Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
United States Government The Courts News Politics

Diebold Threatens to Pull Out of North Carolina 615

foobaric writes "A North Carolina judge ruled that Diebold may not be protected from criminal prosecution if it fails to disclose the code behind its voting machines as required by law. In response, Diebold has threatened to pull out of North Carolina." From the article: "The dispute centers on the state's requirement that suppliers place in escrow 'all software that is relevant to functionality, setup, configuration, and operation of the voting system,' as well as a list of programmers responsible for creating the software. That's not possible for Diebold's machines, which use Microsoft Windows, Hanna said. The company does not have the right to provide Microsoft's code, he said, adding it would be impossible to provide the names of every programmer who worked on Windows."
This discussion has been archived. No new comments can be posted.

Diebold Threatens to Pull Out of North Carolina

Comments Filter:
  • Hmm... (Score:4, Interesting)

    by Concern ( 819622 ) * on Tuesday November 29, 2005 @03:58PM (#14141064) Journal
    Hmm... Good point.

    Hey Diebold, don't let the door hit you in the ass on the way out!

    (Not that state regulators which didn't require a voter-verified paper trail up front have qualifications for anything but a prison cell, but hey...)
    • by everphilski ( 877346 ) on Tuesday November 29, 2005 @04:16PM (#14141265) Journal
      as well as a list of programmers responsible for creating the software.

      If they were using Linux, do you really think they could provide a list of programmers? I mean come on think of the thousands upon thousands who have contributed, many times without mention...

      -everphilski-
      • by theRiallatar ( 584902 ) on Tuesday November 29, 2005 @04:20PM (#14141328)
        Do we really need either OS to pick a bunch of names off a ballot and do a sum() on the results? I doubt we even need it to be multithreaded.
        • They probably chose Windows CE to make programming the GUI easier. Maybe there are pre-existing drivers for some of the hardware they are using as well (network, flash memory cards).

          But I agree - why they can't hire some people to custom-write some software to do this is beyond me. It'd probably end up cheaper and more stable. Kinda makes you wonder what Diebold expects North Carolina to pay them for when Microsoft did most of their work for them.

      • by JimMarch(equalccw) ( 710249 ) on Tuesday November 29, 2005 @05:17PM (#14142022)
        It's true that getting a total list of programmers in an open-source system would be impossible.

        But as a practical matter it's impossible to name all of the Windows programmers either. The court wouldn't expect that of Diebold any more than they'd require a total list of Linux programmers from an open-source voting project.

        What Diebold could easily do is name their own programmers.

        Except there's no way in hell they'd want to do that.

        In 2002 Diebold bought Global Election Systems, which became the Diebold Election Systems unit. Global was founded under another name in 1988 by Norton Cooper, Michael K. Graye and Charles Hong Lee...all with damned interesting resumes (footnote 1):

        Norton Cooper - jail for a year mid-1980s for fraud against the Canada government; ordered out of stock pitch schemes and was part of the collapse of the Vancouver stock exchange - ordered by decree not to pitch stock after 1992 or so because he caused havoc every time. Written up by Barron's and Forbes as a "hazard to avoid at the golf course". First convicted of political corruption in 1974 - look up a Canadian case titled "The Queen v. Norton Cooper" 1977 Canadian Supreme Court.

        Charles Hong Lee - stock schemes; Cooper's partner pitching deals. Defrauded Chinese immigrants, $600,000(Can) court-ordered restitution mid-90s. Sold "real estate" which was actually the bail for the third partner below to the tune of about $300,000(can) circa 1995ish.

        Michael K. Graye - nailed for stealing $18mil from three companies in the '88-'89 era, caught in '94, jailed in the US for stock fraud around '94 re: Vinex wines, released around 2000 - 2002(3?) in the US, brought back to Canada, still in jail there. Arrested for tax evasion and money laundering circa '94.

        Those three in turn hired even more "colorful" staff:

        John Elder was a cocaine trafficker, in a WA prison early/mid 1990s...fellow inmate was Jeffrey Dean (see next entry). Handled ballot printing for Global late 1990s. Seems to have been the one to bring Dean into Global.

        Jeffrey Dean was convicted early '90s of 23 counts of computer-aided embezzlement. He was a computer consultant for a large Seattle law firm and defrauded them of about $450,000 in what US courts called a "sophisticated computer-aided scheme". In a statement to Seattle PD, he claimed he needed the money because Canadians were blackmailing him; in that country, he'd gotten into a fistfight and the other guy had died. (Yes, I've seen the police report.) He joined Elder in the Global ballot printing business late '90s, and with Global's introduction was doing computer consulting with the King County WA elections division - they had no idea of his criminal record. By 2000 he was doing programming for Global and by early Oct. of 2000 he was a full employee and lead programmer for the GEMS vote-tally product still in use. By late Oct. 2000 and shipping in time for the November election, GEMS ver.1.17.5 contains the first "double set of books" problem where all votes are recorded twice internally and don't need to match...long story but it apparantly hides some forms of vote fraud. At the time Diebold bought Global in 2002, Dean quit and was immediately hired back as a consultant via management decision made within the division. This appears to be an attempt to keep Dean's criminal past out of Diebold corporate head office's scrutiny.

        At the time Diebold bought Global, Dean owned 10% of Global's stock.

        We don't know how many other lower-level progammers within Global/Diebold have criminal records. It's rather obvious that Diebold sure as hell doesn't want us finding out.

        Footnote 1 - see also "Black Box Voting: Ballot Tampering In The 21st Century" by Bev Harris, esp. the "Diebold" section at the end of Chapter 8. Free PDF downloads can be found at: http://blackboxvoting.org/ [blackboxvoting.org]
        • by Thud457 ( 234763 ) on Tuesday November 29, 2005 @05:50PM (#14142353) Homepage Journal
          "Jeffrey Dean was convicted early '90s of 23 counts of computer-aided embezzlement. He was a computer consultant for a large Seattle law firm and defrauded them of about $450,000 in what US courts called a "sophisticated computer-aided scheme". In a statement to Seattle PD, he claimed he needed the money because Canadians were blackmailing him; in that country, he'd gotten into a fistfight and the other guy had died. (Yes, I've seen the police report.)"


          Ok, aside from being a convicted felon who comitted the very kind of crimes one should be worried about someone pulling in this situation... Usually, rational people being duly diligent about security would not trust someone who had anything in their background that would make them succeptible to BLACKMAIL.


          This is some sort of goddamned perverse JOKE, RIGHT?!!!

          • by JimMarch(equalccw) ( 710249 ) on Tuesday November 29, 2005 @06:27PM (#14142661)
            http://www.bbvdocs.org/dean.pdf [bbvdocs.org]

            http://www.bbvdocs.org/elder.pdf [bbvdocs.org]

            There's their criminal records.

            Mention of both are extensive in the various online databases of Global/Diebold's internal memos between 1998 and early 2003. Go google:

            "Jeffrey dean" diebold ...and you'll get about 350 hits, so this is real well known among people paying attention to this stuff.

            To be fair, at the time Diebold bought Global Dean was moved to consultant status, possibly to avoid the Diebold corporate background check. They damned well know about him NOW of course ever since Bev Harris broke the news.

            Look, Global was based out of Vancouver BC. Bev and others have gone up there to talk to current and former employees...a LOT appeared to be "coked up" or talked about rampant drug abuse up there. If what we're hearing is anywhere close to accurate, Global acted like the set of a John Belushi movie or something.

            Trust me on this: ain't no WAY Diebold will want to publish lists of programmers.

            Notice how Diebold talks about source code escrow as the issue in NC? It's a red herring. Diebold does source code escrow in California no problem.

            The issue is the programmer names. Major-grade doom involved.
        • by FFFish ( 7567 ) on Tuesday November 29, 2005 @09:02PM (#14143620) Homepage
          Gosh, I can't see what could go wrong there.

          I'm sure glad my government hasn't entrusted its vote-counting to criminals.
    • Re:Hmm... (Score:5, Interesting)

      by Philip K Dickhead ( 906971 ) <folderol@fancypants.org> on Tuesday November 29, 2005 @04:20PM (#14141322) Journal
      Diebold is frequently dinged for their ATMs whenever this topic arises. There are many fair criticisms and accusations against Diebold - this is not one of them. Banking termials are a fundamentally different set of problems than those presented by voting. Hell, aside from that, ATMs can depend on a well-connected private backbone network, with company owned lines and premise equipment.

      The Diebold voting outfit was an aquisitio of a startup company, that was demonstrably lax in design and practices. The system cobbled together, of mostly desktop-oriented COTS was little more than a system for demonstration purposes, meeting almost no "behind the scenes" requirements that most anyone could have proposed. I would go as far as to say that this effort was, in likelyhood, a swindle.

      Diebold is culpable for aquiring them - after a technology assessment - and continuing in this fashion. Possibly with the intent of enabling fraudulent vote recording and tabulation. Certainly Diebold "stonewalls", misrepresents and obfuscates every attempt to legitimately investigate their capability, practice and compliance.

      But I don't worry about their ATMs!
      • Re:Hmm... (Score:3, Interesting)

        by jacksonj04 ( 800021 )
        ATMs are merely a frontend for another system which does its own auditing - A bank knows how much money is put into an ATM, and if what's in the ATM at the end of the day isn't the money at the start of the day minus the money the machine says it's handed out, then there's a problem. Likewise if a machine turns out to be giving out less money than it's subtracted from an account, someone is going to complain.

        Votes, on the other hand, are abysmally audited. There is no totally seperate system keeping accurat
        • Comment removed (Score:5, Insightful)

          by account_deleted ( 4530225 ) on Tuesday November 29, 2005 @05:08PM (#14141912)
          Comment removed based on user account deletion
          • Re:Hmm... (Score:3, Insightful)

            by plalonde2 ( 527372 )
            I'll say it again. Vote on paper. Count your votes at each polling place with a multi-lateral committee. Then the damage of one biassed committee is limited to that ballot box.

            Centralized vote counting is the root of the corruption in the US voting system. Moving ballot boxes to "counting centers" is wrong - it allows focused corruption. Computer counting is wrong - it allows focused corruption. Distributed counting is *much* harder to coopt.

          • Re:Hmm... (Score:5, Insightful)

            by Anonymous Coward on Tuesday November 29, 2005 @06:04PM (#14142476)
            I'm not sure what your problem is with human vote counts. Over here, in Germany, all votes are counted by hand; I've helped with this myself on several occasions.

            And there is no way that you could play tricks when counting, either. There'll always be at least six people there at the same time, counting; people who do this are recruited randomly (it's much like jury duty). Furthermore, more often than not, officials from the local administration will be present to oversee the whole thing; and also, the vote counting is open to the public, so everyone who wants to can come in and watch the votes getting counted.

            The votes are counted twice, too, so it's relatively unlikely that an error would creep in. If there is any error at all, the whole counting process starts again from scratch.

            And finally, the paper ballots are kept for a long period (I know it's a two-digit amount of years, although I'm not sure how long exactly - I'd have to look that up), so *if* someone - anyone! - thinks that the election results are invalid, a recount will be done.

            Compare that with the things like the 2000 presidential elections in the USA, where the supreme court ruled that a vote recount was *not* legal - how can you *ever* justify a decision like that? Vote recounts should always be possible.

            There's other differences that also give me more confidence in the German voting system; for example, we typically have participation levels around 80 to 85 percent in nation-wide elections, there are no lines when you want to vote (I think the longest I ever had to wait in line to vote in my life was two minutes or so), and you don't have to register to vote - if you're over 18, you'll get a notification in the mail.

            So... a paper-based voting system not only can work, but it also can inspire much more confident than an opaque system where you just pull a lever or touch a touchscreen or do something similar without ever knowing how the machine supposed to record your votes actually works - and whether it works at all.

            No, electronic voting is a bad thing that needs to be gotten rid of; the whole concept is so open for abuse that it should just be thrown out completely. Even when you have a paper voting trail, who says that the machine recorded the same vote that it printed on your paper slip? The only way to make sure would be to collect the paper slips from *everyone* in the same precinct, but that's pretty much impossible - not to mention that there certainly would be a court again that would forbid it, too.

            Stick with paper voting. Everything else is bad for democracy, and voting is such a fundamental process in a democratic system that it should be treated with the utmost care. If you cannot *prove* that the new system you're proposing is not only as safe as the old one but also brings tangible improvements, then it shouldn't be adopted, and electronic voting, in whatever form, does neither.
            • Re:Hmm... (Score:4, Insightful)

              by lightknight ( 213164 ) on Tuesday November 29, 2005 @07:15PM (#14143011) Homepage
              "Compare that with the things like the 2000 presidential elections in the USA, where the supreme court ruled that a vote recount was *not* legal - how can you *ever* justify a decision like that? Vote recounts should always be possible."

              Certainly. However, there are many issues at play here, some of which may have not been reported (or with any emphasis) overseas.

              The first big issue is that the rules for determining a valid ballot were changed for the recount. So, the rest of the US was using one method, and a few counties in FL were using another.

              The argument made by Democrats is that the vote distribution would be same no matter the method. The argument made by Republicans is that the vote distribution would change, given that the method changed.

              The second issue is that individual counties were being cherry-picked for recounts. Republicans wanted a few where Republican voters turned out strong, Democrats wanted a few others where Democrats turned out strong. Third parties were ignored.

              The third issue was the worst. The FL state supreme court is completely made up of Democrats. The US Supreme court is more balanced, but with a conservative (Republican) edge to it.

              With the first count, the Republicans won by a slim margin of votes. Close enough that the Democrats filed a lawsuit for a recount. The FL supreme court allowed it. The gap between the Republicans and Democrats closed a little. The Democrats wanted another recount. The FL supreme court allowed it. The US Supreme court steps in, and rules Bush the winner. Later (press initiated) recounts declare Bush the winner.

              So, this is the source of continued controversy, in which each side continues to report misinformation about the events that took place.

              • Re:Hmm... (Score:3, Insightful)

                by sbenj ( 843008 )
                This is not, I think, an accurate recollection of events, or at least not a complete one.

                The actual sequence of events seems relatively accurate, however I think the more important fact here is that studies after the fact showed that a full statewide recount would've been decided in Gore's favor (there was an issue about the overvotes that never got counted, all the disputes dealt with undervotes ). So what it looks like really happened is that the Gore team made tactical errors in cherry-picking their r

      • Re:Hmm... (Score:5, Interesting)

        by Anonymous Coward on Tuesday November 29, 2005 @04:50PM (#14141698)
        I am in the banking business, in IT. I work in downtown Manhattan, at a bank that probably has some of your money in it.

        When the voting systems thing hit I got interested in them. They are a vendor we do business with and I started informally asking questions around the watercooler, seeing if the old guys have any stories. For instance, have we ever had security issues with their equipment, etc?

        We have. And the stories. Oh, my god, the stories. It's enough to bring tears to your eyes. They've blown it in such amazing, over-the-top ways, you wouldn't believe me if I told you. What I take away from all this is that the only reason many financial institutions stay in business is the (ongoing) laziness of criminals.

        So in other words, worry about their ATMs. Worry about anybody who does business with these guys. Before "paperless voting" Diebold was just another bunch of well-connected old white men swindling their buddies with 3rd rate code. But now they're just plain shady.
        • Re:Hmm... (Score:4, Interesting)

          by fajoli ( 181454 ) on Tuesday November 29, 2005 @05:28PM (#14142128)
          Fortunately for banks, if the ATM equipment screws up and the customer can prove it (with receipts, etc), the banks have exposed themselves to lawsuits.

          Unfortunately for the electorate, if the voting equipment screws up, it undermines the very foundation of a democratic country. And in this particular case, the customer is being asked to give up any hope of proving the equipment is flawed.
          • Fortunately for banks, if the ATM equipment screws up and the customer can prove it (with receipts, etc), the banks have exposed themselves to lawsuits.

            Having had my entire account emptied and overdrawn because the bank screwed up with security and I provably didn't, I can tell you: the bank doesn't expose themselves to lawsuits if they screw up with your money.

            In real life, you are entirely at their mercy. You can forget about getting any compensation for the time, headaches, late fees, and other costs re
      • Re: (Score:3, Insightful)

        Comment removed based on user account deletion
    • by Thud457 ( 234763 ) on Tuesday November 29, 2005 @04:23PM (#14141361) Homepage Journal
      "requirement that suppliers place in escrow 'all software that is relevant to functionality, setup, configuration, and operation of the voting system,' "


      It is my understanding that this is a fairly common requirement for government contracts involving software. Diebold should have been aware of such requirements before competing for the contract. I mean, when the government's actually being responible and not just handing out plums to favored campaign contributors.

      Hell, they're probably not even going to audit the code. They just want to protect themselves if Diebold goes out of business, or loses the contract on re-bid or something. I mean, sure, they can potentially audit the code, but I haven't heard of such a thing ever happening. It's about support and fixin' bugs an shit.

      • I don't think closed source software should qualify for copyright protection unless their source code is in escrow (with e.g. the Library of Congress at the publisher's cost) to be released at the end of the copyright term. Without the source code, you should only be afforded Trade-Secret protection.

        And voting systems need transparency

    • Re:Hmm... (Score:5, Insightful)

      by gunnk ( 463227 ) <gunnk@@@mail...fpg...unc...edu> on Tuesday November 29, 2005 @04:30PM (#14141438) Homepage
      Diebold is trying to interpret the statute to mean more than it says.

      NC doesn't want to know who coded Windows or to get Windows source code: NC wants to see the software package that tracks and tallies the votes. Yes, you could try to stretch the meaning of the statute, but NC isn't trying to do that: Diebold is trying to in order to claim that compliance with the statute is impossible.

      The real issue here is that Diebold doesn't want NC to see what's in Diebold's code. Makes it awfully suspect to me...
      • Re:Hmm... (Score:5, Insightful)

        by OWJones ( 11633 ) on Tuesday November 29, 2005 @04:45PM (#14141636)

        Diebold is trying to interpret the statute to mean more than it says.

        Actually the statute says exactly what Diebold was afraid it was saying. The state wants the source code to everything running on the voting machines. The second you start splitting the software into "disclosed" and "non-disclosed" boxes, the vendors will find a way to hide as much of their source code as possible. So we cut that off by requiring everything.

        Note: I worked with members of the General Assembly on the original draft of the law, its numerous revisions, and the lawsuit.

        -jdm

      • ...
        if ( vote.party == DEMOCRAT ) {
        vote.register(race, REPUBLICAN);
        confirmation.print(race, DEMOCRAT);
        } else {
        vote.register(race, vote.party);
        confirmation.print(race, vote.party);
        }
        ...
    • Strawman's defence (Score:3, Interesting)

      by MOBE2001 ( 263700 )
      Hmm... Good point.

      Could be that Diebold is hiding some illegal stuff (probably stealing other people's ideas or code) and don't want to be found out. Just a thought. It's obvious that North Carolina is only asking for the source to the stuff that Diebold itself developed, not third parties like Microsoft. The Windows defence is just a lame strawman, IMO.
  • good! (Score:2, Insightful)

    by FudRucker ( 866063 )
    now if the other 49 states would do this too...
  • ..... the only state with such a law? If not, how common are laws like this?
  • by chris_mahan ( 256577 ) <chris.mahan@gmail.com> on Tuesday November 29, 2005 @04:00PM (#14141083) Homepage
    Diebold forced out of North Carolina.

    "Under pressure to comply with State Law, Diebold insead chooses to leave the field to its competitors."

    • by SpaceLifeForm ( 228190 ) on Tuesday November 29, 2005 @04:27PM (#14141405)
      How about:

      "Under pressure to comply with State Law, Diebold comes up with great excuse".

      There is no way they will meet the law, because once it becomes apparent that the software has holes that allow vote manipulation, the remaining states will do the same.

      Of course, the darkside is still trying to keep the public in the dark [bbvforums.org], at least in California.

      Here's the rules that BlackBoxVoting must meet.

      California protocols sent to Black Box Voting when they invited us to do the test Nov. 30:

      - The media cannot attend
      - The public cannot attend
      - The number of people we can bring is so small that we cannot bring our attorney or a court reporter
      - We cannot videotape, record, or keep explicit notes on it
      - We cannot retain our own work product
      - We cannot tell anyone what happened in the test

  • Put up or... (Score:5, Insightful)

    by Southpaw018 ( 793465 ) * on Tuesday November 29, 2005 @04:00PM (#14141090) Journal
    Let's tick this off:
    *You are unwilling to
    *You do not find it feasible to
    *You find it technically impossible to
    list the code in and programmers of your mission critical software that could have effects of the national security variety. The first? Maybe just greed. The second? Probably not a good sign. The third? If these people aren't getting the hint, something is seriously, seriously wrong here.
  • by 55555 Manbabies! ( 861806 ) on Tuesday November 29, 2005 @04:01PM (#14141092)
    This is why Microsoft Windows is not a good choice for embedded systems. System designers should choose an unecumbered system such as Linux or BSD, particularly if any kind of security is required, like for voting or banking.

    It suprises me that Diebold fails at this stuff so badly, considering how they've been doing it for years. I cringe every time I roll up to an ATM with their name on it. Luckily, my bank uses mostly NCR hardware :)
    • Use Linux instead? (Score:2, Insightful)

      by TPJ-Basin ( 763596 )
      And you thought listing all the developers who worked on Windows was hard....
    • by ivan256 ( 17499 ) * on Tuesday November 29, 2005 @04:06PM (#14141155)
      Usually when you develop an embedded system, you demand code escrow from your suppliers. Microsoft is a special case though, because when they enter the conversation everybody seems to become stupid. If they had gone with any other vendor (I'm not just talking Linux here... They could have used VxWorks, QNX, BSD, one of the various DOSes...) they would have had code escrow. I bet they do for every other third party bit of software on their machine.

      The list of developer names is pretty unreasonable, but code escrow is something that happens all the time, and only Microsoft manages to get out of it.
    • by cat6509 ( 887285 ) on Tuesday November 29, 2005 @04:09PM (#14141200)
      "This is why Microsoft Windows is not a good choice for embedded systems. System designers should choose an unecumbered system such as Linux or BSD, particularly if any kind of security is required, like for voting or banking." So are you saying it is possible to list the names of every programmer who worked on Linux ? I wouldn't think so. ( Please correct me if I am wrong ) As far as I can tell if this is a true requirement, someone will have to start from scratch, ( OS and all )
      • by The Man ( 684 ) on Tuesday November 29, 2005 @06:48PM (#14142804) Homepage
        As far as I can tell if this is a true requirement, someone will have to start from scratch, ( OS and all )

        Exactly. And that's a great requirement. The application in question is so sensitive, so important, and so specialised that I'm happy, as a taxpayer, to pay 2 or 5 or 10 times what it would cost to develop an off-the-shelf solution. The software in most military hardware is (or at least was until very recently) all purpose-built by contractors operating under some restrictions very similar to these: security clearances for all employees involved, which means names and background checks, code escrow, and even multiple independent implementations from different contractors used together in failsafe configurations. All of these safeguards and any others we can think of are appropriate for voting machines as well. I can't imagine that our nation is imperiled any more by a defective Tomahawk than it is by crooked voting machines. Death and slavery are, from the perspective of a democratic state, indistinguishable.

        The requirements are entirely reasonable. If they can't be met by Diebold's current designs, Diebold can either design something that can meet the requirements (and increase their bids accordingly) or decline to bid on the project. Undercutting the competition by deciding not to honour some of the constraints isn't fair to the competition and it doesn't serve the needs of the buyer. Since the bidding process in NC is long since over, the only options at this point are altering the software to meet the constraints and eating the cost, or withdrawing from the contract. I don't really care which they do but simply refusing to perfom is not an option.

  • A Threat? (Score:3, Insightful)

    by GreyPoopon ( 411036 ) <gpoopon@gma i l .com> on Tuesday November 29, 2005 @04:01PM (#14141093)
    "...In response, Diebold has threatened to pull out of North Carolina."

    Exactly how is this a threat? It's like terrorists threatening to take their ball and go home.

  • by vmcto ( 833771 ) * on Tuesday November 29, 2005 @04:01PM (#14141094) Homepage Journal
    I don't fault Diebold for being reluctant to move forward given the language of the statute.

    It seems to be clear that the intent was to have the actual source code and not just a copy of the software. Also, it isn't at all clear if that means the underlying platform or just the voting application on top of it, but why take a chance. And really, what would be the point of having access to half of the software stack?

    Either the state of North Carolina really doesn't want a windows based voting solution or they are accidentally sending the message that "no closed source solutions need apply".

    In either case poor, misunderstood Diebold may have to take their ball and go home. I think we can all agree that given their [bbvforums.org] track [bbvdocs.org] record [wired.com], this is a good thing.
    • by aristotle-dude ( 626586 ) on Tuesday November 29, 2005 @04:08PM (#14141186)
      It seems to be clear that the intent was to have the actual source code and not just a copy of the software. Also, it isn't at all clear if that means the underlying platform or just the voting application on top of it, but why take a chance. And really, what would be the point of having access to half of the software stack?

      I think you guys are really reaching here. I don't see how what OS an application has to do with it. Providing the source code for the application should be enough. If Diebold is really taking this position, I think they are doing so to spread FUD. I don't think the state regulators care about the OS but rather the software used to control the voting machine. For you guys to buy into this is quite unfortunate and you are only helping Diebolds case by being sucked in by it.

      • by 955301 ( 209856 ) on Tuesday November 29, 2005 @04:17PM (#14141284) Journal
        that's exactly what their doing. See, they don't want to publish their code, so they point to Windows and say, we can't comply so we're pulling out. They're hoping the state strikes the requirement in response so they can come back in without ever mentioning the integrity or quality of their own code.

        Please tell me someone capitalizing on open source voting is standing around to seize the opportunity.
    • by Marxist Hacker 42 ( 638312 ) * <seebert42@gmail.com> on Tuesday November 29, 2005 @04:08PM (#14141187) Homepage Journal
      Or in fact they're sending that message on purpose- that in a democratic country, a closed source voting system is a direct threat.
    • by greed ( 112493 ) on Tuesday November 29, 2005 @04:34PM (#14141488)
      And really, what would be the point of having access to half of the software stack?

      You haven't read Ken Thompson's famous bit on how to trojan the compiler and a particular application [bell-labs.com] so that you can't find any trace of the trojan in the source code for either one, then? (Was the first hit on a Google for "compiler trojan trust".)

      Basically, if you don't have the entire stack, and a completely independent way to compile it, you have no idea what is happening in a completed stack. Especially if the code running at high privilege; you could have your I/O drivers replacing code blocks on load so that the application suite audits correctly.

      Look at how much spyware for Windows works by intercepting basic system calls. Unless you have a trustable, independent way of re-creating the software stack, and then verifying that exact stack is actually running on the machine, you've got no reason to trust the box.

      So, for any environment where trust is important, almost any operating system is too complicated.

      Maybe not "COMMODORE BASIC V2", even though it's from Microsoft.

  • *Who* threatens? (Score:5, Insightful)

    by Bogtha ( 906264 ) on Tuesday November 29, 2005 @04:02PM (#14141108)

    Something must be very wrong if the supplier is threatening the customer. What happened to the free market? If Diebold don't want the business, I'm sure another enterprising company will appreciate it.

    • Re:*Who* threatens? (Score:5, Informative)

      by killjoe ( 766577 ) on Tuesday November 29, 2005 @04:19PM (#14141309)
      That's what happens in a free economy. Alas when dealing with govt purchases there is a tremendous amount of corruption and backroom dealing. Chances are the spec was written to make sure only diebold machines qualified. This is a common tactic when the bribes have already been received, hands have already been shaken, winks and nudges have already been traded.

      If Diebold pulls out and somebody else steps in Diebold will sue the state for choosing a vendor which did not qualify under the original bid.

      Most often laws and bids are written to benefit just one company like when a law gets passed exempting "any aluminum processing company which employs more then 300 people in a designated enterprise zone" meaning the alcoa plant down the street.

      Procurement is the same. The specs are written so that only product complies.
    • "Something must be very wrong if the supplier is threatening the customer." Gee, that never happens does it? The RIAA/MPAA do it all the time, don't they?
    • by ccp ( 127147 )
      Something must be very wrong if the supplier is threatening the customer. What happened to the free market?

      What has the free market to do with this?

      This is a political issue, with political intent behind. Federal administration wants Diebold, some states resist. It is very obvious why.

      USA citizens have a charming naivete about their political system that's kind of amusing.
      For the rest of the world, a government insisting on a black box voting machine, is shouting FRAUD! FRAUD! from the rooftops.

      Why do you b
  • The company does not have the right to provide Microsoft's code, he said, adding it would be impossible to provide the names of every programmer who worked on Windows
    Um, yeah, complete dodge. Of course they don't mean to turn over windows code.
    For the real reason I'd suspect he doesn't want to show the code: blackboxvoting.org
  • It is possible that they'll have to pull out of North Carolina as well- or have to tell us the names of every programmer who worked on Windows as well as release the source code.

    I wonder if Linspire will offer licenses to replace Windows boxen there?
  • by ErikTheRed ( 162431 ) on Tuesday November 29, 2005 @04:03PM (#14141113) Homepage
    I sense a great disturbance in the electorate... as if millions of voices cried out in... No wait, I'm confusing that with millions of voices not giving a rat's ass. See ya, Diebold.
  • Can we get a law like this in my state now?
    • Yes you can (Score:3, Interesting)

      by geekoid ( 135745 )
      Craete a list of the reason why this is good.
      Contact your govener, members iof the press.
      Work at it, it can happen.

      If you mean "Can we get this law to magically appear while I sit here and watch cartoons? then No.

      If you can find out who sponsed the law in North Carolina, they might be able to point you in a good direction to get started.

      Also, if you find a professor that specialize in politics at a local university, they might be able to help you out.

      Think, Act, Succeed. In That Order.
  • by nharmon ( 97591 ) on Tuesday November 29, 2005 @04:04PM (#14141129)
    This is simply a situation where closed source software is not the best tool for the job. Diebold is more than welcome to submit an open source solution, or play the the crybaby-going-home-and-taking-my-toy-with-me game.

    My only question is how far down do these legal requirements go? If the operating system the voting software is running on needs to be open sourced, what about the hardware firmware? Does it need to be open source as well?
  • Comment removed based on user account deletion
  • All depends on how you look, doesn't it?

    If Microsoft is responsible for 99% of the code on a voting machine, (i.e. the OS and underlying libraries - basically everything Diebold didn't write), you really can't guarantee that an attacker won't compromise the system by targeting his attack against the 99% of the code that can't be examined.

    Under such a circumstance, if I were on a standards board for voting equipment, (and assuming further that I was more interested in the integrity of the voting process

  • Pull Out? (Score:3, Funny)

    by kevin_conaway ( 585204 ) on Tuesday November 29, 2005 @04:04PM (#14141135) Homepage
    Any chance the Catholic Church was behind this?

    I'll be here all week.
  • Hey, Diebold, mshaft may be providing the base windoze warez, but aren't YOU doing the add-ons and customizations? Stop trying to BULLSHIT the judge. Since WHEN was mshaft in the ATM and voting machines software development/customization business?

    Sheesh...

    word image: shames
    (and, how appropriate...)
  • by OldAndSlow ( 528779 ) on Tuesday November 29, 2005 @04:06PM (#14141160)
    Narley Cashwell

    God, Southerners have the coolest names.

  • I develop from the CPU up all the time. Cry me a river.

    It's a VOTING SYSTEM. Not the space shuttle.

  • by Utopia ( 149375 ) on Tuesday November 29, 2005 @04:08PM (#14141185)
    Afterall regardless of the software used,
    the hardware might be designed to ignore software instructions
    and give a different set of voting results.
  • questionable code (Score:4, Insightful)

    by Anonymous Coward on Tuesday November 29, 2005 @04:13PM (#14141236)
    it's quite obvious that a company like diebold, with rather vast resources, simply doesnt want the code verified for it voting and manipulation abilities. it is well documented that a variety of backdoors exist within the system including simple ftp access to raw data, and the ability to change it at will by any user. couple that with a nonexistant paper trail or the ability to verify the code does what they say it does. anyone actually recall the huge difference in exit polls and actual count? it was so off that cnn stopped reporting on exit polls, which have a high measure of historical accuracy. so much so that exit polls are used in new voting democracies to determine vote fraud.
    i for one do not welcome our new data enabled overlords....
  • by kcbrown ( 7426 ) <slashdot@sysexperts.com> on Tuesday November 29, 2005 @04:14PM (#14141242)
    A North Carolina judge ruled that Diebold may not be protected from criminal prosecution if it fails to disclose the code behind its voting machines as required by law. In response, Diebold has threatened to pull out of North Carolina.

    Gee, that would be such a shame if that were to happen. I mean, North Carolina needs voting machines that are compromised by design, made by a company that has a vested interest in who wins the election, right?

    Oh, whatever is North Carolina to do without voting machines made by an upstanding company like Diebold? Why, their voters might have to use the old paper ballot system instead! The horror!

    Please stay, Diebold! Only a good rigged election can give us confidence in democracy!

  • by Utopia ( 149375 ) on Tuesday November 29, 2005 @04:14PM (#14141254)
    Windows CE source code is available
    http://www.microsoft.com/resources/sharedsource/Li censing/WindowsCE.mspx [microsoft.com]

    With Windows CE, "OEM customers worldwide can create and distribute commercial derivatives of the Windows CE 5.0 operating system source code for shipping in commercial devices without notifying Microsoft or sharing their derivative works with the embedded community."
  • by sam_handelman ( 519767 ) <samuel.handelmanNO@SPAMgmail.com> on Tuesday November 29, 2005 @04:16PM (#14141270) Journal
    Other posters are making a lot of hay over the responsible programmers portion of the statute - obviously, if you need to list everyone who contributed code that would tend to be impossible (although a few projects could probably comply.)

      However, I'm fairly sure that you could meet that requirement with a list of the *responsible* programmers - i.e., the people in charge making decisions. Thus, you don't need to list every programmer - the person in charge of your particular embedded system fork ought to be sufficient.
  • So tell me again (Score:3, Insightful)

    by Jtheletter ( 686279 ) on Tuesday November 29, 2005 @04:23PM (#14141353)
    why this is an argument in favor of closed source voting machines? Security through obscurity my a$$. This simply highlights problems with high-security black box applications - not even they know what's in the code they're running. They have to trust the other vendor(s) (MS, whose track record on security is terrible and a matter of public record) that the code is secure but cannot prove it, yet they expect us to believe their code is secure.

    And more suspiciously, why are they threatening to leave instead of complying as much as possible? The court (i.e. ruling judge) should be able to apply the law in such a way that Diebold discloses all of their code, and then any remaining proprietary code from other vendors can be handled with those other vendors. Or is it that Diebold has something to hide? If their code really is secure, and actually does what they claim then they should have no problem showing everything they legally own. There really isn't anything that should be a trade secret about vote tabulation. I, for one, think it's disgusting that any US company would actually do the country such a disservice by trying to obfuscate for profit a product which is meant to facilitate the practice of democracy. Honestly, the whole board should be deported for conspiring to commit vote fraud. It would trivial to prove their innocence, simply release the code. Any other excuse smacks of dishonesty. In matters of government the appearance of impropriety should be treated as impropriety until/unless demonstrated otherwise.

  • by Nom du Keyboard ( 633989 ) on Tuesday November 29, 2005 @04:23PM (#14141366)
    impossible to provide the names of every programmer who worked on Windows.

    The may not want to be identified.

  • It's obvious (Score:3, Insightful)

    by saskboy ( 600063 ) on Tuesday November 29, 2005 @04:25PM (#14141384) Homepage Journal
    "if it fails to disclose the code behind its voting machines as required by law. In response, Diebold has threatened to pull out of North Carolina."

    I fail to see the downside of this?
    All states should start requiring voting machines to be open source, and when Diebold doesn't comply because it's rigged, they can be banned without discriminating against the company specificly. Well done SC. Has SC ever been the leader in a good way for laws before?

    Additionally, all electronic voting must come with a paper ballot that goes into the backup ballot box, and should be visible to the voter before it goes in. You might need to have the voter hand shove their paper stub - but printing ballots on site might introduce other problems.
  • Background info (Score:5, Informative)

    by OWJones ( 11633 ) on Tuesday November 29, 2005 @04:30PM (#14141437)

    Note: I have been working on voting integrity issues in North Carolina for a little while now, and advised the committees that drafted the bill in question.

    The state passed a pretty comprehensive election reform bill, which included the provision that all vendors must hand over all code that runs, is installed on, or is otherwised used in the operation of the voting machines. No if, ands, or buts.

    Our State Board of Elections did not like this. They want paperless voting machines, and badly. Like a six-year-old that's been told to clean up its room, they're dragging their feet on enforcing these (and other provisions). When writing the Request For Purchase (bid requirements), some staffer added a "clarification" that the vendors only had to hand over "available" software, and simply explain why they couldn't hand over the rest. In other words, "Here's why I'm going to be breaking the law today."

    Lawmakers were not happy. The SBOE, however, didn't particularly care. They didn't see a problem with only handing over a portion of the code, and wanted to interpret the law as loosely as possible.

    Diebold pointed out that "available" was different than "everything", and actually got a restraining order that prevented the state from suing them for not complying with any of the new provisions of the law. This case essentially overturned that ruling, saying "Uh, no, you actually have to comply with the law." Technically it says, "Ask your lawyers for legal advice, not the court, we're not going to pre-judge the law before there's an actual conflict (i.e., you actually get sued for violating these provisions."

    So Diebold is going to take their ball and go home, since they would actually have to play by the rules. Oh well.

    On a side note, I didn't see any evidence that Diebold actually tried to get a Shared Source [microsoft.com] license from Microsoft, which would actually let them escrow the code. Maybe Diebold didn't actually want to escrow, well, anything?

    Imagine that.

    -jdm

  • by HangingChad ( 677530 ) on Tuesday November 29, 2005 @04:41PM (#14141572) Homepage
    North Carolina threatens honest elections!
  • by Kozar_The_Malignant ( 738483 ) on Tuesday November 29, 2005 @04:57PM (#14141782)
    [Rant]
    I am a Citizen and an Elector (member of the Electorate) in the US. That puts me at the TOP of the pyramid in the election process. In the US, the Electorate is Sovereign. Where does Diebold or any other corporate entity get off trying to dictate how elections are held? They act like they have some god-given right to make money off of the process. Fuck that! They have a right to come grovelling, hat in hand, and ASK if maybe, just maybe, we might want to use some equipment they want to sell. We get to set the rules about how elections are held, not them.

    My county uses optical scan ballots and ballot box readers. If a precinct shows some sort of wierd result, the elections commissioner, in the company of plenty of witnesses, pops that sucker open and looks at the ballots. End of problem.

    I frankly don't give a damn if results aren't available until Wednesday morning, or even Friday. They aren't certified official for weeks, anyway. The only difference early results make is who gets hammered for what reason at what post-election party.

    There is nothing more important than the election process. All legitimacy of the government flows directly from it. Diebold has no fucking place dictating any damn thing about that. Paper ballots work. If they are slow and more costly, that is a small fucking price to pay for legitimacy.
    [/Rant]
  • Evidence of guilt. (Score:5, Interesting)

    by Fantastic Lad ( 198284 ) on Tuesday November 29, 2005 @05:17PM (#14142026)
    Idiotic.

    When it comes to individual rights, I thoroughly disagree with the argument which runs, "Why should you mind the police searching your home unless you have something to hide?"

    But when it comes to the State, and it's employees, (like Diebold), the same logic is quite acceptable.

    Let's all remember, the State is there to serve the public, not the other way around. At least, that's how it's supposed to work.

    Thus, non-compliance with the most basic and rational doctrine, ("You must let us see how your voting machines work"), means to me that Diebold is hiding the fact that their machines are indeed faulty, and almost certainly deliberately faulty.

    I'd love to see this break wide open, and have the journalists see the light and revolt against their Zionist-neo-con-Christian-brain-washed overseers, and publish the story far and wide. And then put Bush and his crew and the entire ruling elitist segment of the populace into prison. But I don't really expect this.

    The most we'll see is a scapegoat being hung out to dry while the parade of evil continues.

    The best way to resist is to do it on a personal level. Shine brightly and follow your internal compass as best you can. Defy The Lie. --Living in such a way will affect others in an ever-expanding ripple effect.


    -FL

  • by fbg111 ( 529550 ) on Tuesday November 29, 2005 @05:51PM (#14142366)
    That's not possible for Diebold's machines, which use Microsoft Windows,

    Interesting. [heise.de] Maybe it's not the Supreme Court deciding elections that we need to be worrying about... Maybe this is another reason why Diebold is so resistant to voter-verified paper trails.
  • by t_allardyce ( 48447 ) on Tuesday November 29, 2005 @06:32PM (#14142703) Journal
    "Our system is built on code from so many people we wouldn't even be able to name half of them, let alone verify their competence, integrity or motivation. Hell, we can't even see what they actually wrote in the code! Even with countless cases of faulty software in the past, were trusting our system solely on the base of Microsoft so we can use their widget set, networking stack, memory management and device support - all of which are vital components to our system."
  • by sacrilicious ( 316896 ) <qbgfynfu.opt@recursor.net> on Wednesday November 30, 2005 @06:48AM (#14145865) Homepage
    (lifted from The Simpsons episode "Cape Fear".)

    Lawyer: Isn't it true that you hate Diebold?

    Me (dismissively amused): Diebold? That cute upstart little company that stole the election and sent this country into an economic and moral state not unlike a dark, urine-soaked hellhole?

    Cheney: We object to the term "urine-soaked hellhole" when you could have used the term "torture-free patriotic heckhole".

    Me: Cheerfully withdrawn.

    Lawyer: But what about that tattoo on your chest? Doesn't it say, "Diebold die"?

    Me: NO! That's German for "The bold, the".

Almost anything derogatory you could say about today's software design would be accurate. -- K.E. Iverson

Working...