Salon.com: Will the election be hacked?
Leaving the security of such a crucial government function in the hands of private companies motivated primarily by a desire to make a quick buck seems like a loopy idea to many people. And the more one listens to the activists' complaints about how Diebold does business, the more one comes to understand their worries about election security.
The Federal Voting Assistance Program promises to allow citizens living overseas to "Vote Using the Internet in 2004!":
Are you a Uniformed Services member or dependent? Are you a U.S. citizen living overseas?
In 2004, you can take part in an exciting new initiative called SERVE (Secure Electronic Registration and Voting Experiment), which will let eligible U.S. citizens vote from any Windows-based computer with Internet access, anywhere in the world!
And, by the way, SERVE has all the same flaws that other e-voting systems have: they are "especially vulnerable to various forms of insider (programmer) attacks" and lack verifiable audit trails.
Update, Jan. 23, Washington Post: Pentagon's Online Voting Program: Chat with Avi Rubin
Rep. Dennis Kucinich (D-OH) has taken a leading role in creating public awareness and discussion about the flaws and potential security risks in Diebold's electronic voting system and the company's use of the DMCA to prevent discussion about these risks.
On a section of his web site, which discusses voting rights, Kucinich provides a concise summary of the problems with Diebold's insecure electronic voting technology, with links to the Diebold internal memos and independent research documenting the security flaws. In addition to drafting new legislation, Kucinich Requests House Judiciary Committee Hearing On Diebold’s Abuses Of Digital Millennium Copyright Act in a letter to the House Judiciary Committee.
Diebold’s actions abuse the Digital Millennium Copyright Act, using copyright to suppress speech rather than fulfill the Constitution’s purpose for copyright, to “promote progress.” These abuses raise a fundamental conflict with the First Amendment, diminishing the Internet’s tremendous value as a most free medium of expression. Diebold’s actions are representative of a growing body of abuses through which large and powerful parties unfairly intimidate ISPs to remove information those parties do not like. In other examples, the claims are not really about copyright, but about not showing the parties in a negative light, or not allowing consumers to compare prices, or quieting religious critics. Powerful parties should not be permitted to misuse copyright as a tool for limiting bad press and barring access to legitimate consumer information.
On another section of his web site, Kucinich serves his constituents by offering links for Polka, Bowling and Kielbasa.
The establishment media is picking up on the issues and potential problems with unsecured electronic voting:
NY Times: Machine Politics in the Digital Age
"I am committed to helping Ohio deliver its electoral votes to the president next year," wrote Mr. O'Dell, whose company [Diebold Inc.] is based in Canton, Ohio.
But it is not the only way that Mr. O'Dell is involved in the election process. Through Diebold Election Systems, a subsidiary in McKinney, Tex., his company is among the country's biggest suppliers of paperless, touch-screen voting machines.
Washington Post: Touch-and-Go Elections
Diebold's legal threats against students uploading company memos describing the security flaws in their electronic voting machines continue.
Harvard Crimson: Student Accused of Violating Copyrights
In court, the suit against Diebold by non-profit ISP Online Policy Group (OPG) and two Swarthmore students will move ahead on an accelerated schedule,
EFF: Judge Speeds Case on Electronic Voting Company's Threats Against Critics
Wired News: California Halts E-Vote Certification
The discovery that uncertified software may have been used in electronic voting machines has prompted California officials to delay plans to approve new machines made by Diebold Election Systems.
Diebold, Inc., manufacturer of electronic voting machines, has been sending out dozens of cease and desist letters to Internet Service Providers (ISPs), after internal documents indicating flaws in their systems were published on the Internet. The company cited copyright violations under the Digital Millennium Copyright Act (DMCA) and demanded that the documents be taken down.
Now EFF and the Center for Internet and Society Cyberlaw Clinic at Stanford Law School are fighting back, seeking a court order on behalf of nonprofit ISP Online Policy Group (OPG) and two Swarthmore College students to prevent Diebold’s abusive copyright claims from silencing public debate about voting, the very foundation of our democratic process.
Copyfight: EFF, CIS Seek Court Order Against Diebold
Derek Slater: "On Friday, Harvard's Computer Security team contacted me about Diebold's notice-and-takedown request."
Forbidden files are circulating on the Internet and threats of lawsuits are in the air. Music trading? No, it is the growing controversy over one company’s electronic voting systems, and the issues being raised, some legal scholars say, are as fundamental as the sanctity of elections and the right to free speech.
The Diebold issue shows how p2p can serve democracy. It also raises the question: is democracy a non-infringing fair use?
This article is full of great quotes:
“Are these companies staffed by folks completely ignorant of computer security,” [Prof. Rebecca Mercuri] said, “or are they just blatantly flaunting that they can breach every possible rule of protocol and still sell voting machines everywhere with impunity?”
“[Sequoia's approach is] very different from the way that Diebold has been doing things.” [Aviel D.] Rubin, who has received a cease-and-desist notice from Diebold because of his research, said, “The solution is to stop selling insecure voting machines and not to continue threatening students who are only trying to protect our democracy.”
Wired News: Aussies Do It Right: E-Voting.
Unlike here in the US, Australian e-voting technology is being adopted in order to accurately and securely count votes.
Wired News: E-Vote Protest Gains Momentum
"My concern and I think the concern of the students is to focus attention on electoral fraud. The copyright stuff is a sideshow," he said. "If what the memos suggest is true, this makes hanging chads look like state-of-the-art (election technology)."
Ernest Miller is all over the Diebold/Swarthmore/Why War story.
The US Court of Appeals for the Ninth Circuit ruled today in Weber v. Jones that California's decision to certify the use of touchscreen electronic voting machines which lack a paper audit trail does not violate the US Constitutional, even though such machines produce unverifiable results.
Newsweek technology columnist Stephen Levy discusses the problems with Diebold and electronic voting: Black Box Voting Blues
The best minds in the computer-security world contend that the voting terminals can’t be trusted. Listen, for example, to Avi Rubin, a computer-security expert and professor at Johns Hopkins University who was slipped a copy of Diebold’s source code earlier this year. After he and his students examined it, he concluded that the protections against fraud and tampering were strictly amateur hour. “Anyone in my basic security classes would have done better,” he says. The cryptography was weak and poorly implemented, and the smart-card system that supposedly increased security actually created new vulnerabilities. Rubin’s paper concluded that the Diebold system was “far below even the most minimal security standards.” Naturally, Diebold disagrees with Rubin. “We’re very confident of accuracy and security in our system,” says director of Diebold Election Systems Mark Radke.
In the link above, there is a link to a Newsweek radio story which interviews Levy and Congressman Rush Holt (D-NJ) who introduced Voter Confidence and Increased Accessibility Act of 2003 (HR 2239). Holt says: I'm sorry to say that some people see this as a partisan matter. There is no partisan intentions about this [legislation]. "It is very urgent [that the voting process is modernized]. [Voting] is the central act of a democracy... The level of suspicion, skepticism, distrust is really high... that has to be addressed."
Lawmeme's James Grimmelman wonders How Direct is Too Direct When It Comes to Hyperlinks to the Diebold memos? "Here's a link to a site that links to a site that links to a site that links to a site that links to a site with the memos. Whoops, that's the Diebold home page."
Wired News: Students Fight E-Vote Firm
Diebold has been sending out cease-and-desist letters to force websites and ISPs to take down the memos [describing the company's awareness of the security flaws in its e-voting machines], which the company says were stolen from its server in violation of copyright law. It has been using the Digital Millennium Copyright Act, or DMCA, to force ISPs to take down sites hosting the memos or sites containing links to the memos.
Ernest Miller: Swarthmore Actively Opposes E-Civil Disobedience Campaign