Voting Machines

Here are a couple of video links vaguely related to the mechanics of voting, without getting into the question of how well our elections are enabling democracy.
Mr. Rogers uses a mechanical lever voting machine:

In New York, we still use the lever machines. There is something especially satisfying about casting a vote by pulling the lever to record a vote using a system of gears. It’s a more tactile experience than using some touchscreen or optical scan systems.
And one from The Onion:
Voting Machines Elect One Of Their Own As President

Democracy, Shmerocracy

Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten, Princeton University Center for Information Technology Policy: Security Analysis of the Diebold AccuVote-TS Voting Machine: “Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine’s hardware and software and the adoption of more rigorous election procedures.”
Robert F. Kennedy, Jr, Rolling Stone: Will The Next Election Be Hacked?: “The debacle of the 2000 presidential election made it all too apparent to most Americans that our electoral system is broken. And private-sector entrepreneurs were quick to offer a fix: Touch-screen voting machines, promised the industry and its lobbyists, would make voting as easy and reliable as withdrawing cash from an ATM. Congress, always ready with funds for needy industries, swiftly authorized $3.9 billion to upgrade the nation’s election systems – with much of the money devoted to installing electronic voting machines in each of America’s 180,000 precincts. But as midterm elections approach this November, electronic voting machines are making things worse instead of better.”

In my country, there is e-voting

LawMeme reports that Kazakhstan held a successful e-vote.
In its parliamentary elections, Kazakhstan adopted e-voting in 10% of its polling stations. International observers from the OSCE noted some drawbacks to the e-voting system: Statement of Preliminary Findings and Conclusions

The State Commission responsible by law for making the decision to establish e-voting was not formed until five days before election day. As a result, the scope of e-voting was not decided until 17 September, and some PECs appeared poorly prepared. According to the CEC decision, electronic voting was to be used in 961 of 9,480 polling stations.

The e-voting system was not openly and independently certified, which would have promoted confidence in the system by domestic stakeholders. A review was carried out by a group composed of experts invited by CEC and experts nominated by some political parties, but the IEOM expert was not allowed to observe on grounds of confidentiality. The group concluded that “hacking into the system and falsifying the election results were ruled out,” although one political party representative declined to sign the report. This group of experts did not publish detailed technical arguments for these conclusions.
The system does not include a manual audit capacity, and therefore there is no possibility for a recount. The system does generate, if requested by the voter directly after voting, a private PIN code not linked to the voter which could be used to check the final control protocols, thus providing the voter with the possibility to confirm that his or her vote was recorded correctly. However, that same PIN code, if provided by the voter to a party, candidate, or employer, would demonstrate how he or she voted. This opens the potential for violation of the secrecy of the vote as well as intimidation.
Protection against manipulation from outside or incidental technical malfunction appeared sufficient. The system generated redundant, periodic local backups, and all data transmission sent through communication lines was encrypted. However, the system uses normal telephone connections between polling stations and Regional Election Commissions, and these are potentially vulnerable to unauthorized monitoring or to distortion of transmitted information.

See also: In my country, there is treaty.

OPG v. Diebold

Diebold, the controversial developer of direct-recording electronic voting systems, sent takedown notices to ISPs who hosted copies of a series of leaked internal memos documenting various flaws in the company’s e-voting systems. Non-profit ISP Online Policy Group (OPG) and two Swarthmore students sued Diebold. A Federal District Court judge ruled in favor of the ISP and students while granting summary judgment on the claim that Diebold violated 512(f) of the Digital Millennium Copyright Act (DMCA) by sending takedown notices while knowing that infringement has not actually occured. Online Policy Group v. Diebold, Inc..

Plaintiffs Smith, Pavlosky, and OPG … seek injunctive, declaratory, and monetary relief from this Court, alleging that Diebold’s claim of copyright infringement was based on knowing material misrepresentation and that Diebold interfered with Plaintiffs’ contractual relations with their respective ISPs. Plaintiffs seek a judicial declaration that publication of the email archive, hosting or providing colocation services to websites that link to allegedly infringing material, and providing internet services to others who host websites that link to allegedly infringing material are lawful activities. They request an injunction to prevent Defendants from threatening or bringing any lawsuit for copyright infringement with respect to the email archive arising from the publication, linking, or hosting services described in the complaint and a judgment barring Defendants from enforcing any copyright in the email archive unless and until Defendants’ alleged copyright misuse has ceased.

Because Diebold has “withdrawn and in the future will not send a cease and desist letter pursuant to the DMCA to any ISP concerning the email archive,” the plaintiffs’ claims for an injunction and declaratory relief are moot.
However, the court finds that Diebold misrepresented its claims of copyright infringement when sending the §512(f) notices to ISPs.

Publication is Fair Use

The court finds the publication of some of the contents in the email archive is lawful as fair use:

The email archive was posted or hyperlinked to for the purpose of informing the public about the problems associated with Diebold’s electronic voting machines. It is hard to imagine a subject the discussion of which could be more in the public interest. If Diebold’s machines in fact do tabulate voters’ preferences incorrectly, the very legitimacy of elections would be suspect. Moreover, Diebold has identified no specific commercial purpose or interest affected by publication of the email archive, and there is no evidence that such publication actually had or may have any affect on the putative market value, if any, of Diebold’s allegedly copyrighted material.

Plaintiffs’ and IndyMedia’s use was transformative: they used the email archive to support criticism that is in the public interest, not to develop electronic voting technology. Accordingly, there is no genuine issue of material fact that Diebold, through its use of the DMCA, sought to and did in fact suppress publication of content that is not subject to copyright protection.

§512(f) Standard

Plaintiffs suggest that a 512(f) action should require a “likelihood of success” standard of proof similar to the summary judgment standard while defendants sought a standard similar to Rule 11’s “frivolous.” The court rejects both of these approaches:

A requirement that a party have an objectively measured “likelihood of success on the merits” in order to assert claims of copyright infringement would impermissibly chill the rights of copyright owners. At the same time, in requiring a showing of “knowing material misrepresentation,” Congress explicitly adopted a standard different from that embodied in Rule 11, which contains a variety of other requirements that are not necessarily coextensive with those set forth in section 12(f). The Court concludes that the statutory language is sufficiently clear on its face and does not require importation of standards from other legal contexts. A party is liable if it “knowingly” and “materially” misrepresents that copyright infringement has occurred. “Knowingly” means that a party actually knew, should have known if it acted with reasonable care or diligence, or would have had no substantial doubt had it been acting in good faith, that it was making misrepresentations.

Tortious Interference with Contractual Relations

The court agrees with Diebold that the DMCA, as federal law, preempts the state law claim of tortious inteference with contractual relations.

Even if a copyright holder does not intend to cause anything other than the removal of allegedly infringing material, compliance with the DMCA’s procedures nonetheless may result in disruption of a contractual relationship: by sending a letter, the copyright holder can effectuate the disruption of ISP service to clients. If adherence to the DMCA’s provisions simultaneously subjects the copyright holder to state tort law liability, there is an irreconcilable conflict between state and federal law.


EFF: EFF Wins in Diebold Copyright Abuse Case: “In a landmark case, a California district court has determined that Diebold, Inc., a manufacturer of electronic voting machines, knowingly misrepresented that online commentators, including IndyMedia and two Swarthmore college students, had infringed the company’s copyrights. This makes the company the first to be held liable for violating section 512(f) of the Digital Millennium Copyright Act (DMCA), which makes it unlawful to use DMCA takedown threats when the copyright holder knows that infringement has not actually occured.”
Wendy Seltzer (EFF): Free Speech Vindicated in OPG v. Diebold: “Along with opening up the e-voting archives, I hope this decision will give new strength and new weapons to other online speakers and ISPs against the chill of aggressive, improper copyright claims.”
Jason Schultz (EFF): EFF wins Diebold DMCA case: “Bottom line: If you misuse DMCA take down notices, you can be liable for damages under section 512(f). How liable? That’s up next when we file our supplemental briefs. Copyright abusers beware!”
Joe Gratz: Victory in Diebold: “This is the first opinion I can think of that has found that a copyright holder “knowingly materially misrepresented” that a copyright was infringed when there was, in fact, copying of a copyrighted work, but the copying was obviously fair use. This requires copyright holders, for the first time, to go through some kind of low-level rational fair use analysis before sending a DMCA takedown notification.”
Free Culture: We won the Diebold case! “I definitely picked the wrong time to take a nap today.”
Wired News: Diebold Loses Key Copyright Case: “Students who sued Diebold Election Systems won their case against the voting machine maker on Thursday after a judge ruled that the company had misused the Digital Millennium Copyright Act and ordered the company to pay damages and fees. Lawyers for the students call the move a victory for free speech.” 
John Palfrey: Electronic voting and copyright?: “Most everyone who lived through the presidential election of 2000 would agree that it’s important to have public discussion about the integrity of voting systems in America. Most everyone, except Diebold. And Diebold sold electronic voting machines to at least 37 U.S. states in the last four years.”

EFF: Deep Links

EFF: Your Vote Is Safe – We’ve Got Paperclips

Approximately five minutes into the audience participation portion of the Election Systems & Software (ES&S) demonstration, the iVotronic machine inexplicably froze; no amount of touch-screen prodding could elicit a response. Not a problem, the ES&S presenter assured bemused observers. All that was required was a system reboot, a bit of technical wizardry that was accomplished with the assistance of a straightened paperclip.


Black Box Voting: Look at this — the Diebold GEMS central tabulator contains a stunning security hole

By entering a 2-digit code in a hidden location, a second set of votes is created. This set of votes can be changed, so that it no longer matches the correct votes. The voting system will then read the totals from the bogus vote set. It takes only seconds to change the votes, and to date not a single location in the U.S. has implemented security measures to fully mitigate the risks.
This program is not “stupidity” or sloppiness. It was designed and tested over a series of a dozen version adjustments.

This is something that officials might want to fix before the general election…

Wired on the E-Vote Beat

Wired News: : E-Vote Recount Rule in Dispute

Florida officials will not require any recounts of votes cast on touch-screen voting machines during Tuesday’s state primary, despite a ruling by an administrative judge that counties using electronic voting are not exempt from laws requiring the re-tabulation of votes in close elections.

Election Overseers Want Big Win

State and county election officials from around the country are praying that this year’s presidential race ends with a wider margin of victory than it did four years ago when George W. Bush beat Al Gore in Florida by only 547 votes. A close victory this year would likely result in more charges of voter fraud and calls for recounts, two things that election officials don’t relish.

Paper Trail Chase

One way to increase the accuracy and transparency of direct recording electronic voting machines may be to require a voter verifiable paper trail.
Wired News reports on a new survey which finds that voters want their electronic voting machines to serve paper trails, while earlier surveys found that most voters were unconcerned about the reliability of e-voting: Poll: Voters Want Paper Trail
Perhaps voters have become more informed about the risks of direct ecording e-voting machines. Perhaps this merely reflects the fact that this latest survey was commissioned by Accupoll, a company that sells electronic voting machines which happen to produce a paper trail. It seems like most voters may remain unconcerned about the accuracy or security and reliability, but all things equal, would prefer machines which produce a paper trail.
Voting rights activists are less sanguine about the accuracy and reliability of “black box” e-voting machines which lack paper trail or any kind of external audit mechanism. In Maryland, the Campaign for Verifiable Voting is seeking a court order which will require the state’s e-voting machines, of Diebold manufacture, to print a paper audit trail. The Washington Post reports: Md. Machines Seek Vote of Confidence:

Plaintiffs, led by Linda Schade, a Takoma Park activist who helped found a group called, promise to produce testimony from computer experts and election officials about security vulnerabilities and other shortcomings in machines the state has paid more than $55 million to purchase.

The Maryland lawsuit seeks “to insure the integrity of the November 2004 elections.” The Campaign for Verifiable Voting has the complaint and other filings available on its web site.