Diebold, Inc. was one of the biggest manufacturers of voting machines in the U.S. In August 2003, Walden W. O. Dell, Diebold's President and Chief Executive, wrote ''I am committed to helping Ohio deliver its electoral votes to the president
next year.'' And committed he was, for he helped raise over $100,000 for President Bush's election campaign. It is somewhat disturbing that the head of a company that makes voting machines is so partisanly political. But that is not nearly as disturbing as the fact that the company manufactured voting machines with many security flaws. In 2003, Maryland commissioned a study that revealed 328 security flaws in Diebold's voting machines, 26 of which were designated as critical. Diebold's voting system was so flawed that blackbox.org produced a video in 2004 showing that even a monkey could hack their audit logs.
The good folks at Diebold were well aware they were having problems. Unfortunately for them, an archive of 13,000 internal emails and documents discussing their voting machines leaked out and were posted on the internet. Scott Granneman, a computer security expert, wrote a must-read column discussing the problems with electronic voting machines. In it, he cites several of the leaked messages that revealed just how serious Diebold's problems were.
"Over [the past three years] I have become increasingly concerned about the apparent lack of concern over the practice of writing contracts to provide products and services which do not exist and then attempting to build these items on an unreasonable timetable with no written plan, little to no time for testing, and minimal resources. It also seems to be an accepted practice to exaggerate our progress and functionality to our customers and ourselves then make excuses at delivery time when these products and services do not meet expectations." (Source: "Resignation", announce.w3archive/200110/msg00001.html, dated 5 October 2001)
"It does not matter whether we get anything certified or not, if we can't even get the foundation of Global stable. This company is a mess! We should stop development on all new, and old products and concentrate on making them stable instead of showing vaporware. Selling a new account will only load more crap on an already over burdened entity. ... You are taxing the development team beyond what they can handle. ... Why is it so hard to get things right! I have never been at any other company that has been so miss managed [sic]." (Source: "Fw: Battery Status & Charging---and too much bull!!", announce.w3archive/200110/msg00002.html, dated 20 October 2001)
"I need some answers! Our department is being audited by the County. I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16022 when it was uploaded. Will someone please explain this so that I have the information to give the auditor instead of standing here "looking dumb". I would appreciate an explanation on why the memory cards start giving check sum messages. We had this happen in several precincts ..." (Source: "Memory card checksum errors (was: 2000 November Election)", support.w3archive/200101/msg00061.html, dated 18 January 2001)
"For a demonstration [for El Paso County, Colorado] I suggest you fake it. Progam them both so they look the same, and then just do the upload fro [sic] the AV. That is what we did in the last AT/AV [AccuTouch/AccuVote] demo." (Source: "RE: El Paso, Colorado", support.w3archive/199903/msg00098.html, dated 19 March 1999)
"I hate more than anyone else in the company to bring up a certification issue with this, but a number of jurisdictions require a "system test" before every election. I just helped Knecht yesterday with an RFP from Riverside that required this. That is why the AccuVote displayes the silly ***System Test Passed*** message on boot up instead of "memory test passed", which is all it actually tests. No argument from me that it is pointless. You could probably get away with a batch file that prints "system test passed" for all I know. We will do something along those lines with the new unit after a memory test or whatever." (Source: "RE: AVTS - Diagnostics & Installation", support.w3archive/199907/msg00013.html, dated 6 July 1999)
"Right now you can open GEMS' .mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. ... Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the .mdb file. ... It is possible to put a secret password on the .mdb file to prevent Metamor [a consulting company] from opening it with Access. Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before." (Source: "RE: alteration of Audit Log in Access", support.w3archive/200110/msg00122.html, dated 18 October 2001)
Ganneman summarized these messages better than I could:
Think about those memos. In particular, the last one. Here we have a company using unprotected Microsoft Access database files to store votes and the audit log. That's bad. Really, really bad, in a whole host of ways. But even worse, after pondering a change, it decides not to implement a password! And what is meant by the "fancy footwork" that "King County is famous for"? That sounds shady as hell.
The leakage of these internal documents was a PR disaster for Diebold. So Diebold did what any democracy-loving company that had the welfare of the American public at heart would do-- they used the DMCA to try to make knowledge of their slipshod product disappear down an Orwellian memory hole. They sent dozens of DMCA notices around the country to Internet Service Providers that hosted copies of the documents. They even sent DMCA complaints to ISPs that didn't host the documents, but merely hosted websites that linked to the documents. Fortunately, members of the internet community fought back. The documents were copied and uploaded to new sites faster than Diebold could issue DMCA notices. The Electronic Frontier Foundation and the Center for Internet and Society Cyberlaw Clinic at Stanford Law School sued Diebold on behalf of OPG (an ISP) and two Swathmore college students who had received Diebold's very special love notes.
And the Court gave Diebold a well-deserved ass kicking. The court ruled that publication of the email archive was legal and fell within fair use.
. . . at least part of the email archive is not protected by copyright law. The email archive was posted or hyperlinked to for the purpose of informing the public about the problems associated with Diebold's electronic voting machines. It is hard to imagine a subject the discussion of which could be more in the public interest. If Diebold's machines in fact do tabulate voters' preferences incorrectly, the very legitimacy of elections would be suspect.
The Court then concluded that Diebold violated section 512 (f) of the DMCA which states "
Any person who knowingly materially misrepresents under this section. . . that material or activity is infringing . . . shall be liable for
any damages, including costs and attorneys' fees. . .
The Court concluded:
as a matter of law that Diebold knowingly materially misrepresented that Plaintiffs infringed Diebold's copyright interest, at least with respect to the portions of the email archive clearly subject to the fair use exception. No reasonable copyright holder could have believed that the portions of the email archive discussing possible technical problems with Diebold's voting machines were protected by copyright, and there is no genuine issue of fact that Diebold knew--and indeed that it specifically intended--that its letter to OPG and Swathmore would result in prevention of publication of that content. . . . The fact that Diebold never actually brought suit against any alleged infringer suggests strongly that Diebold sought to use . . . the DMCA's safe harbor provisions--which were designated to protect ISPs, not copyright holders--as a sword to suppress publication of embarrassing content rather than as a shield to protect its intellectual property
Diebold was forced to cough up $125,000 in legal fees and damages. Now, one could conclude that this was a DMCA success story because, as George Bush might have said, "the evil doers" were punished in the end. But it was only a success because some very brave people faced down a powerful corporation and risked losing everything in a lawsuit. Diebold did, in fact, get ISPs to remove many copies of the archive from the internet. Had fewer people been willing to stick their necks out, the public might never have seen these important documents.
Diebold and Youtube
In September 2006, three computer science experts at Princeton University wrote a paper demonstrating that Diebold voting machines still had flaws that could be exploited to rig elections. Several videos based on this paper have been uploaded to Youtube. Together, these videos have had over 300,000 views. Here is one video on how to manipulate a Diebold voting machine
Please attribute excerpts you take from my work to themaskedanalyst and include a link to themaskedanalyst.com.
