines

[HiThere]

You are being charitable. You say:

These people are supplying voting machines, and they don't even know how to create tamper-evident databases? They even have the gall to assume their competitors are using the same simpleton technology as they are.


But I see no reason to believe that the security flaws were because they couldn't do better rather than just because they didn't want to bother. Whether actively or passively.

I've USED MSAccess, and I will certify that it is one of the stupidest decisions p

Re: Diebold machines

[budgenator]

Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

Oh really is the above aluding to :
A. election-fraud.
B. just plain bad software from Diebold.
C. piss-poor administration by some local-yocal election officials
D. All of the above

Voting fraud should not be tolerated

[TheRealStyro]

All evidence at this point stands to up to reason and makes clear the implications for a high level of vote taking, accounting, and tabulation fraud. The evidence presented should be enough to warrant any reasonable governments to bring the processes, in detail, into question and to suspend use of this voting platform until a grand jury can form an opinion and/or verdict on the continued use of these types of voting platforms.

OK, the above possibly being true, why haven't voters caused an uproar over this potentially corrupt system being used? Simple - apathy. Most citizens are too worried about other things to care about the government. Most people want the government out of their lives and in exchange they will stay away from government functions. This plays right into the hands of those willing to put a system, such as this, into production. What can be done about the citizenry? Very little. A possible route is to find a way into the mass media and announce this fraud to the world. But the world already knows and can't change our system so what is your point already.

The only way to attack this system and initiate change is to use the power of government against the system. Find a politician that has power and is willing accept reason. Convince him/her to find a way to present charges of vote process fraud, and hope like hell that a committee will suspend the use of the process until a full investigation by independent panels can write an opinion. This will be time-consuming, and the result may not be what is desired, but as I see it, the only way to stop this potential fraud and abuse of the voting system.

Let's put the patriot act to good use...

[Genda]

Inform Diebold that vote tampering will now be considered a form of terrorism and treason... punishable with sanctions up to and including the extreme and permanently extreme.

Add further that experts in technology from each of the parties represented in the election (including itty-bitty parties), will be appraising the results and the process by which votes have been counted.

Let them know that fraud will result in harsh and immediate reprisals against the company and more importantly it's CEO and Boa

Re:Let's put the patriot act to good use...

[release7]

Can you say "Salem Witch Trials" and "McCarthyism"? One of the reasons the Patriot is so dangerous is that there is the potential for it to be perverted and twisted to meet the objectives of the administration who enforces it. I'd be very careful about branding everyone a "terrorist" for common criminal activity or for having unpopular political/religious ideologies. That's not the road I think we want to head down.

My thoughts on a secure system

[YrWrstNtmr]

We have been concentrating too much on the post-election auditing, and not enough on the pre-election requirements, design, build test cycle.

A short proposal:

A) A vendor is chosen (Not Diebold, because they obviously cannot do it)
B) Vendor designs the system, chooses the tools, and builds it.
C) 3 validation teams are chosen. 1 commercial entity, 1 university entity, and one independant team chosen by 2 or 3 of the major parties. Maybe even us, the general public as well.
D) The teams audit and validat

what. the. f*ck?

[Ender Ryan]

So there's a debate raging on about the security of the nations voting systems, and Diebold claims copyright ownership of some leaked evidence? Is it even possible for correspondence to be copyrighted? If so, isn't the security of the nation just a little bit more important?

Does it matter that the correspondence seems to have been intentionally leaked by someone at Diebold? It just seems ludicrous for Diebold to claim copyright ownership of correspondence, especially correspondence that was made public

Re:what. the. f*ck?

[HiThere]

Under current copyright law, all correspondence is copyright by the author. Sorry about what seems reasonable to you. There essentially *is* no new public domain work. Merely work of unknown authorship. Declaring a work to be public domain doesn't make it public domain, even if you are the author, although I believe that it does cause you to lose the right to sue over uses that you disapprove of.

I believe that new public domain works can still be created in countries outside the system...but most count

Would this work?

[dgenr8]

Why doesn't the government simply become a CA, issue public-private key pairs to every voter, and have each voter create a "vote" document by signing it? All the votes could be posted publicly anywhere, and counted ad nauseum by anyone who felt the urge. If ever more than one vote from the same voter in the same election were found, that vote would be invalidated (the guy didn't keep a careful enough watch over his private key).

Here is mine!!!

[Pig Hogger]

http://emdx.org/r.php?U=BBV [emdx.org].

As my mother said, mirror early, mirror often.

Things to do

[Animats]

Print out the site. Send it to your Congressman. Ask that it be added to the Congressional Record as an "extension of remarks".

Amazing...

[idontgno]

The information contained in this notification is accurate as of the time of compilation and, under penalty of perjury, I certify that I am authorized to act on behalf of Diebold.

>snip<

Very truly yours,

Ralph E. Jocke

Sounds vaguely like something Bart Simpson would use over the phone to Moe's Tavern. I wonder if he has a partner named Strappe? "Jocke Strappe and Associates" would be a great name for a law firm.

No, I didn't have anything to add, I just wanted to mock the lawyer's name.

Re:Pretty effective

[Anonymous Coward]

Not all is gone. The main links page from the article has some interesting emails. Here are the first 2. Let's see if this gets to be the 2nd round of censorship that VA/Slashdot gets weasled into...


From Nel Finberg, Technical Writer, Diebold Election Systems

(Note: Metamor/Ciber is the ITA assigned to certify the software)

alteration of Audit Log in Access

To: "support"
Subject: alteration of Audit Log in Access
From: "Nel Finberg"
Date: Tue, 16 Oct 2001 23:31:30 -0700
Importance: Normal

Jennifer Price

not sure, but...

[TheSHAD0W]

You can try these:

magnet:?xt=urn:bitprint:NYW73XZ57R2QB2K2DPFS6NDAZ Y M2CHIW.SX3G7IQNFDENESHR4V6XEANMLH5R4FZEA5EZ7JY&dn= VOTER%20FRAUD%20-%20Electronic%20ballot%20maker%20 Diebold%20allows%20tampering%20of%20votes.%20Repro duce%20it%20yourself%20with%20this%20file%20or%20g o%20to%20equalccw.com.%20GEMSIS%20included.zip [magnet]

ed2k://|file|VOTER%20FRAUD%20-%20Electronic%20ball ot%20maker%20Diebold%20allows%20tampering%20of%20v otes.%20Reproduce%20it%20yourself%20with%20this%20 file%20or%20go%20to%20e [ed2k]

not the original lists

[TheSHAD0W]

(These point to the same file, by the way.) This isn't the original memo data, though it may contain it; it's a 100M zip archive. As always, be careful what you download off P2P networks.

Re:Pretty effective

[byolinux]

Google has HTMLd it.

http://tinyurl.com/rej1 [tinyurl.com]

Re:Fwd:this link should help

[Troed]

Thanks for the Freenet-link, worked just fine. Redoing it here as a real link [localhost] to localhost for those with FProxy installed.

Re:Fwd:this link should help

[TheSHAD0W]

corrected BitTorrent link [emptylogic.com]

Re:GNU.FREE founder has big ego

[moonbender]

Bram does have his picture up, it's on the donation page where he asks people to support him. I assume it's a fairly effective means of showing that there is a real person behind the software, trying to make a living.

Re:So do something about it

[AndroidCat]

Sure, go whine to your elected representives. Whine to them that if they don't do something about this, you won't vote for them next election.

Hang on a sec... I think I see a problem here.

Re: C&D

[Detritus]

An email is a copyrighted work, just like a letter written on paper.

Copyright protects "original works of authorship" that are fixed in a tangible form of expression. The fixation need not be directly perceptible so long as it may be communicated with the aid of a machine or device.

U.S. Copyright Office, Copyright Basics (Circular 1)

Put a password on the .mdb file???

[dcavanaugh]

Now that will have the hackers really quivering in their boots!

The last time I had a "password recovery" issue with Access, I found everything I needed to hack it with just a few clicks on Google. I spent about an hour searching for snippets of code to throw into VBA.

I guess the people at Diebold never heard about password recovery tools [elcomsoft.com]

Re:Do they not realize

[ScrewMaster]

Oddly enough, they probably do not. More to the point, if they had done nothing it would probably have blown over. But these businessmen are the kind who turn to their lawyers whenever they feel threatened, and the irrational need to "do something!" takes over. The idea of admitting their mistake and improving their product probably didn't occur to them. Furthermore, they obviously don't understand that once you put something on the Web, it's there forever, and there really isn't any point in issuing C

Re:Do they not realize

[red floyd]

A better approach, I believe, would have been to take the traditional paper-punch machines and simply add some hardware to electrically detect what holes were punched. Tally those outputs via computer, and store the boxes of paper votes as well. That way, if there's any question whatsoever about the accuracy of the electronic vote the audit trail is right there.

That's what currently happens. I think that any e-voting machines should use touchscreen/whatever and generate a paper ballot. The paper ballot

Re:Here is the link

[Saint Aardvark]

I've put up another copy of the book at http://saintaardvarkthecarpeted.com/bbv [saintaardv...rpeted.com]
. Let's see who gets a cease-and-desist first :-).

Re:For those who missed it

[advocate_one]

What I want to know is how come the mirrors are going down in other countries...

Can slashdot handle the flack if someone from outside the US posts the contents of the memos themselves??? would the EFF back slashdot up if slashdot refuse to take the posts down???