February 09, 2004

Hack the vote

Salon.com: Will the election be hacked?

Leaving the security of such a crucial government function in the hands of private companies motivated primarily by a desire to make a quick buck seems like a loopy idea to many people. And the more one listens to the activists' complaints about how Diebold does business, the more one comes to understand their worries about election security.

Posted by Andrew Raff at 11:49 AM | Comments (0) | TrackBack

January 21, 2004

Insecure Internet Voting

The Federal Voting Assistance Program promises to allow citizens living overseas to "Vote Using the Internet in 2004!":

Are you a Uniformed Services member or dependent? Are you a U.S. citizen living overseas?

In 2004, you can take part in an exciting new initiative called SERVE (Secure Electronic Registration and Voting Experiment), which will let eligible U.S. citizens vote from any Windows-based computer with Internet access, anywhere in the world!

A new report, A Security Analysis of the Secure Electronic Registration and Voting Experiment, finds that SERVE is "vulnerable to a variety of well-known cyber attacks (insider attacks, denial of service attacks, spoofing, automated vote buying, viral attacks on voter PCs, etc.), any one of which could be catastrophic." While the system uses a certain level of encryption and security, the report's authors argue that "E-commerce grade security is not good enough for elections."

And, by the way, SERVE has all the same flaws that other e-voting systems have: they are "especially vulnerable to various forms of insider (programmer) attacks" and lack verifiable audit trails.

NY Times: Report Says Internet Voting System Is Too Insecure to Use

Update, Jan. 23, Washington Post: Pentagon's Online Voting Program: Chat with Avi Rubin

Posted by Andrew Raff at 11:18 PM | Comments (0) | TrackBack

November 24, 2003

Diebold and Dennis

Rep. Dennis Kucinich (D-OH) has taken a leading role in creating public awareness and discussion about the flaws and potential security risks in Diebold's electronic voting system and the company's use of the DMCA to prevent discussion about these risks.

On a section of his web site, which discusses voting rights, Kucinich provides a concise summary of the problems with Diebold's insecure electronic voting technology, with links to the Diebold internal memos and independent research documenting the security flaws. In addition to drafting new legislation, Kucinich Requests House Judiciary Committee Hearing On Diebold’s Abuses Of Digital Millennium Copyright Act in a letter to the House Judiciary Committee.

Diebold’s actions abuse the Digital Millennium Copyright Act, using copyright to suppress speech rather than fulfill the Constitution’s purpose for copyright, to “promote progress.”  These abuses raise a fundamental conflict with the First Amendment, diminishing the Internet’s tremendous value as a most free medium of expression.  Diebold’s actions are representative of a growing body of abuses through which large and powerful parties unfairly intimidate ISPs to remove information those parties do not like.  In other examples, the claims are not really about copyright, but about not showing the parties in a negative light, or not allowing consumers to compare prices, or quieting religious critics.  Powerful parties should not be permitted to misuse copyright as a tool for limiting bad press and barring access to legitimate consumer information.

On another section of his web site, Kucinich serves his constituents by offering links for Polka, Bowling and Kielbasa.

In other E-Voting news, The Harvard Crimson reports on Diebold, the DMCA and Derek: Student Will Not Be Disciplined for Memos

Posted by Andrew Raff at 01:12 PM | Comments (0) | TrackBack

November 11, 2003

E-Vote Update

The establishment media is picking up on the issues and potential problems with unsecured electronic voting:

NY Times: Machine Politics in the Digital Age

"I am committed to helping Ohio deliver its electoral votes to the president next year," wrote Mr. O'Dell, whose company [Diebold Inc.] is based in Canton, Ohio.

But it is not the only way that Mr. O'Dell is involved in the election process. Through Diebold Election Systems, a subsidiary in McKinney, Tex., his company is among the country's biggest suppliers of paperless, touch-screen voting machines.

Washington Post: Touch-and-Go Elections

Diebold's legal threats against students uploading company memos describing the security flaws in their electronic voting machines continue.
Harvard Crimson: Student Accused of Violating Copyrights

In court, the suit against Diebold by non-profit ISP Online Policy Group (OPG) and two Swarthmore students will move ahead on an accelerated schedule,
EFF: Judge Speeds Case on Electronic Voting Company's Threats Against Critics

Posted by Andrew Raff at 12:36 PM | Comments (0) | TrackBack

November 04, 2003

California Halts E-Vote Certification

Wired News: California Halts E-Vote Certification

The discovery that uncertified software may have been used in electronic voting machines has prompted California officials to delay plans to approve new machines made by Diebold Election Systems.

Posted by Andrew Raff at 12:54 PM | Comments (0) | TrackBack

November 03, 2003

EFF, Stanford seek court order against DIebold

EFF: Online Policy Group v. Diebold, Inc.

Diebold, Inc., manufacturer of electronic voting machines, has been sending out dozens of cease and desist letters to Internet Service Providers (ISPs), after internal documents indicating flaws in their systems were published on the Internet. The company cited copyright violations under the Digital Millennium Copyright Act (DMCA) and demanded that the documents be taken down.

Now EFF and the Center for Internet and Society Cyberlaw Clinic at Stanford Law School are fighting back, seeking a court order on behalf of nonprofit ISP Online Policy Group (OPG) and two Swarthmore College students to prevent Diebold’s abusive copyright claims from silencing public debate about voting, the very foundation of our democratic process.

Copyfight: EFF, CIS Seek Court Order Against Diebold

Derek Slater: "On Friday, Harvard's Computer Security team contacted me about Diebold's notice-and-takedown request."

NPR: Activist Group to Sue E-Voting Firm

Posted by Andrew Raff at 11:41 PM | Comments (0) | TrackBack

Copyright, File Sharing and Democracy

NY Times: File Sharing Pits Copyright Against Free Speech

Forbidden files are circulating on the Internet and threats of lawsuits are in the air. Music trading? No, it is the growing controversy over one company’s electronic voting systems, and the issues being raised, some legal scholars say, are as fundamental as the sanctity of elections and the right to free speech.

The Diebold issue shows how p2p can serve democracy. It also raises the question: is democracy a non-infringing fair use?

This article is full of great quotes:

“Are these companies staffed by folks completely ignorant of computer security,” [Prof. Rebecca Mercuri] said, “or are they just blatantly flaunting that they can breach every possible rule of protocol and still sell voting machines everywhere with impunity?”

“[Sequoia's approach is] very different from the way that Diebold has been doing things.” [Aviel D.] Rubin, who has received a cease-and-desist notice from Diebold because of his research, said, “The solution is to stop selling insecure voting machines and not to continue threatening students who are only trying to protect our democracy.”

Posted by Andrew Raff at 10:54 AM | Comments (0) | TrackBack

Aussie! Aussie! Aussie! Vote! Vote! Vote!

Wired News: Aussies Do It Right: E-Voting.

Unlike here in the US, Australian e-voting technology is being adopted in order to accurately and securely count votes.

Posted by Andrew Raff at 10:29 AM | Comments (0) | TrackBack

October 29, 2003

Diebold, Diebolder, Dieboldest

Wired News: E-Vote Protest Gains Momentum

"My concern and I think the concern of the students is to focus attention on electoral fraud. The copyright stuff is a sideshow," he said. "If what the memos suggest is true, this makes hanging chads look like state-of-the-art (election technology)."

Ernest Miller is all over the Diebold/Swarthmore/Why War story.

Posted by Andrew Raff at 12:10 PM | Comments (0) | TrackBack

October 28, 2003

Touchscreen Voting Sans Paper Trail Not Unconstituional

The US Court of Appeals for the Ninth Circuit ruled today in Weber v. Jones that California's decision to certify the use of touchscreen electronic voting machines which lack a paper audit trail does not violate the US Constitutional, even though such machines produce unverifiable results.

Election Law Blog: Ninth Circuit Holds that Use of Touchscreen Voting System without paper trail does not violate United States Constitution.

Posted by Andrew Raff at 06:00 PM | Comments (0) | TrackBack

Black Box Voting Blues

Newsweek technology columnist Stephen Levy discusses the problems with Diebold and electronic voting: Black Box Voting Blues

The best minds in the computer-security world contend that the voting terminals can’t be trusted. Listen, for example, to Avi Rubin, a computer-security expert and professor at Johns Hopkins University who was slipped a copy of Diebold’s source code earlier this year. After he and his students examined it, he concluded that the protections against fraud and tampering were strictly amateur hour. “Anyone in my basic security classes would have done better,” he says. The cryptography was weak and poorly implemented, and the smart-card system that supposedly increased security actually created new vulnerabilities. Rubin’s paper concluded that the Diebold system was “far below even the most minimal security standards.” Naturally, Diebold disagrees with Rubin. “We’re very confident of accuracy and security in our system,” says director of Diebold Election Systems Mark Radke.

In the link above, there is a link to a Newsweek radio story which interviews Levy and Congressman Rush Holt (D-NJ) who introduced Voter Confidence and Increased Accessibility Act of 2003 (HR 2239). Holt says: I'm sorry to say that some people see this as a partisan matter. There is no partisan intentions about this [legislation]. "It is very urgent [that the voting process is modernized]. [Voting] is the central act of a democracy... The level of suspicion, skepticism, distrust is really high... that has to be addressed."

Posted by Andrew Raff at 01:34 PM | Comments (0) | TrackBack

October 27, 2003

How many links does it take to get to the center of a Diebold memo?

Lawmeme's James Grimmelman wonders How Direct is Too Direct When It Comes to Hyperlinks to the Diebold memos? "Here's a link to a site that links to a site that links to a site that links to a site that links to a site with the memos. Whoops, that's the Diebold home page."

Posted by Andrew Raff at 12:02 PM | Comments (0) | TrackBack

October 23, 2003

Students Stand Up to Diebold

Targeting Diebold with Electronic Civil Disobedience

Wired News: Students Fight E-Vote Firm

Diebold has been sending out cease-and-desist letters to force websites and ISPs to take down the memos [describing the company's awareness of the security flaws in its e-voting machines], which the company says were stolen from its server in violation of copyright law. It has been using the Digital Millennium Copyright Act, or DMCA, to force ISPs to take down sites hosting the memos or sites containing links to the memos.

Ernest Miller: Swarthmore Actively Opposes E-Civil Disobedience Campaign

Posted by Andrew Raff at 02:53 PM | Comments (0) | TrackBack