Diebold Threatens to Pull Out of North Carolina 615
foobaric writes "A North Carolina judge ruled that Diebold may not be protected from criminal prosecution if it fails to disclose the code behind its voting machines as required by law. In response, Diebold has threatened to pull out of North Carolina." From the article: "The dispute centers on the state's requirement that suppliers place in escrow 'all software that is relevant to functionality, setup, configuration, and operation of the voting system,' as well as a list of programmers responsible for creating the software. That's not possible for Diebold's machines, which use Microsoft Windows, Hanna said. The company does not have the right to provide Microsoft's code, he said, adding it would be impossible to provide the names of every programmer who worked on Windows."
Hmm... (Score:4, Interesting)
Hey Diebold, don't let the door hit you in the ass on the way out!
(Not that state regulators which didn't require a voter-verified paper trail up front have qualifications for anything but a prison cell, but hey...)
Message Loud and Clear... (Score:3, Interesting)
It seems to be clear that the intent was to have the actual source code and not just a copy of the software. Also, it isn't at all clear if that means the underlying platform or just the voting application on top of it, but why take a chance. And really, what would be the point of having access to half of the software stack?
Either the state of North Carolina really doesn't want a windows based voting solution or they are accidentally sending the message that "no closed source solutions need apply".
In either case poor, misunderstood Diebold may have to take their ball and go home. I think we can all agree that given their [bbvforums.org] track [bbvdocs.org] record [wired.com], this is a good thing.
Closed source is not the best tool (Score:4, Interesting)
My only question is how far down do these legal requirements go? If the operating system the voting software is running on needs to be open sourced, what about the hardware firmware? Does it need to be open source as well?
How about disclosing circuit designs for the chip? (Score:3, Interesting)
the hardware might be designed to ignore software instructions
and give a different set of voting results.
Sucks... (Score:2, Interesting)
Ok, now that I have that off my chest
Since the state is responsible to ensure that voting is fair, transparent and auditable, it makes good sense to make this code open source. I'm not arguing over a specific license - for the purpose of this discussion copyright is not important : only that anyone who wishes to ensure that their consitutional right to vote has been properly administered is able to do so.
This reminds me of the debate over opening the source code on the breathalizers in Florida...
In my opinion, anything that the guv uses should be open source, excepting areas of national security (i.e. where some piece of code gives direct knowledge that shouldn't be handed out ... like missle launch code maybe?)
Re:Put up or... (Score:3, Interesting)
Interpretation of responsible (Score:4, Interesting)
However, I'm fairly sure that you could meet that requirement with a list of the *responsible* programmers - i.e., the people in charge making decisions. Thus, you don't need to list every programmer - the person in charge of your particular embedded system fork ought to be sufficient.
Re:Hmm... (Score:5, Interesting)
The Diebold voting outfit was an aquisitio of a startup company, that was demonstrably lax in design and practices. The system cobbled together, of mostly desktop-oriented COTS was little more than a system for demonstration purposes, meeting almost no "behind the scenes" requirements that most anyone could have proposed. I would go as far as to say that this effort was, in likelyhood, a swindle.
Diebold is culpable for aquiring them - after a technology assessment - and continuing in this fashion. Possibly with the intent of enabling fraudulent vote recording and tabulation. Certainly Diebold "stonewalls", misrepresents and obfuscates every attempt to legitimately investigate their capability, practice and compliance.
But I don't worry about their ATMs!
Re:The headline should read: (Score:5, Interesting)
"Under pressure to comply with State Law, Diebold comes up with great excuse".
There is no way they will meet the law, because once it becomes apparent that the software has holes that allow vote manipulation, the remaining states will do the same.
Of course, the darkside is still trying to keep the public in the dark [bbvforums.org], at least in California.
Here's the rules that BlackBoxVoting must meet.
California protocols sent to Black Box Voting when they invited us to do the test Nov. 30:
- The media cannot attend
- The public cannot attend
- The number of people we can bring is so small that we cannot bring our attorney or a court reporter
- We cannot videotape, record, or keep explicit notes on it
- We cannot retain our own work product
- We cannot tell anyone what happened in the test
Strawman's defence (Score:3, Interesting)
Could be that Diebold is hiding some illegal stuff (probably stealing other people's ideas or code) and don't want to be found out. Just a thought. It's obvious that North Carolina is only asking for the source to the stuff that Diebold itself developed, not third parties like Microsoft. The Windows defence is just a lame strawman, IMO.
Re:Thus, thanks to the partnership with Diebold (Score:0, Interesting)
Re:Hmm... (Score:3, Interesting)
Votes, on the other hand, are abysmally audited. There is no totally seperate system keeping accurate tabs on what's happening.
Perhaps Diebold should make frontends, someone like Google should design the infrastructure, and IBM designs the central tabulator architecture. Each of the three pieces keeps their own audits, and if the numbers don't match then there's a problem.
Or how about you send each registered voter a voting card, which they hand in at a polling station on election day. They get given a voting paper, go into a booth, mark and seal their paper, then drop it into a black box. Votes are then counted by hand later. Say, that could work...
Re:The headline should read: (Score:2, Interesting)
Didn't Red Hat in fact do this to figure out who to early-invite to their IPO?
Yes you can (Score:3, Interesting)
Contact your govener, members iof the press.
Work at it, it can happen.
If you mean "Can we get this law to magically appear while I sit here and watch cartoons? then No.
If you can find out who sponsed the law in North Carolina, they might be able to point you in a good direction to get started.
Also, if you find a professor that specialize in politics at a local university, they might be able to help you out.
Think, Act, Succeed. In That Order.
Re:Hmm... (Score:5, Interesting)
When the voting systems thing hit I got interested in them. They are a vendor we do business with and I started informally asking questions around the watercooler, seeing if the old guys have any stories. For instance, have we ever had security issues with their equipment, etc?
We have. And the stories. Oh, my god, the stories. It's enough to bring tears to your eyes. They've blown it in such amazing, over-the-top ways, you wouldn't believe me if I told you. What I take away from all this is that the only reason many financial institutions stay in business is the (ongoing) laziness of criminals.
So in other words, worry about their ATMs. Worry about anybody who does business with these guys. Before "paperless voting" Diebold was just another bunch of well-connected old white men swindling their buddies with 3rd rate code. But now they're just plain shady.
Re:don't go acting all : surprised ... (Score:3, Interesting)
I don't think closed source software should qualify for copyright protection unless their source code is in escrow (with e.g. the Library of Congress at the publisher's cost) to be released at the end of the copyright term. Without the source code, you should only be afforded Trade-Secret protection.
And voting systems need transparency
Evidence of guilt. (Score:5, Interesting)
When it comes to individual rights, I thoroughly disagree with the argument which runs, "Why should you mind the police searching your home unless you have something to hide?"
But when it comes to the State, and it's employees, (like Diebold), the same logic is quite acceptable.
Let's all remember, the State is there to serve the public, not the other way around. At least, that's how it's supposed to work.
Thus, non-compliance with the most basic and rational doctrine, ("You must let us see how your voting machines work"), means to me that Diebold is hiding the fact that their machines are indeed faulty, and almost certainly deliberately faulty.
I'd love to see this break wide open, and have the journalists see the light and revolt against their Zionist-neo-con-Christian-brain-washed overseers, and publish the story far and wide. And then put Bush and his crew and the entire ruling elitist segment of the populace into prison. But I don't really expect this.
The most we'll see is a scapegoat being hung out to dry while the parade of evil continues.
The best way to resist is to do it on a personal level. Shine brightly and follow your internal compass as best you can. Defy The Lie. --Living in such a way will affect others in an ever-expanding ripple effect.
-FL
Re:Hmm... (Score:5, Interesting)
If the government makes an acknowledgement that certain components of the working system, including hardware and software, are proprietary materials owned by unrelated third parties and that Diebold is not responsible for the intellectual property pertaining to those components, then Diebold ought to be more than willing, certainly able, to comply with the order for those materials specifically under their own control.
That argument is fine for commercial activities like banking, airplanes, etc, etc, but this is voting we're talking about here. No one forced Diebold to use Windows. It was a design decision. I'm all for the free market solutions, but when the problem is how citizens select their representative government, any arguments in favor of "secret counting methods" just won't fly.
Why not just put a Diebold employee at each precinct and have each voter whisper their choice to that person through a curtain? Then, at the end of the day, the Diebold employee just tells us what the total is. If anyone questions their accuracy, they can point to some tic marks they made on a piece of paper (not that any voter actually saw these tic marks made) to "prove" they did it right.
Oh, and Diebold won't let us do background checks on these people because they hired some of these people from a temp company, and that temp company doesn't like publicising who works for them. Does that sound fair?
Besides, the source code is being held in escrow and is available only to certain NC Elections employees, and under NDA. If, even then, Diebold doesn't want to or can't comply, it's not our fault. It's my vote, not your experiment.
-jdm
Re:Hmm... (Score:4, Interesting)
Unfortunately for the electorate, if the voting equipment screws up, it undermines the very foundation of a democratic country. And in this particular case, the customer is being asked to give up any hope of proving the equipment is flawed.
WTF WTF WTF WHAT. THE. FUCK?!!! (Score:5, Interesting)
Ok, aside from being a convicted felon who comitted the very kind of crimes one should be worried about someone pulling in this situation... Usually, rational people being duly diligent about security would not trust someone who had anything in their background that would make them succeptible to BLACKMAIL.
This is some sort of goddamned perverse JOKE, RIGHT?!!!
Diebold + Windows + hidden NSA key = hmmm... (Score:3, Interesting)
Interesting. [heise.de] Maybe it's not the Supreme Court deciding elections that we need to be worrying about... Maybe this is another reason why Diebold is so resistant to voter-verified paper trails.
Re:Hmm... (Score:1, Interesting)
This is not necessarily correct. Several networks of ATMs have been brought down by Windows viruses, since many ATMs run Win2K. As someone in the computer security & network monitoring field, I've dealt with banks who've wanted to put anti-virus software on ATMs as well as SIM agents. Neither was allowed, probably for very good reason, but still both were perceived as NECESSARY.
Also, many banks have dual-homed Windows boxes that are linked to their internal network and their ATM network. I've seen it, and I've also seen them infected w/spyware and viruses that propagated internally from some machine w/access to the Internet.
-Charles
Re:Hmm... (Score:3, Interesting)
The multi-lateral committee is important - you should be able to find at least one Republican and one Democrat (plus as many independants as care) to observe/do the count. Each box should have a small enough number of ballots to count in less than an hour. Then you wind up having to buy off a *lot* of people to steal an election. Sure you can buy the count at a couple of boxes, but that's way less than you can now.
They already have those committees. And the Democrat or Republican always winds up challenging a vote that goes against him if he can find the slightest bit of reason. How the hell is that a productive system?
I don't know the lever machines in NY. Does every voter get to check that his vote recorded what he claimed? With paper I see my ballot, and I put it in the box: I know it says what I said. With a lever, I can imaging the machine being rigged - I now have to trust the machine provider instead of a multi-partisan counting committee. With paper if I really care I can even sign up to watch the ballot counting (in advance, I should hope, to make enough space available).
No, you don't know that it recorded exactly the way you wanted it to. The machine is setup by at least two people (one from each political party) at the board of elections. Once deployed it is checked by the local election inspectors to make sure that all the counters read zero. Once the voting day is over we (inspectors) canvass the vote -- anybody can watch -- for the unofficial results (phoned in to the board of elections). The machine is then sealed with a numbered seal (tamper evident) and eventually transported back to the board of elections for the official canvass. At least two people (one from each party) record the votes off the machines -- all they do is read counters -- and anybody can watch.
There's no way to vote twice because the inspectors have to manually enable the machine before you can use it. Otherwise it will refuse to operate. You can't invalidate your vote because it will refuse to let you vote for both Bush and Kerry. There's a tactile feedback that is a lot easier for most people to understand then a touchscreen. I could go on all day.
Short of an equipment failure or a bad setup there is simply no way to tamper with that process. Equipment failure is very rare with these machines (they will run without power) and if they break down we have emergency paper ballots. The only part of the process where they could be tampered with is during the initial setup -- and you have systems in place to prevent that from happening.
I would love your concept of paper voting but you can't deny that it's less secure then the method I just outlined above. Human beings get to judge the votes -- in a close election they will start challenging them for any conceivable reason. Or the ballots could simply go "missing". Or they could be stuffed. It would be fairly easy to prove a stuffed ballot box (more votes then voters?) but how would you prove stolen ballots? What happens if somebody goes in to vote and then decides to walk out with his ballot and doesn't put it in?
In any case it's all a moot point. Next year New York joins the cadre of states using electronic voting machines. Why the hell is anything with the word "electronic" in the title automatically assumed to be better? *Sigh*
Re:Hmm... (Score:3, Interesting)
Why should you trust the computer, why should you trust people, why should you trust punchcard machines? I would personally place more trust in a well designed system which by definition cannot do something it is not programmed to do than a human which is far more susceptible to mistakes. Computers are based on logic and maths, barring hardware error there is no way they can do something against their program. And even the most rudimentary error checking will deal with hardware issues.
Yes, and there is no way for me as a voter to know that the computer is actually programmed with non-biased error free software. Go look at some of my other posts regarding the mechanical based lever voting machines that New York has used for decades. Tell me exactly what the problem is with them and why they should be replaced with your system?
The whole national ID thing I don't personally see a big problem with other than "OMG BIG BROTHER WILL KNOW EVERYTHING!!!", but it's largely irrelevant to the whole votes thing providing some other system can be found to make sure it really is one man, one vote. Incidentally, carry a cellphone? Much more of a privacy risk than an ID card.
Actually, no I don't have a cell phone. And the ID card would be worse of a risk. I can turn the cell phone off if I want. What happens when a law is passed requiring you to carry your ID card on your person at all times? More to the point why do we even need a national ID card? It's a solution looking for a problem.
Your constitutional issue seems to be the biggest problem, in which case the solution is simple. Votes are counted on a state's own system, the only national bit has to be the ID network so you can't hop across a border and vote again in another state.
And what happens when the power goes out? What happens when a drunk driver hits a telephone poll and your election district is severed from your lovely nation wide grid? Do you turn away voters? Do you have a locally cached copy of the registered voters? What happens if network connectivity isn't restored at the close of the election for you to canvass your votes? More to the point: Why is this all required?
Re:Diebold DOES have the WinCE source code! (Score:2, Interesting)
Nevertheless, I think it's a straw man. Most likely, Diebold doesn't want to release THEIR source, and they're using Windows as the excuse. If Diebold wants to take the high road, let them release the source to THEIR code, including a diff file showing only their changes to the source received from Microsoft, and let some idiot bureaucrat in the state capitol make a fool of himself going on CNN and demanding the source code to Windows itself while everyone laughs at his pettiness.
Re:Is that a threat or a promise? (Score:4, Interesting)
And even spookier, this link [commondreams.org] says:
and:
It gets spookier still when you look at Diebold's CEO Bob Urosevich's ties to the Republican Party and strong fundamentalist backgrounds. Whereever Diebold goes, the article says, historic Republic upsets follow.
Re:Diebold DOES have the WinCE source code! (Score:3, Interesting)
Great. Now I'm going to be thinking the worst next time I vote. Grr.
Re:Hmm... (Score:2, Interesting)
I I can't really argue with what you say, though, it's certainly true that the 100 vote recount is sort of absurd in a state of 25 million. A statistician would probably tell you that you either have to revote the state or split the electoral 50/50, because it's essentially a tie. There were some absurd editorials at the time about how discounting the florida totals would be disenfranchisement, when in fact it'd be an accurate reflection of the vote (no advantage to either side, statistically a dead heat).
The electoral college, however, is another way that the elections are sort of slanted. There's been quite a bit written on how it slants to rural/western/southern states due to the addition of votes per senator. I live in NY, and (roughly, I don't remember the exact figures) a person in Wyoming or Alaska's vote for president counts for about twice what mine does, The electoral college also tempts people to game the census every 10 years (2, if you're in texas) and is the only reason we don't sensibly count statistically every 10 years. Counting per head also predominantly hides the urban poor,another way in which the census slants away from urban industrialized states.
A correction, though. The supreme court didn't just get "asked" to settle the matter-putting it this way makes it sound like arbitration. They were asked by the last guys to lose in the penultimate lower court (of course, this also reflects how people game the system-lawyers will look for a friendly court, and I'm sure Bush's lawyers suspected they'd get a good hearing from the current supreme court, Dems would've done the same. Personally I'll always remember that Renquist got his start keeping black people from voting in arizona, so it's nice to see that he stayed consistent.