Diebold versus Democracy — Fighting Back

Home: What's Going On?

Under siege by critics, Diebold is invoking the controversial Digital Millennium Copyright Act (DMCA) to force website operators and ISPs to remove leaked memos -- which explain how anyone with access to [voting] machines could add or delete votes without detection -- from the Internet.

from EFFector Vol. 16, No. 29 -- October 25, 2003

Get the complete Diebold memo archive [7.4MB tar.bz2]

Get the report on circumvention methods [PDF]

About

Diebold Election Systems is a maker of computerized voting equipment used in 37 states. It is now trying to suppress the exposure of its security flaws using copyright law. The existence of these flaws, and Diebold's approach to sealing them from public view, shows that we need an entirely different approach to computerized voting if elections are to remain free and fair.

I need your help to ensure that the University of Evansville does not simply give in to the legal threats Diebold is starting to make against distributors of this information. I have placed this information on this page. The original source has placed it on its list of University mirrors, exposing it to quick discovery by Diebold lawyers. If you already understand the situation, please skip to Contact.

Black Box Voting

Following the election problems in 2000, increasing interest has been shown in "e-voting" technology. However, as more and more states switch to e-voting, their approach has been to use "proprietary" systems, as is usual with government software purchases, not open to public security review. Governments have so far based their assurances of fairness on the word of the vendors. There is nothing else on which to base any such assurances -- one of the bad consequences of "black box" voting.

Setting aside that the system by which votes are collected and counted in these places is now secret, the mere hiding of flaws does not mean they aren't still there. Rather, the free hand Diebold and other vendors have been given encourages them to hide flaws rather than fix them.

Lax Security

Recently, human-readable source code was made available, probably by accident, on a Diebold Internet file server. This was not old, pre-release code: it was code to a Diebold AccuVote-TS system, working up to specification of the company's advertisements.

Computer security researchers from John Hopkins University and Rice University published a fairly readable report on the flaws they discovered in just part of the code. A summary of the flaws would be too large for this note. However, a few of the most important flaws were voters' ability to vote multiple times, access administrative functions, or close (i.e. disable) the polling station. Exploits available to other players in the election process include modifying the ballot, linking votes to voters, and submitting votes from unauthorized polling machines.

On the Record

Even more damning, though, is an archive of Diebold E.S. internal software development discussions, proving that the company knows about the problems, yet would rather pretend they didn't exist than fix them, risking our free elections in the process.

This is where the University of Evansville comes in. I have provided this archive on the University Computer Science department server (here), available to the world, along with students from many other universities, as part of a campaign to keep the archive available.

Now, Diebold lawyers are sending "takedown requests", alleging copyright infringement, to the access providers of publicly available archives. U.E. has not received one yet, but I believe it soon will.

Regardless of the copyright status of these documents, the material falls under "fair use" guidelines:

  1. The purpose and character of my use of the materials is to provide the public with access to documents which are critical to national public discourse.
  2. The material in question is a collection of factual works
  3. The material does not constitute a substantially expressive work, but is simply a collection of factual material.
  4. There is no inherent market value to the works. Therefore, my reproduction can have no impact on the potential market for or value of the works.

thanks Zac Elliot

Copyright law provides an easy way out for the access provider of an accused -- not necessarily proven -- infringer, i.e. U.E., by simply disabling access to the archive. However, this would mean Diebold succeeding in yet another place in their strategy of stopping publication of this information.

U.E., please stand up for democracy and fight Diebold rather than give in to spurious copyright claims.

Get Involved/Contact

Tell other students about this campaign, perhaps by passing along this text. If you know people at other universities, ask them to archive the lists on their university web space and tell info@why-war.com about it, and where to get the archive.

You might contact some people at the University; following is a very incomplete list. Right now, the goal is to prepare them for receiving a takedown request, and telling them why you think resistance is the best option. If the university receives a takedown request, and complies with it, the goal will be to convince them to reverse their decision. I am not sure how the protocol of a takedown request would actually play out, so feel free to look into contacts yourself.

Email the server adminstrators at root@csserver.evansville.edu. Do not forget the `csserver' part.

Contact Dr. Jennings, University President, at room 201 in Olmstead. Leave a phone message at (812) 479-2151.

Last, please let me know what you think, supportive or unsupportive. You may contact me by email at s11@member.fsf.org. You may call Security here at Harlaxton College and leave a message for "Stephen Compall" at +011 44 1476 403000. I would also be willing to call you, if you give me your number. By snail mail:

Stephen Compall
Harlaxton College Box 7
Grantham, Lincs NG32 1AG
England