Sequoia Threatens Over Voting Machine Evaluation

enodo writes "Voting machine manufacturer Sequoia has sent well-known Princeton professor Ed Felten and his colleague Andrew Appel a letter threatening to sue if New Jersey sends them a machine to evaluate. It's not clear from the letter Sequoia sent whether they intend to sue the professors or the state — presumably that ambiguity was deliberate on Sequoia's part. Put another clipping in your scrapbook of cases of companies invoking 'intellectual property rights' for bogus reasons." Sequoia seems to be claiming that no one can make a "report" regarding their "software" without their permission.

Speechless.

[zifferent]

Just speechless.

Re:Speechless.

[The Ancients]

Just speechless.

That's often the results with certain voting machines.

handy though

[rucs_hack]

If this gets thrown out, it will really dent future attempts to use methods like this to shield shoddy products.

If you ask me, Sequoia has been given some very bad legal advice. Didn't anyone stop to think about the public relations nightmare this would cause? Not to mention damage to their business.

Re:

[rograndom]

Didn't anyone stop to think about the public relations nightmare this would cause? Not to mention damage to their business.

Yes, and that's why Sequoia's threatening to sue. They obviously don't want the machine inspected.

Here is Sequoia's response from their website...

[HotNeedleOfInquiry]

3/18/2008
Sequoia Voting Systems supports third party reviews and testing of its election equipment

In response to some recent media reports, Sequoia is has issued a statement found at . Through this statement, we hope to educate individuals on the third party review mechanisms already in place in the election industry as well as our company's business practices regarding third party reviews and testing of its election equipment.

An independent review of a voting system is a complex and interdisciplinary process involving a broad knowledge of election law, public administration and technical matters. Many independent reviews have been successfully conducted within the framework of Sequoia's license rights pursuant to appropriate and mutually agreeable arrangements between Sequoia and governmental agencies charged by law with the authority to conduct such reviews. Sequoia welcomes all such responsibly executed review activities.

Please see the Election Technology Council's "Guidelines for States conducting Top-to-Bottom Reviews" found on the organization's website at for additional information.

- Michelle Shafer, VP of Communications

Re:Here is Sequoia's response from their website..

[ScrewMaster]

Sequoia welcomes all such responsibly executed review activities.

Obviously they don't. Anyone claiming that Ed Felten is unable to responsibly execute such a review should have her head examined. More to the point however, it is equally obvious that they are very much aware of Professor Felten's reputation, and would very much rather he didn't execute a responsible review of their equipment.

Hey ... if they've nothing to hide ...

Re:handy though

[Firehed]

If this gets thrown out? Surely no court could be so stupid to think that a third party's opinions of an available product can be stifled on the grounds of intellectual property laws. I can't think of anything even reasonably close to a valid excuse to allow it to go through. Perhaps they expect that it will come across as libelous (meaning a completely valid and accurate assessment that portrays them in a negative light - which just means that your company/product sucks), but the review would have to be out there first. I don't think a gag order can be issued in this kind of situation, and an NDA violation (assuming they ever held up in court, which is very rarely the case) hardly applies here.

I don't think a PR nightmare really applies. This kind of stuff rarely if ever hits mainstream media, and us geeks of Slashdot aren't really the type to buy into proprietary tools in general, let alone ones used for voting.

Re:handy though

[Darinbob]

If this gets thrown out? Surely no court could be so stupid to think that a third party's opinions of an available product can be stifled on the grounds of intellectual property laws. I can't think of anything even reasonably close to a valid excuse to allow it to go through.

That's where "intellectual property" becomes such a vague and dubious notion. Consider if this were a medical device. If health risks were involved, could a company forbid the FDA from investigating the device because someone signed a licensing agreement? Or if the FDA has no interest, what about restriction a state board of health from investigating the device?

In the past, less than one hundred years ago, it was extremely difficult to investigate dangerous products or workplaces. The government just didn't feel it was important enough to get involved in. There had to be major media effort to bring these problems to the public eye before there was enough pressure on the government to put pressure on companies. Such as hair products that could cause blindness and disfigurement, sometimes death (the reason that we have animal testing for cosmetics today). Companies didn't care if customer's were hurt, as long as they got their money first; but bad publicity made them at least pretend to care.

Or the use of radium on watch dials; a company where the chemists would use lead shields to deal with radium would suggest to the factory workers that they could lick the brushes used to pain the dials. That took a media campaign to publicize slow painful deaths of young women before the public demanded change. It's interesting here that US Radium threatened to sue to prevent publication of a damning report, since the author had signed a confidentiality agreement (deja vu).

But in this case, the danger is to elections, not someone's health. The question is whether this rises to the same level of concern. In the health cases, people had to die or become disfigured before the government and the public took any action. Do we have to wait for a stolen or hacked election before the people decide that the public's interests in this matter overrides intellection property? ("intellectual", hah, there's nothing so special about the technology here; shoddy hardware, shoddy software, slick marketting)

I don't think a PR nightmare really applies. This kind of stuff rarely if ever hits mainstream media, and us geeks of Slashdot aren't really the type to buy into proprietary tools in general, let alone ones used for voting.

But this needs to hid the mainstream media. Otherwise companies just go on with business as usual. Governments will never take any action unless they detect some sort of public outcry, especially in the modern climate where pro-active governments are frowned upon.

Re:

[kesuki]

Ironically, the US radium paint was toxic for 2 reasons. 1. radium 2. phosphorus most of the women died from the phosphorus poisoning that degraded away their bones, not from the radium poisoning. and you know what?
in france, where radium was discovered, they used 'cotton swabs' to apply the paint rather than horsehair brushes. cotton swabs had no need to be licked (the horsehair brushes had to be licked ever 2-3 strokes)

analysis of public voting machines will turn up ugly bugs like being able to report 1

Re:handy though

[MightyMartian]

There is an alternative to all of this. New Jersey can simple remove Sequoia from the list of companies they're considering for voting machines. I mean, if they don't have it already, they can simply pass law stating that all those submitting bids for supplying the state with voting machines must make a machine available for independent review by an organization or institution of the state's choice. If Sequoia doesn't like those terms, they don't have to bid.

It's true, however, that IP claims are getting out of hand when a government and/or institution doing some work for the government is threatened with a lawsuit over testing hardware. These events are only going to get more egregious and ludicrous until Washington and the courts start handing these abusers their proverbial balls on a platter.

Re:Speechless.

[garcia]

Just speechless.

You are speechless for the right reasons but the majority of the American public will be speechless for another and far more unfortunate reason :(

Re:Speechless.

[gnick]

the majority of the American public will be speechless for another and far more unfortunate reason

So - Let's let them be heard. Let's put the decision on whether or not to use the machines to a vote. It can be a trial run for Sequoia's machines. If Sequoia tells us that we voted in favor of using their machines, we know they're lying and ditch 'em.

Re:

[KillerCow]

Easy evaluation: "Epic fail."

Reasons: "The system was incapable of operating within the evaluation environment."

No permission should be needed

[Midnight Thunder]

I am sure the state of New Jersey can tell Sequoia to accept this investigation or say good-bye to any certification. Sequoia is just making themselves look bad and like they have something to hide.

Re:No permission should be needed

[falconwolf]

I am sure the state of New Jersey can tell Sequoia to accept this investigation or say good-bye to any certification. Sequoia is just making themselves look bad and like they have something to hide.

I agree however New Jersey probably has already paid for the machines. I can't see Sequoia telling the state they can't test them, have them tested scientifically, if they haven't already been paid for. This case can however be used to show other potential buyers just how the company operates.

Falcon

Re:

[TubeSteak]

I can't see Sequoia telling the state they can't test them, have them tested scientifically, if they haven't already been paid for.

Sequoia may have sold New Jersey the machine, but leased the software, or not.
Who knows?

It really depends on what the contract is between Sequoia and the State.
None of us know the details, so really, this whole thread is going to be just speculation.

Re:

[mstahl]

None of us know the details, so really, this whole thread is going to be just speculation.

Aw now it's not going to be as fun to read. Thanks for ruining slashdot! :(

Re:No permission should be needed

[moderatorrater]

With the company threatening legal action, why even consider going forward with the investigation? Threats usually come from feeling that what you're threatening is dangerous in some way, so it's highly likely there are security problems to be found. Additionally, the state shouldn't even consider using a company that opposes a comprehensive security evaluation.

Re:

[Bogtha]

I am sure the state of New Jersey can tell Sequoia to accept this investigation or say good-bye to any certification.

Tell them to accept the investigation? As far as I'm concerned, the fact that they are threatening to sue to avoid having their software examined for flaws automatically disqualifies them from consideration. Why bother with the investigation now? They are practically admitting that their software isn't good enough and that they will do anything possible to avoid fixing it.

I Agree with Sequoia on this

[Shivetya]

and you too.

If their contract declares as such then they are in the right.

However, it should be a requirement at the state level, if not federal, to require this sort of outside verification and study. If a manufacturer does not agree to it then they should be considered for the application. Fair is fair.

Don't want to be hold accountable then don't expect our money.

I am quite sure some other company will step forward if there is money to be made and their intellectual property rights are protected. I am all for testing and certification by outside groups but I also realize that there is investment here and that needs protected first. What must come first is OUR rights, our rights to know that outside experts have certified a solution and future implementations will protect our vote. Surely some company will step up to this for the money. Maybe it will be the kick in the pants for some group already in place to do so.

Re:

[Darinbob]

If their contract declares as such then they are in the right.

Not necessarily. A contract is not the totality of the law. Contracts can be found to be null and void.

In this case, I'd say just basic consumer protection laws would apply. The consumer has the right to determine if the product they purchased does what it claims to do. No "contract" can forbid that. That'd be like an auto maker forbidding the customer in a signed sales agreement from looking under the hood to see if there's an engine present.

I suspect the contract doesn't forbid verifying that

Re:No permission should be needed

[Rick17JJ]

If they do not have enough confidence in their system's security or accuracy to allow it to be tested, then it is not good enough to be used for e-voting. They have just demonstrated that their system can not be trusted.

Sweet.

[Jaysyn]

Yes, that is *exactly* what we want Sequoia to do. Sue a Priceton professor & *security* researcher.

Bullet. Meet foot.

Re:

[l2718]

Actually, threatening Felten with a lawsuit is quite effective. Now actual lawsuit needs to be filed. Since this would be consulting work, not research, he would not be covered by Princeton's Lawyers and will have to fend for himself, which is quite expensive -- so the threat of litigation might be enough to deter him. New Jersey, being a state, cannot be sued without its consent.

Re:Sweet.

[rnturn]

But... New Jersey might file a countersuit against Sequoia claiming that they interfering with New Jersey's ability to verify that the machines are suitable for use in actual elections (before the elections are held and found to be invalid). Imagine GM suing a customer because they took their car to a non-GM mechanic to verify that some work had been done properly. I doubt the courts would look kindly on that.

If I were a New Jersey state elections employee, I'd be looking seriously at returning the equipment, informing Sequoia that it was unsuitable for use, and demanding my money back.

Finally, I'm guessing that Sequoia isn't all that interested in staying in the electronic voting machine business. This act will pretty much have everyone who's still considering even using electronic voting equipment making a mental note to cross Sequoia off their short list of vendors.

The ambiguity is a dead giveaway.

[TripMaster Monkey]

It's not clear from the letter Sequoia sent whether they intend to sue the professors or the state -- presumably that ambiguity was deliberate on Sequoia's part.

In other words, this is a scare tactic with nothing to back it up, pure and simple. If Sequoia thought the would have had actual grounds to sue, you can bet that they would have been chillingly specific in their letter.

When people resort to these sort of tactics to attempt to dissuade you, you can be assured you're doing something right.

Re:The ambiguity is a dead giveaway.

[sm62704]

In other words, this is a scare tactic with nothing to back it up, pure and simple.

I'm wondering "how thay can threaten their customer?" Who do they think they are, the RIAA and that New Jersey is a mom on food stamps?

But perhaps they can. This cynical old man thinks there's a lot more here than meets the eye - Sequoia may surreptuously funnel cash to the campaigns of some of the high ranking New Jersey goons, er, excuse me, lawmakers/bureaucrats.

But then I'm in Illinois where the last Democrat Governor [wikipedia.org] went to prison, and the last Republican Governor [wikipedia.org] then went to prison. I'm thinking if a Republican wins the next Governor election, Blago [wikipedia.org] will join Ryan in a cell.

Rich powerful people don't play nice. You don't get to be a rich, powerful man by giving a rat's ass about anyone or anything except your money and power.

-mcgrew

(background on Illinois Politics): [wikipedia.org]

Politics in the state, particularly Chicago machine politics, have been famous for highly visible corruption cases, as well as for crusading reformers such as governors Adlai Stevenson (D) and James Thompson (R). In 2006, former Governor George Ryan (R) was convicted of racketeering and bribery. In the late 20th century Congressman Dan Rostenkowski (Dem) was imprisoned for mail fraud; former governor and federal judge Otto Kerner, Jr. (D) was imprisoned for bribery; and State Auditor of Public Accounts (Comptroller) Orville Hodge (R) was imprisoned for embezzlement. In 1912 William Lorimer, the GOP boss of Chicago, was expelled from the U.S. Senate for bribery, and in 1921 Governor Len Small (R) was found to have defrauded the state of a million dollars.[58][27][15]

Re:

[Mongoose Disciple]

My thought is, if the defense handles the case correctly, Sequoia can't win. Force enough dirty laundry up through discovery and make it a loud enough case that even if they win the lawsuit, the bad publicity is irreparable damage.

Of course, that assumes that governments will choose their voting machines in a somewhat reasonable manner in the future, which is not a good assumption.

Check, Meet Balance

[CheeseburgerBrown]

A voting apparatus without a clear path for auditing of every system and sub-system is an invitation to corruption. Comparable mechanisms in governance have checks and balances to ensure fidelity.

Why do these shifty porkchops think they ought to be exempt? Because it may make their investors nervous?

This is definitely a situation where the bottom line should be drawn by logic, not by dollars.

Re:

[markov_chain]

Maybe that's how this happened. Some clueless board member demands something to be done, slamming his first on the table. The task gets assigned to the CEO, who assigns it to the lawyers, who do "something" that will appease the chain of command all the while knowing how useless it is.

Re:Check, Meet Balance

[CastrTroy]

Any voting system should be verifiable by any member of the voting populous. Having a PhD in computer science should not be prerequisite for understanding the voting system. You also shouldn't have to take somebody else's word for it either. Pen and paper hand counted ballots make sense, because anybody can see exactly what's going on, and fully understand the process. If voters don't understand the voting system, then they might as well not even be voting.

Re:Check, Meet Balance

[ivan256]

The problem is the lack of even a single impartial ballot counter. Whereas an expertly designed and reviewed machine can be reasonably guaranteed to be bias-free.

Fixing elections is not something that has been enabled by new technology. The problem here is that the technology was supposed to reduce the fraud and inaccuracies, but it turns out it's just as hackable as the old pen & paper or punchcard systems despite the higher cost.

Re:Check, Meet Balance

[CastrTroy]

That's why the ballots can be counted, or viewed by multiple parties, who should all agree on the final counts. Anybody should be allowed to stand around and watch the counting. I'm not saying that no fraud would happen, because it's happened in the past, and it will happen in the future. I'm just saying that it should be obvious to the voting public when fraud is happening. The problem with machines, is that even if they are verified, it's impossible to know what code is running on it when you walk up to it on election day. Think of game consoles. They try to make it so you can only run licensed content. But people always find a way to run homebrew/pirated games. You can verify the machine all you want. There's no guaranteeing that the same machine will actually be used on election day. You could probably even put a completely different machine in front of people on election day, possibly in the same casing, although that's not even necessary, and people wouldn't even know they were using the wrong machine, because each polling district uses different machines.

Re:

[ivan256]

That's why the ballots can be counted, or viewed by multiple parties, who should all agree on the final counts.

That's why a fraudster could simply swap ballot boxes before the counting began. Or stuff ballots. Or... Well, you get the idea.

Just as you can't guarantee the machine hasn't been tampered with, you can't verify the ballot box hasn't been tampered with. It is the exact same problem.

Re:Check, Meet Balance

[FailedTheTuringTest]

No, it's not the same problem. It's easy for people to watch the movements of pieces of paper, make sure they end up where they belong, and count them. It's much harder to do the same with electrons.

The solution for paper ballots is based on four principles: transparency, adversarial conditions, counting everything in a way that, if done right, makes double-entry accounting look like a random number generator, and decentralization.

Transparency means that every step of the process is done in the open, with multiple people watching. Adversarial conditions means that the people watching include representatives (i.e. campaign workers) of all candidates, who are highly motivated to ensure that the others don't cheat. In Scotland, for example, each candidate can even apply their own seal to the ballot boxes in addition to the electoral commission's seals, so they can verify for themselves that boxes haven't been swapped, opened, or lost. A fraudster would have to be able to duplicate the seals of every political party in addition to the electoral commission.

As for counting, every ballot paper must be accounted for. Polling stations start with a known number of blank ballots (verified by all candidates) and they must count the number of ballot papers issued, used, spoiled, and not used, as well as the number of ballots that end up in the ballot box, and if the numbers don't add up right then one can deduce that funny business is going on.

Finally, decentralization is important. With safeguards in place, it may still be possible to cheat in a few locations (although you'd have to get campaign workers from all sides to look the other way), but widespread fraud serious enough to steal a whole election becomes extremely difficult. It is difficult to compromise the process in many locations at once. And even though the central counting facility receives the counts from each polling station and adds them up, it can be made to echo the numbers back and discrepancies can be spotted. A centralized electronic system, though, can be compromised at the center, you don't have to take over every polling station.

Re:Check, Meet Balance

[moeinvt]

"It is the exact same problem."

Hardly.

Think of the issues in logistical terms. In a paper-ballot system, tampering with a ballot box in such a way as to make any appreciable difference in the vote result would require tools, materials, physical access and a certain amount of time and effort within a relatively small window of opportunity.

With an electronic system, if the state isn't allowed to run simulated elections or do detailed inspection of the voting machine and software, the window of opportunity for tampering is huge, the potential for altering the result is high, and the risk of detection is minimal.

Re:

[Dutch Gun]

What exactly could I, as a member of the voting populous, do to ensure that a pen and paper system hasn't been somehow gamed? Count up every ballot myself? The idea that a single citizen can oversee the process seems a bit far-fetched, either for paper ballots or an electronic system.

The world's finances and markets are governed by computers. There are ways to ensure someone simply doesn't add or delete arbitrary amounts of money to accounts. Tell me how this problem can be solved, yet tallying votes ca

Re:

[MightyMartian]

I don't know of any paper ballot counting system that works the way you appear to be saying they do. Here in Canada, there are scrutineers from every party present at the polling station during both the casting of ballots and during the counting. There are rules for recounts where the winning candidate and the candidate coming in second are very close (I believe it's within 100 votes, at least for Federal elections), and ultimately, if necessary a judicial recount.

Re:

[CastrTroy]

Financial systems rely on the fact that the transactions aren't anonymous. Money always goes from one account to another. In the voting process, it's (supposed to be) completely anonymous. A bunch of people come in, and bunch of votes are cast, but nobody should be able to tell who voted for who. Imagine the same with a bank, where deposits have to be made to the correct accounts, but you can't verify which account they are coming from.

Re:

[perlchild]

Can't the state just sue them for misrepresenting their software as "suitable"?

Something tells me that not just accepting, but passing an independant audit should be a requirement for just bidding on the contract, let alone winning it.

But the supplier is saying an independant audit(due diligence on the part of the elected officials, IMHO) is against the terms of the contract? WTF?

I for one...

[Jumphard]

...don't think that Sequoias [wikipedia.org] should be voting in the first place.

Re:

[sjames]

...don't think that Sequoias should be voting in the first place.

I'm not so sure. Perhaps they would have known enough to tell Bush to try again when he grows up. I'm pretty sure they would have given Ficus a landslide victory.

Re:

[whitehatlurker]

Why not? Many of them are old enough, and they're likely smarter than the average voter ...

... foliage suffrage now.

Let's call a spade a spade:

[jockeys]

and see that the only reason Sequoia is pissed off is that they either
a. are afraid that there are gaping security holes in their machines
b. KNOW that there are gaping security holes in their machines

all the privacy zealots will no doubt say that my "if you have nothing to hide you have nothing to be afraid of" mentality is misguided, but let's take a step back and see what is on the line here. this is NOT about personal data, this is about objectively evaluating the security of a device that is going to be used in a VERY public fashion. do lamp makers threaten Underwriters Laboratories for wanting to make sure their device works as intended?

Re:Let's call a spade a spade:

[orclevegam]

I for one say we need to amend the patent and copyright acts to make devices used to voting unpatentable, and exempt from copyright, or barring that, that the certification process requires all rights to be signed over to the government. These machines by their very nature should be open to the most detailed scrutiny imaginable by anyone who feels so inclined. If the companies want to make money on them sell maintenance and manufacturing contracts, but there should be no way to claim trade secrets on anything used for voting.

Re:Let's call a spade a spade:

[NeutronCowboy]

Someone mod this guy up. I find it unconscionable that it is possible to patent or copyright something that is absolutely critical to the fundamental processes of democracy. Sequoia might as well demand that they be made Emperors of America.

Re:Let's call a spade a spade:

[RobBebop]

I find it unconscionable that it is possible to patent or copyright something that is absolutely critical to the fundamental processes of democracy.

Also unconscionable is the notion that the underlaying software algorithm would essencially boil down to a very simple statement that looks something like the following:

vote++;

You could argue that there is some finesse involved in getting that data from the machine it was cast at to the central tallying point where it is counted and tabulated, but NOTHING in that process is any more complicated than the Automated Teller Machines which function in a similar way to take data from client nodes and send it up to the hub... so "prior art" in the realm of basic concepts of networking makes those patents unattainable.

Re:

[NeutronCowboy]

Also unconscionable is the notion that the underlaying software algorithm would essencially boil down to a very simple statement that looks something like the following:

vote++;

Agreed. Though I admit that after Lessig gave up his fight for copyright reform and instead went after the more fundamental problem of corruption, I gave up hope for seeing this addressed in my life time.

Re:

[RobBebop]

Well, Lessig's current crusade is trying to fix a different algorithm:

corruptCampaignContribs == TRUE ? vote += 2 : vote++;

In theory, if uncorrupted legislatures were in Congress, they could actually make rules that are based on what is best for the population and NOT based on how much Industry XYZ's lobbyist gave to their re-election fund.

Re:

[bmw]

I for one say we need to amend the patent and copyright acts to make devices used to voting unpatentable, and exempt from copyright, or barring that, that the certification process requires all rights to be signed over to the government. These machines by their very nature should be open to the most detailed scrutiny imaginable by anyone who feels so inclined. If the companies want to make money on them sell maintenance and manufacturing contracts, but there should be no way to claim trade secrets on anythi

Re:

[zrq]

Yep. I agree.

If Sequoia have nothing to hide ... what are they afraid of ?

Re:Let's call a spade a spade:

[Migraineman]

Lamp manufacturers pay UL for the privelege of being certified. UL doesn't randomly grab equipment and force a cert upon it. The voting machine manufacturers should be more than interested in having third-party audits of their equipment ... unless they are either crap or corrupt. I suspect the former, but the latter isn't too far behind.

Regardless, I don't see how the manufacturer could impose restrictions on the equipment if it has been sold. Leased? Yeah, that'd come with a use restriction because title never was transferred.

Yes. And why does UL do it?

[Kupfernigk]

Because if you don't get your equipment certified, and somebody's house burns down as a result, the insurance company will see you in court. UL is the Underwriters' Laboratories - they are, basically, there to tell insurance companies what is safe and what is not.

Who is the equivalent agent in this case? Perhaps what is needed is a Federal Bureau of Electoral Fraud - which has the power to prosecute any supplier of voting machines which turn out to have backdoors, obvious security risks, or other means for

Re:Yes. And why does UL do it?

[dbc]

Neveda Gaming Commission [nv.gov]

I hear they are pretty good a doing hardware/software system audits and design reviews.

Yes but...

[Bryansix]

Sequoia seems to be claiming that no one can make a "report" regarding their "software" without their permission

Yes, but nothing is stopping Sequoia from being hung in the court of public opinion.

Re:Yes but...

[garcia]

Yes, but nothing is stopping Sequoia from being hung in the court of public opinion.

Sure there is, apathy.

Please sue! Please sue!

[Reality Master 201]

Please, please, Sequoia - suing over this is exactly the right course of action for you.

I also suggest that you try to get a judge to order ISPs to remove the DNS records for Princeton and the state of New Jersey, while you're at it.

Re:

[Miseph]

"I think Felten and Appel could influence some decision-makers by going to them personally and explain why third party review is a good thing and why they shouldn't put the engine of democracy into the hands of someone who prevents the governed people from understanding what is done with it."

Nice. I see you want to invoke the obvious solution effect of common decency. However, I don't think it will be effective, and here's why: the decision makers are the ones who directly benefit from Sequoia being a bunch

Ok, I RTFA, but still...

[The Ancients]

...have I got this straight?

Their voting machines are paid for by public dollars, used by the majority of the members of the public, to elect public officials, and they claim evaluation of their software cannot occur without their "permission"?

(Even my 9 year old nephew read this and thought it was "dumb")

Re:

[bhima]

Your 9 Year Old Nephew is Correct.

Re:Ok, I RTFA, but still...

[jd]

The DMCA cripples reverse-engineering and software analysis. There was another "unified copyright" bill around the same time that forbid the review, or publication of any review, of software without the permission of the company selling it. Never heard if that made it into law. If it did, then yes, Felton's review would be illegal. If it didn't, but the review process would necessarily violate the DMCA, then it is also illegal.

Is this stupid? Yes. Is this hostile to the interests of Americans? Yes. Was it voted for by a Congressman you have re-elected since? That I don't know, obviously, but it's something you may want to check on before this election. If you're not planning onvoting for whoever is currently elected, you might also want to find out the views of the opponents, particularly if the region is tech-savvy enough (or even tech-phobic enough) to be suspicious of voting machines. The candidate you're looking at might enjoy playing around with Sequoia's attitude problem as a (minor, to them) campaign issue.

Re:Ok, I RTFA, but still...

[Sir.Cracked]

The DMCA was passed in the House by voice vote, and the Senate by Unanimous Concent.

See the "Major Actions" section of this address
http://thomas.loc.gov/cgi-bin/bdquery/z?d105:HR02281:@@@L&summ2=m& [loc.gov]

So, if your congresscritter was in office in 1998, you really have to assume he/she voted for it. I suppose you could troll the attendence logs for the day in question and see if they were absent, but I don't know how much that washes their hands. And potentialy, House reps may have voice voted against it, but it's unlikley.

So, Pretty much any Senator/Rep who's been in office for more than 10 years is responsible.

Re:

[CastrTroy]

Or maybe they let somebody else vote for them [youtube.com].

Re:

[sconeu]

You're thinking of UCITA [ucita.com], which would have allowed the more execrable terms of EULAs to be enforced.

Currently UCITA has been enacted only in VA and MD.

Re:Ok, I RTFA, but still...

[Ungrounded Lightning]

...have I got this straight?

Their voting machines are paid for by public dollars, used by the majority of the members of the public, to elect public officials, and they claim evaluation of their software cannot occur without their "permission"?

Their voting machines are SOLD (or maybe leased) to the government agencies that operate elections and have a contract specifying terms of use. They're claiming the contract forbids the sort of investigation that is proposed.

Now perhaps there are indeed such terms in the contract. In which case the New Jersey secretary of state (or a past one) made an unwise decision. Nevertheless, the state has a duty to insure that the system is not defective. Inspecting its operation, including that of the software if there is any question about its functionality (or even if there isn't, just to check), is obviously a part of that duty, and being inspected is obviously part of what it is to be a voting machine. So such contract terms, if present and interpreted as Sequoia claims, are clearly unconscionable. On that basis the state should be free to ignore the clause.

Alternatively, if the clause were to stand the resulting terms of use would make the machines "unsuitable for the intended use", violating the implied warranty of fitness. So the state could return them for a full refund. B-)

It would be interesting to see what would happen if Sequoia actually sued. If the contract specified interpretation under the laws of New Jersey (or didn't specify jurisdiction) the state might just refuse to be sued. B-) If it specifies another state (or they sue in their own) it would still be a funny show.

As for suing the professor, either he's acting as an agent of the state (in which case they're suing the state) or he's not (in which case he has no contract with them to enforce.) In the latter they'd have to go after him for something like DMCA violations or some part of contract law I'm unaware of.

Of course IANAL - and especially not a contract lawyer. So take the above with a suitable quantity of salt. B-)

Re:

[Ungrounded Lightning]

Also: If there is a suspicion or legitimate accusation of vote fraud (or other violation of the state's election laws) committed with the aid of some aspect of the operation of the machine or its software, the state could perform the same inspections as part of a case investigating and prosecuting the fraud. That would let them do it under their own criminal law and procedures - even demanding the source code to examine (under court seal). B-)

History lesson

[i.r.id10t]

Mebbe they need a history lesson...

Anyone care to guess when the last armed revolt against government was here in the US and the reasons behind it?

Answer - Battle of Athens, Tenn. 1946. And it was over voting issues...

http://en.wikipedia.org/wiki/Battle_of_Athens [wikipedia.org]

Re:History lesson

[notthepainter]

The wiki page is pretty short on details.

See http://www.constitution.org/mil/tn/batathen.htm [constitution.org]instead.

Re:

[falconwolf]

Anyone care to guess when the last armed revolt against government was here in the US and the reasons behind it?

The Weatherman movement [wikipedia.org], being active in the late '60s and early '70s, is more recent. People know some about the militias that have cropped up however the Weathermen were more violent. Then there was the SLA, Symbionese Liberation Army [wikipedia.org], which operated between '73 and '75.

Falcon

Re:

[ragerover]

Or another, as some folks in New Mexico would point out: http://en.wikipedia.org/wiki/Tierra_Amarilla%2C_New_Mexico [wikipedia.org]

Re:

[Ungrounded Lightning]

I question the "last". (For instance: Wounded Knee...) But it is the last well known one by the bulk of ordinary citizens, and a great example of your point that voting corruption can lead to armed citizen uprisings.

Only one answer

[dpilot]

There is only one answer to such a statement. Nothing else need be said. No negotiations.

No sale without a purchaser's complete and thorough evaluation.

"Really"?

[truthsearch]

Sequoia seems to be claiming that no one can make a "report" regarding their "software" without their permission.

I "beg" to "differ".

"non compliant analysis"?

[apodyopsis]

"non compliant analysis"? whats the betting that the only compliant analysis gives it an A-OK rating.

thats like car salesperson attempting to sell you a car but only if you agree to take his word that it works and he'll sue anybody that you bring in to check the engine. if ever there was a warning bell not to buy their equipment that was it.

whats next? DMCA action against /. for this thread? absolute cobblers.

Reverse engineering

[drakyri]

The only problem I see here is that Sequoia could theoretically sue New Jersey over violating their agreement. Reverse engineering is legal so long as the item that's being analyzed was obtained legally ... so the professor should be fine.

IANAL, but, I think - regardless of the terms of the agreement, the voting machine was legally obtained - if they violated the agreement then that's a civil dispute, not a criminal one.

Re:Reverse engineering

[flaming error]

If anybody thinks this issue is about EULAs, they need to pull their head out of the sand.

This is about the future of democracy. These voting machine vendors are stripping transparency, security, and auditability out of our elections. None of us should give a damn what licensing agreement Sequoia wrote.

Update and more details on this

[MrAtoz]

It was Union County, NJ that was planning to send sample machines to Dr. Felten. They were threatened by Sequoia and have backed down from their plan as a result. The whole thing happened because several counties in NJ reported errors with the Sequoia machines in the February primary election. Sequoia reviewed these and just said that it was "user error" and not a problem. The counties understandably didn't find this an acceptable response, and Union County wanted to get an outside opinion. All the details can be found in this NJ Star-Ledger story [nj.com].

In other news...

[Bullfish]

Four mob families in conjunction with a number of street gangs is suing the US Department of Justice for restriction of trade.

Black (Ballot) Box Voting = Genius

[DingerX]

Anyone have a copy of the Licensing Agreement? How much do you want to bet that the Customer agrees not to hold Sequoia liable for any shortcomings in the product's performance, such as failing to tabulate votes correctly, or being vulnerable to manipulation?

Trivial Workaround

[sunderland56]

The State of New Jersey just needs to hire Professors Felten and Appel as consultants. Nothing in the so-called "established Sequoia licensing Agreement for use of the voting system" can prevent a State employee from accessing a State machine.

ok,

[superwiz]

Just in case you did bother to read the article, here's the contact information for NJ's legislative branch. If you happen to think that the state should welcome transprency and cease dealing with vendors that seek to suppress it, you may want to mention it to your representative. http://www.njleg.state.nj.us/legislativepub/contact.asp [state.nj.us]

threat of suit

[belmolis]

IANAL but I am reasonably confident that Sequoia cannot successfully sue Felten. They may be able to sue New Jersey for breach of contract if in fact they have a contract with New Jersey that forbids such reviews. That may be the case - I believe that the license for MS Windows Server forbids reviews not approved by Microsoft. If there is such a contract, it would be interesting to see if it holds up in court. The "no review" provision is arguably void as being contrary to public policy.

Felten, however, has no contractual relationship with Sequoia and therefore cannot be in breach of contract. Sequoia therefore cannot sue him unless they can come up with another cause of action. Maybe, just maybe, they could sue him for disclosing trade secrets, if New Jersey has really nasty trade secret laws.

Re:

[Mox-Dragon]

It seems like the significant thing here is that Sequoia can threaten to sue and not get laughed out of town. That the case has no merit should be patently obvious to any observer, legally competent or not. The real issue is, how did things get so fucked up that companies feel entitled to operating in such secrecy?

Re:

[ScrewMaster]

The real issue is, how did things get so fucked up that companies feel entitled to operating in such secrecy?

Yes indeed, and this behavior on the part of private corporations is hardly limited to the voting industry. It's happening all over the place. The Taser is another excellent example: medical examiners being threatened and sued by the manufacturer of that device if they put "death by Tasing" in their official reports. Doesn't matter one bit if the person who was killed did die from a tasing. The co

Re:

[ScrewMaster]

Oh, sure ... some corporations have always been cutthroat, and it has largely been government's role to counterbalance that to one degree or another, to correct the really egregious excesses. Overall though, the United States' business community generally was not cutthroat to the degree that we're seeing now. Corporations have always done bad things in the name of profit, but we're seeing a new set of extremes nowadays. Hell, if you want to see what unbridled corporate nastiness looks like, China is a much

Open Source Secure Voting Application

[hattig]

Well it has been several years of voting machine shenanigans, with each Slashdot topic resulting in posts saying that an open source solution is required.

So, has it been done yet?

Or is the problem one of it being rather impossible to create a completely secure voting application, however great the code is, however many security specialists have reviewed it?

Re:

[david_thornley]

I wouldn't trust one. Even if I had something that purported to be the source, how am I to know that that's exactly what was loaded into the machine? How am I to know that the combination of software and machine does something the software alone doesn't?

The only solution is a paper trail. The voting machines used around here have paper ballots that are scanned for counting. Quick returns, and actually verifiable.

Nice to see they are so confident...

[Kazoo the Clown]

in the quality of their product...

Disappointing

[bobdehnhardt]

This is just disappointing. I had Sequoia pegged as one of the good guys. When we selected them here in Nevada, they willingly submitted to every test, including review by the gaming board (who know a thing or two about fairness and anti-tampering in electronic devices - they have to certify all slot and video gaming machines). Sequoia passed the tests, including having a paper trail. That's not to say they're perfect or infallible, but they sure seemed cooperative and focused in the right direction.

This just doesn't fit with their actions back then. Has there been a change in management?

Re:

[KnightNavro]

As long as Nevada hasn't changed the voting machines since I moved in 2004, they still have the best electronic voting system in the nation. Damned by faint praise, I know, but at least there's a verifiable paper trail.

Parsing this out

[KnightNavro]

Sequoia isn't saying they think the professors will be stealing intellectual property. They are saying that if New Jersey lets the professors test the software, NJ is breaking the terms of the software license. In short, NJ signed the license agreement, which presumably says that NJ can't give the voting machines to outside testers for evaluation and reporting. It's software as a licensed service and not as property, which is also a heap of bovine excrement. What should be happening is states putting a line in the request for proposals saying something along the lines of "All proposed systems that prohibit independent testing and evaluation will not be considered by STATE," only in legalese.

IMHO the clause is void.

[Ungrounded Lightning]

In short, NJ signed the license agreement, which presumably says that NJ can't give the voting machines to outside testers for evaluation and reporting.

And such a clause should be void on its face, because being inspected for proper function is a necessary part of being a voting machine. See the Doctrine of Unconscionability [wikipedia.org]

Deeper background

[whitehatlurker]

I'm not familiar with the situation, but Brad [bradblog.com] came to the rescue. Apparently, these machines screwed up [nj.com] during another vote. As you read the rest, it seems to be a total train wreck ... perhaps the state can sue?

Intellectual property more valuable than physical?

[mlwmohawk]

Government bodies can take land by eminent domain when it is for the public good. Why can't they do that with IP?
This whole thing stinks. Our democracy is a joke.

Re:Intellectual property more valuable than physic

[Ungrounded Lightning]

Government bodies can take land by eminent domain when it is for the public good. Why can't they do that with IP?

They can't just TAKE it. They have to BUY it for a fair value. (Though they can force the sale.) See the Fifth Amendment.

In this case the fair value could be the discounted current value of all the potential future revenue for the product line - which the company could claim would be lost if their code was leaked to a competitor.

Re:Intellectual property more valuable than physic

[superwiz]

Actually, if the IP is given the same protection as tangible property, then it is very much more valuable than the tangible property. It can be reproduced at virtually no cost for profit. To make more copies of tangible property requires (ultimately limited) real-world resources. That's pretty much the argument for why IP rights must only be granted for a limited time.

Why not just breach the license agreement?

[harryHenderson]

If this is really just a contract matter... why can't NJ just breach the contract?
I seem to remember that there is a breach of contract defense available when the contract violates public policy. Does NJ recognize this defense? Do the terms of this license agreement rise to the level of a public policy violation as recognized in the courts?

Good -It shows they NEED to do this.

[moxley]

If I were the state of NJ and the professors I would take this as a welcome sign that not only are they on the right track here - but that they are going to find something when they check these machines out.

I say they should re-double their efforts and try to get several machines, source code, whistleblower employees and everything else they can and really nail these fucks.

As every other impartial examination of 'black box voting' (especially in relation to Diebold, ES&S, and Sequoia) has shown - these

Re:Voting versus Gambling

[dpilot]

> but if they can help a democrat steal an election...

And what's your opinion if it's helping a republican steal an election?

Whatever response you give me, the words "a democrat" did not need to be in your post. Stealing an election is WRONG, whether it's a democrat or a republican. You took a very good post and diminished it with a bit of partisanship. I notice that you said "democrat" where usually the party affiliation is capitalized, so maybe you're scooting by on a technicality. But at that point we're parsing to the degree that we criticize politicians for.

Re:

[blhack]

Let's be sure that nobody can steal a dollar; but if they can help a democrat steal an election... so be it.

The sad thing is that very few people care.
I've actually had a friend tell me that he thought it was okay that people vote without knowing anything about any of the candidates because "its not THAT many votes, man"....

Voting seems like such an abstract, far-away thing to most people that it doesn't feel like it matters.

Slot machines, however, offer instant gratification (or loss of money). Its a more DIRECT, this-is-happening-to-me-right-now feeling.

Its a double-edged sword that it has become fashionable