digg

Join DiggAbout

Discover the best of the web!
Learn more about Digg by taking the tour.

See the original image at arstechnica.com

E-voting vendor blocks security audit with legal threats

arstechnica.com — New Jersey election officials have scrapped plans to hire a Princeton University computer science professor for a voting machine security review after receiving legal threats from the the vendor, Sequoia Voting Systems. Sequoia says that unauthorized independent review would violate the county's license agreement and jeopardize Sequoia's intellectu

Bury
show profanity settings
expand all
  • bgturk, on 03/22/2008, -0/+77Here goes your democracy.
    • ThndrShk2k, on 03/22/2008, -0/+1Not if they get smart and 'lose' a machine when they cancel any contract with Sequoia for not complying with valid voting scrtiny. Sending that machine to Princeton while having sequoia not make ANY money, and lose popularity.
    • PopcornDave, on 03/22/2008, -2/+1Only if you use those machines. You can still get an absentee ballot.
      • Soccrmastr, on 03/22/2008, -0/+3Don't kid yourself. The electronic voting machines just makes it easier for them to rig, but isn't required.
        • PopcornDave, on 03/22/2008, -1/+1I never said they didn't, but with the absentee ballot your vote can't be hacked electronically.
  • mithrasinvictus, on 03/22/2008, -0/+89Looks like someone has something to hide.
    • InfamousAtheist, on 03/22/2008, -0/+2Which should automatically kick off an investigation by the Justice Department, but our government is so ***** corrupt and the people so apathetic that our so-called democracy will be (has been) stolen right out from under us.
  • mchan103, on 03/22/2008, -0/+62Criminal investigation should be initiated on Sequoia Voting Systems. I see massive voting fraud across the country. The Sequoia Voting Systems voting systems should be thrown out and refunded plus interest.
  • todddavid48, on 03/22/2008, -1/+100If we can't test them we should replace them with systems that can be tested.
    • grumpyrain, on 03/22/2008, -0/+14One of the cornerstone requirements of any democracy is an open and editable counting process. From a 'dealing with votes' perspective, every practical measure must be taken to ensure that a vote is counted exactly once and that the vote is counted against the candidate the voter intended it to be. Electronic voting should have the advantage that there is no confusion as to handwriting or careless scrawls.

      There is no reason why an electronic system can not better checks and balances than a paper based system. Each vote should be traceable from the machine it was physically clocked at through to the central database at the electoral office. Furthermore, a closed implementation is entirely contradictory to the nature of a democratic process. These systems should not only be sent to Princeton, but also internationally to an entirely independent election observer for analysis.
      • MrWhite7, on 03/22/2008, -0/+10I think an editable system is what we're trying to avoid, the word that escapes you is auditable.
        • Arcueid01, on 03/22/2008, -1/+4exactly the point, paper and televised is the only way to go. We also need much tighter chain of custody procedures. Look it up on youtube tons of shady ***** went down this primary.
        • grumpyrain, on 03/22/2008, -0/+6= Firefox spell checker + me not proof reading.

          Yes, I would agree that an auditable process would be by far preferable to an editable one :)
  • Berkana, on 03/22/2008, -0/+54This is absolutely unacceptable. Their "trade secret" is essentially a way to steal elections. I hope the investigators rip this one wide open. There's nothing so sophisticated about a voting machine that it needs trade secret protection; we could do it just as well with paper, so they really need to just STFU. I don't buy this nonsense about their intellectual property.
    • obliviousfool, on 03/22/2008, -0/+4This is reminiscent of Diebold's original claims that the database containing votes in Alaska was proprietary information and couldn't be viewed by anyone outside the company.
    • RTourn, on 03/22/2008, -0/+5Why is it 3rd world nations can have independent 3rd party verify elections and we can't?
    • Ryosen, on 03/22/2008, -0/+1Let them sue. I would be happy (hell, I'd be frickin' estatic) if my tax dollars went to defend the public's right to a fair and open voting system. Hey, New Jersey! As a tax payer, please!, spend my money on this. Let them sue!

      Open the box!
  • mal1964, on 03/22/2008, -7/+2They have 8 months to figure it out, I bet a buck it will work out.
    • Drahkar, on 03/22/2008, -0/+4We hope. Or else we continue to shift to electronic voting and effectively give the elections to the companies that run the machines because they aren't accountable to anyone if this type of thing is permitted.
      • mal1964, on 03/22/2008, -0/+1I agree, I do plan ahead but this is not in my radar yet.
        • Atomic1fire, on 03/22/2008, -0/+2They should have to submit public logs of the election results
          and the source code of the device because anything that could harm the election should be fixed
  • SirMolle, on 03/22/2008, -1/+8Did anyone stop to think that there MIGHT be GPL'ed Code in the machine?
    This would be a serious blow to the Company if this was discovered.
    • 4321234, on 03/22/2008, -2/+9Hmmm.....but my first thought was GOP written code.
    • Arcueid01, on 03/22/2008, -4/+5It doesn't matter we shouldn't be using code at all. We should be using only paper and have much tighter security and by tighter security I don't mean more secretive. I mean more open and punish the hell out of shady ass people. The chain of custody issues are insane.

      http://www.youtube.com/watch?v=PKQEQ7qHvgM

      We don't need any more of this type of *****. These goons are up to something thats for sure. This is regarding our representatives that make decisions about our country! This is ***** up!
    • kreneskyp, on 03/22/2008, -0/+3its a possibility but i'm gonna go with they just don't want their piece-o-crap being exposed for what it is. I wish i could sell things that people were legally prevented from examining before they buy them
  • Mardala, on 03/22/2008, -0/+33"intellectual property rights" ??? its a glorified adding machine. Probably uses an Access database to "fix", I mean, compile the election results.
    Its another reason why I think privatization in the US will not work as our society currently stands. We are trusting our voting results to a private company and we're getting screwed.
  • ripple123, on 03/22/2008, -10/+2I for one welcome our new voting machine overlords.
    • faskippy, on 03/22/2008, -1/+4Why is it that some poor schmuk always thinks that ***** is going to look cool?
      • arcticblue, on 03/22/2008, -3/+21. Because 2008 is the year of "poor schmuks who think that ***** looks cool".
        2. ???
        3. Profit!
  • dshey, on 03/22/2008, -0/+13didn't this ***** happen in that terrible Robin Williams for president movie?
  • bgturk, on 03/22/2008, -0/+11Maybe this is why they don't want an independent audit:
    http://youtube.com/watch?v=JEzY2tnwExs
    • Arcueid01, on 03/22/2008, -1/+3This is exactly why we don't need any electronic voting machines period. It is what we call a paradox. You are damned if you do and damned if you don't. There is always going to be someone that has inside information. That can't happen. We need to have some way of auditing this that they can't easily be changed. Electronic data can be changed very easily by a hired gun. No way can hundreds, thousands, or even more ballots be changed in the short windows if we make tighter measures.
      • grumpyrain, on 03/22/2008, -0/+5Not necessarily. Each vote along with the machine ID and timestamp could form a hash which could be digitally signed by the private key in the central electoral server. Any attempt to manipulate a vote would break the hash. The source code should be open for anyone to inspect and satisfy themselves that the voting has not been rigged.
  • Arcueid01, on 03/22/2008, -0/+25This is simple........If they don't want an audit then don't allow them to be part of an election. I used to be all about electronic voting thinking that it would help us be more democratic, however, with all of the crooked people out there especially making their way to becoming politicians I think that paper voting with tv recorded counting and multiple layers of security regarding chain of custody is the only way to go.

    For some reason there is a large sector of morons in our country who don't understand that playing fair is truly the only way to ensure liberty in our system. If we play by the rules everyone wins. If we don't then everyone loses. It is a really simple concept.
    • PopcornDave, on 03/22/2008, -0/+8Oddly enough, the ones who don't seem to want to play fair re the ones in power now.
    • Mardala, on 03/22/2008, -0/+8I think electronic voting machines are not the problem. But the companies that run them. I think there is a conflict of interest allowing these private companies to run our elections.
      Voting machines should have lots of oversight and run on open source code.
      • bjornski, on 03/22/2008, -0/+2Exactly. If these companies can make secure banking machines, they sure as hell can make a secure voting machine.

        They just don't WANT to.
  • tricks574, on 03/22/2008, -8/+1Eh, this looks less malicious and more like trying to save their ass's from losing their contract. The vote totals I've seen were off by very small totals, so it would seem more like a mistake, probably on the end of the supplier by the number of machines affected, but I doubt there is much stealing of elections going on with this.
    • InfamousAtheist, on 03/22/2008, -0/+2Keep telling yourself that. After the elections are stolen again and the police state is enacted, will you remember choosing to ignore the facts?
  • LarryWMSN, on 03/22/2008, -9/+1Sequoia is exactly correct.
    The real problem is that states keep agreeing to these terms. If they didn't then Sequoia wouldn't have the right to stop them.
    The states also don't seem to think it's important to have a voter verifiable paper record which many of the manufacturers have as available option.
    • theeEqualizer, on 03/22/2008, -0/+2So please come across with the rest of your point, Larry. Are you defending Sequoia? Or just their legal right to bring suit? Are you OK with voting systems that CAN NOT be audited because of a legal agreement? The article already brings up the point that the county should never have awarded a contract to a company that won't allow audits by a party of the county's choosing. We've got that. I'm asking YOU. Are you OK with ANY county in America using a voting machine that is not allowed to be audited for ANY reason?
      • bjornski, on 03/22/2008, -0/+1If another country did this (Russia or Iran for example), we'd scream about how they're not having "verifiable" elections that stink of being rigged.

        But when WE do it, it's just "business as usual", and "trade secrets are more important than your Democratic elections".
      • LarryWMSN, on 03/25/2008, -0/+0I am defending Sequoia as much as it hurts me to say that.

        It is their legal right to bring suit. I run a business and I sign contracts with many of my customers. My rights and their rights are specifically laid out. I try to be as fair as possible so both sides are protected but I can't have things hanging over me because they forgot to mention something that they might have wanted they signed the contract. It's not that I wouldn't have agree with them, but I may have wanted more money or certain language to protect me. I've walked away from contracts because my customer wanted certain language that I thought would be to costly or not in my best interests to accept.

        I don't think it was hidden in the contracts that the code couldn't be looked at when the contract was signed. If state make auditing a requirement then Sequoia could put language in their contracts about who could audit it, what confidentiality agreements that person would have to sign and what they could do with the knowledge. Will the professor be prevented from consulting to other companies in certain markets? Will all his further work have to be reviewed to make sure he didn't take any information learned during the audit? There are far too many things that Sequioa could have accounted for before signing that can't be done now.

        I don't like these companies any more than most of the readers here do and I think that auditing should be a part of every contract that they sign, but I have a bigger problem with changing the rules after the fact.
  • Synchronicity, on 03/22/2008, -9/+3Where are some people who could expose Sequoia's secrets? Where are the supposed elite hackers of the world, at this time, when America could benefit from their l337 help?

    Oh yea...

    They're too busy acting retarded with Anonymous -- encouraging people to attack the likes of Tom Cruise.
  • superdoofus, on 03/22/2008, -7/+2businesses are beheld only to their first prerogative of profit or success; is that not correct, libertarians?
    followed by something about the counties being at fault for bidding the units in the first place. now some company places itself beyond the auspice of the parameters to which it was laced to facilitate within some national herald.
    and thusly they employ legal teams to allay the actuality of their ineptitude and charge, yet their actions not only negated but also reversed the progeny of their task. i hope their dismissal is swift, protectionist efforts on their part will be of an obvious and backpedalling slant to recuse themselves.
    and ***** you libertarians, just because a company manages to do what they do, doesn't mean that it should only be dictated by buyers or word of mouth regarding their practices, ya shut-in and introverted guys whose fathers never said they were proud of you that you can remember. you're just as bad as women who are addicted to shopping, for chrissakes. mellow the ***** out.
    • smotpoker1, on 03/22/2008, -2/+3dude your just dumb.
    • faskippy, on 03/22/2008, -2/+2Hell of a name.
    • qwerter, on 03/22/2008, -2/+3I remember this one time I tried to write an essay armed with only a dime bag and a thesaurus. It looked a lot like this.
  • n00854180t, on 03/22/2008, -0/+9AFAIK (and I am not a lawyer), EULAs have never been tested in court. Also, what terms can they take away if Union County violates their agreement? Not allow them to use them? Who cares? They've already been shown to be grossly flawed in security, to the point where malicious intent is likely on the part of companies that make these machines. Go try ripping off an ATM, then notice the big DIEBOLD logo on the side after you fail to do ***** to it, because it's ***** locked down. Now why oh why exactly does Diebold, who make extremely hard to ***** with ATMs, make ridiculously (if you aren't an engineer, you can't really understand how stupidly ridiculous it is that Diebold even *claims* these things weren't purposely rigged to ***** with votes, they are literally that poorly designed) insecure "e-voting" machines. These voting machines are so laughably designed it reminds me of the result of a 12 year old with Photoshop and Dreamweaver and a "make your own website" tutorial.
  • vmass20, on 03/22/2008, -0/+17Hold on a sec..... Sequoia is saying this is Intellectual Property? A ***** program that tallies votes? ummm... im a programmer and im sure many here are... that is a complete joke. Those programs can be done by highschool students. Intelectual property wouldnt be a legal threat. Because its not property. a basic program
    • grumpyrain, on 03/22/2008, -1/+5I am sure there is a mysterious while loop in there somewhere and probably some variables holding the number of votes. I mean a program that collects records then sums them together with a particular grouping - such complex programming has surely never been done before.
      • meridian300, on 03/22/2008, -0/+4A voting program would take about 15 minutes in .NET, consist of 2 buttons and about 10 lines of code, lol.

        This is outright fraud.
        • grumpyrain, on 03/22/2008, -0/+1Actually the consolidation could be a simple group by query. It would get a bit more complex with respect to having to sign votes with a private key and sending them to a remote server. There would probably also need to be a local cache if the network went down. But these security measures should not be IP of a voting machine manufacturer. They should be open specifications by the electoral office, and every one of the measures I can think of has thousands of cases of prior art to the point it could be considered no more a companies IP than an implementation of a quicksort algorithm
  • theskyisblue, on 03/22/2008, -0/+15LOL of course... because the first thing he's going to notice is that their voting system is backed by a simple Access piece of ***** database that can easily be altered by entering new values into appropriate cells. And what's this intellectual property *****? This is VOTING. It has nothing to do with business or competition, it's politics and our rights. Just go back to paper voting if we're infringing on some intellectual property ***** by making sure our voting system is working fairly... wtf seriously, only in America.
  • enlightenme, on 03/22/2008, -0/+7"One of the unanswered questions here is why Union County would even accept a licensing agreement that prohibits arbitrary third-party review"
    At the end of the article, we find the gem. Anybody have a logical explanation about why they would accept that agreement?
    • InfamousAtheist, on 03/22/2008, -0/+3Two possibilities (I'm being serious here... sorry if it sounds facetious):
      1. The right people didn't read the agreement and relied on underlings to summarize it for them.
      2. Those responsible for the contract details on the government side are corrupt, or were bribed to ignore those important bits.

      And I suppose a third possibility is some combination of 1 & 2.
  • dbldwn, on 03/22/2008, -0/+15IMO, it should be illegal for gov't entities to use closed-source software for voting machines. It should be wide open for audit by anyone who wants to make sure there's no underhanded ***** going on.
  • KaivenTor, on 03/22/2008, -0/+2And this is why you need to read the EULA when people's votes are at stake. But this of course brings up some questions. In terms of hardware, shouldn't they make a very secure hardware system with a touch screen, Then proceed to build the software for it? It would make fixing errors a much less tedious process knowing full well that a server distributed patch or even a manual patch could be applied at will when bad things happen. Hell, devote an entire team to something like that, call it "Customer Care" or "Quality Assurance" if need be and you know, let them perform their jobs.
    Also, a third party independent review doesn't violate intellectual property. It just violates the EULA, which as we can plainly see, nobody reads anyways. Sequoia is trying to hide their inadequacies behind legal actions and sooner or later their bluffs going to get called by the government (whenever they wake up). Or until another company makes a better system.
  • LeeSoong, on 03/22/2008, -0/+7You can get a better paper trail purchasing a $0.79 candy bar ...
  • smotpoker1, on 03/22/2008, -0/+4Eula's will not hold up in courts due to the fact they say they reserve the right to change it at any time without consent or let you decide line by line what the the contract stipulates.***** A eula agreement it doesn't mean anything.
  • Vohu, on 03/22/2008, -0/+5If the vender is against an independent audit of the voting machines then the results of votes from those machines should be tossed and the machines sent back to the vender with a refund demand and a bill for the elections that have to be redone.
  • caponumen, on 03/22/2008, -0/+3If we had a real commander in chief these aholes would all be at camp X ray.
    None of these systems should be allowed on the market much less used for voting.
  • Orbmanelson, on 03/22/2008, -0/+2Election Fraud / Vote Rigging / Hindering Elders and the Infirm + oh so much more, this is what the money buckers are up to with biz as usual. There are some answers here ( http://www.authenticvote.com ) which would eliminate most of the existing problems. Without complete standardization of the balloting process, there will never be accurate elections in this country. As long as the government is in charge of the system it will be utterly corrupt!
  • ThantiK, on 03/22/2008, -0/+7Honestly, I can't see why the linux/oss community hasn't stepped up to the plate and offered up a solution to this problem. It would be the perfect selling point as well as the perfect hardening tool. Open source the tallying software, develop multiple structures to interface on whatever machine it would be placed on, all available TO THE PUBLIC for code-review.

    This way, we know what is in the machine, flaws can be patched quickly, and perhaps we can invent a way of having a verifiable paper trail, without having a verifiable (by third party) vote. The reason they don't want a "paper trail" is because in the past, people have been PAID to vote for certain candidates. If you have a verifiable vote for X candidate, you vote, go show the shark that you voted for X candidate and get paid. We don't want that. We need something open, transparent, and something that can perform the task of allowing a voter to confirm their vote, without allowing the voter to prove to someone else that they voted for X candidate. (to avoid pay-off voting.)

    X = X + 1, how hard is that to do, honestly?
    • ZippyV, on 03/22/2008, -0/+1The linux/oss community has the infrastructure to develop software but who's going to buy the computers and other hardware? Who's going to drive all that stuff around and install it on site? Who want's to pay for all the fuel and lost time?
  • LoveYouSomeEric, on 03/22/2008, -0/+5Shame on the cowards in Union County. They should be inviting a lawsuit of this sort, not running from it. A legal battle like this would draw some much needed attention to the issue of electronic voting machines, which are a serious threat to our fading democracy.
  • aurorous, on 03/22/2008, -0/+2Another thought that occurs to me, in addition to violating the EULA if the system uses encryption wouldn't a third party review of the encryption violate the DMCA?
  • qwerter, on 03/22/2008, -0/+5Glad to see that the "intellectual property" of a corporation is more important than democracy. Congratulations, New Jersey, on failing to fail to suck.
  • BikerDude69, on 03/22/2008, -0/+3Approximately 97% of Smartmatic is owned by its four founders – Antonio Mugica Rivero (a citizen of both Spain and Venezuela), Roger Pinate (a citizen of Venezuela), Alfredo Anzola (a citizen of Venezuela) and Jorge Massa (a citizen of France and Venezuela) – through personal trusts and private foundations in which they hold the beneficial interest. The remaining 2.89% of Smartmatic is owned by key employees of Smartmatic and family and acquaintances of the founders.

    http://electionupdates.caltech.edu/2006/06/more-on ...

  • cipher64, on 03/22/2008, -0/+4Just in case yer wondering who owns the company:
    http://www.conspiracyplanet.com/channel.cfm?channe ...
  • macinit1138, on 03/22/2008, -0/+4People are so gullible. The country has disgustingly endured two highly suspect Presidential elections in a row and now they think we're going to magically get one on the level this time. I know that I myself expect the election results this time around to be more of the same because AGAIN, NO ONE was ever held accountable for the last two.
  • camino262, on 03/22/2008, -0/+3I think the "intellectual property" in this case belongs to the people. Sounds like a case for the Supreme Court.
    • TheWookiee, on 03/22/2008, -0/+2The Supreme Court? Why would they intervene on an issue that negatively affects the person who chooses their replacements.
      I realize they can't be fired after they've got the job, but do you stop listening to the head of Human Resources after you've been hired just because they are not your direct supervisor? They make the work schedules and/or can influence who gets the nasty projects, so they can still make your life a living hell!
  • boozinf, on 03/22/2008, -0/+5in theory, if one were to send an email to info@sequoiavote.com, they might get an autoresponse from "Michelle M. Shafer, Vice President, Communications & External Affairs," mshafer@sequoiavote.com.

    in theory.
  • neckfire, on 03/22/2008, -1/+1*****.
  • dj43, on 03/22/2008, -0/+1Voting without verification and security of that vote is like not voting at all. So many things on Digg, if they happened near me, would provoke a violent reaction. Lucky me the crazy assholes are all miles away and I'm relatively poor.
  • AbstortedMinds, on 03/22/2008, -0/+1I agree with ThantiK that the OSS community should step up to this opportunity.
  • lucutus, on 03/22/2008, -0/+2I think someone where US law does not apply should do the review and publish it in it's entirety on the web.
  • robthom, on 03/22/2008, -0/+1Thats sounds awesome. They need to go ahead and scrap the voting process altogether. On one hand our votes dont even count since the government does whatever they want to do anyway, and on the other at least half of americans are so shallow and stupid they shouldn't even be allowed to vote in the first place.
  • lamiaconfitor, on 03/22/2008, -0/+1WHAT IS YOUR MARKET?!!!!
  • flannelback, on 03/22/2008, -0/+1blackboxvoting.org
  • TheKappa, on 03/22/2008, -0/+1Riiiiiight...
  • rxbudian, on 03/23/2008, -0/+2If the government is supposed to be accountable to the people, why can't the people who sell their products and services be accountable too?
  • motters, on 03/23/2008, -0/+2Independent scrutiny to rule out any possibility of foul play is essential if electronic voting machines are to gain any credibility. In my opinion the source code for these machines should be in the public domain, with checksums so that you can verify that the same code is running on the machine. Source code audits should be part of the setup procedure.
  • dsgncr8or, on 03/23/2008, -0/+1I think that what scares me is that they don't want to be open and stand up in their role in the process, and by blocking simple scrutiny and not just saying "ok, we have nothing to hide" they fight and leave me to believe they MUST have something to hide.
  • Kr0ntab, on 03/24/2008, -0/+0Opening the source code of voting systems for public review is important. However, what I am more interested in is how these agencies address security from implementation to project completion with regard to network design and data access controls.

    How do you know for sure that the version of code you are voting on has not been tampered with post installation? How do you know for sure that your vote has not been altered by someone with access to the back-end database or in-line network?

    It's called "chains of trust", "checks and balances", and top to bottom peer review with total disclosure policies.

    Following industry best practices is crucial, especially when money, power, and political agenda are at stake. I for one will not trust any one that denies me that vote a confidence; no pun intended.
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.