[Metroactive Features]

[ Features Index | Silicon Valley | Metroactive Home | Archives ]

[whitespace]
Techsploits

Diebold Fails Its Screen Test

IN YET another stunning example of how the Digital Millennium Copyright Act can be abused, voting machine manufacturer Diebold has issued a series of DMCA cease-and-desist notices to college students protesting the company's shoddy and irresponsible business practices.

Several weeks ago, an anonymous whistle blower leaked several years' worth of Diebold internal emails on the Internet. These documents revealed that software engineers and sales staff were fully aware that the Diebold voting machines had troubling memory problems and multiple security vulnerabilities. Political website Why War? (www.why-war.com) has posted a list of all the places where readers can download these memos (why-war.com/features/2003/10/diebold.html), along with choice excerpts from them.

Soon after people began hosting the Diebold files on their machines, however, the company sent out cease-and-desist notices--known as "takedown orders"--claiming that posting the documents amounted to a copyright violation. The idea was that Diebold company memos and such were copyrighted material and that posting them elsewhere was tantamount to pirating. Many attorneys and civil liberties groups question this use of the DMCA. These takedown orders lean perilously close to censorship. The person receiving the notice must immediately remove the material or risk a lawsuit. Since most of the individuals hosting the documents were university students who had put them on their schools' servers, they had little choice but to comply.

Working jointly, the Electronic Frontier Foundation and the Center for Internet and Society Cyberlaw Clinic at Stanford Law School are defending one ISP, the Open Policy Group, which refused to comply with Diebold's takedown notices and continues to host the files. The legal organizations have requested a restraining order against Diebold that would forbid the company from harassing people with legal threats that represent a misuse of copyright law. A judge will hear the case on Nov. 17.

Three students at UC-Berkeley were hosting the Diebold files on school computers. One, Joseph Hall, a graduate student at Berkeley's School of Information Management, received a takedown notice two days after he put the files online on Oct. 28. He says he risked a lawsuit because "I want this information out there. The way Diebold has behaved doesn't fit with my vision of the way democracy works." He says one of the main problems he has with Diebold is that it doesn't release its code to the public. "Any code that counts votes needs to be open to public audit," he says. He also points out that the Diebold memos reveal the company has changed its software without getting it recertified, which is a violation of federal and state laws.

Brad Clark, registrar of voters for Alameda County, admits that the voters in his county used some of this uncertified software to vote in the last two elections: a statewide recall election that installed Arnold Schwarzenegger as governor and a municipal election that was held last week. Although this would mean the two elections were held in violation of state law, he says he's not concerned: "I'm not worried, because the software is federally certified, and [state certification] is just paper shuffling." Nevertheless, the state of California is holding an investigation to look into the matter.

While we wait to find out the results of this investigation, as well as what the judge will rule in the restraining order case against Diebold, the incriminating Diebold documents just keep on circulating. Currently they're available in popular file-sharing systems like Freenet, eMule and BitTorrent. Every time a student is served with a takedown notice, it seems that three others pop up to take her or his place.

Ka-Ping Yee, a UC-Berkeley computer science grad student, started hosting the documents at the same time Hall did. As someone who studies human factors in computer security, Yee is particularly concerned about security flaws in the machines. He says his ideal E-voting system would allow "voters themselves to verify their voting record--a simple way to do this would be to give people a paper receipt of their votes." If he receives a takedown notice, Yee says he's tempted not to comply with it because "we're not breaking the law. This is fair use."

This is one of those moments when I love the Internet. Sometimes there just isn't room in my heart for irony.


Annalee Newitz ([email protected]) is a surly media nerd who is waiting for some angry security geek to hack the shit out of one of those Diebold boxes and prove to the world how truly exploitable they are.


Send a letter to the editor about this story to letters@metronews.com.

[ Silicon Valley | Metroactive Home | Archives ]


From the November 13-19, 2003 issue of Metro, Silicon Valley's Weekly Newspaper.

Copyright © Metro Publishing Inc. Metroactive is affiliated with the Boulevards Network.

For more information about the San Jose/Silicon Valley area, visit sanjose.com.