EFF Breaking News
Tech News World
Chris Rush Cohen
E.D. Tex. Weblog
Hacking the Law
Online Liability Blog
Promote The Progress
Tech Law Advisor
Tech & Marketing
Cocktail Party Physics
Freedom to Tinker
Lawyers Don't Get It
Tech Liberation Front
Numbers Guy, The
Dump & Chase
On Frozen Blog
Off Wing Opinion
View From The Cheap Seats
Regret the Error
TiVo/Gizmo Lovers Blog
Sunday, 7 November 2004
Minor mishaps underscore need for paper
Despite the rabid attacks on and religious defenses [pdf] of evoting, cooler heads after the election should admit that problems do still exist but the ones documented for this particular election were relatively minor. Minor, that is, as election-day problems go. Among the most serious problems were Ohio's mysterious phantom ballots. Had Ohio's tally been closer than 130,000, this — and similar problems in other states — might have posed a serious problem.
Proponents of evoting are singing its praises in the wake of a Supreme-Court-free election. Unfortunately, it is unknowable whether evoting really did its job. After all, the number of documented problems includes only those that we could...well...document. Of these, it does not appear that any of them, taken alone, changed the result in any state's Presidential tally.
We should not forget that (1) the undocumented problems are, by definition, more insidious, (2) election problems of all types may be cumulative, and (3) evoting did (and continues to) have problems. A mandatory paper receipt system remains a simple and relatively cheap measure that would resolve many of the remaining issues.
Tuesday, 2 November 2004
Election Night Fun
I took Donna's advice and asked for a paper ballot when I voted. (Santa Clara County uses Sequoia Voting Systems' AVC Edge touch-screen voting machines.) My buddy and I were not exactly looking for trouble, but we did go to our polling place prepared — ready to whip out a copy of Kevin Shelley's order if the poll workers gave us any trouble. (What do you expect from a couple of young lawyers with time on their hands?)
We had waited until the evening, hoping they would run out of paper ballots so we could have some fun with the situation. After standing in line for an hour, we were pleased (but, at the same time, slightly let down) to see a tall stack of paper ballots on the front desk. By this time, everyone was tired — the voters in line, the poll workers, and the volunteers — and tempers were short.
When I got to the desk, I did the only thing I could think of to lighten the mood. Rolling up my sleeve, I said, "This was the line for flu shots, right?"
Wednesday, 28 July 2004
Will Florida be the next Florida?
The New York Times reports on one Florida county's inability to keep proper election records after installing expensive new evoting machines. The money quote: "This shows that unless we do something now — or it may very well be too late — Florida is headed toward being the next Florida."
The records disappeared after two computer system crashes last year, county elections officials said, leaving no audit trail for the 2002 gubernatorial primary. A citizens group uncovered the loss this month after requesting all audit data from that election.
Saturday, 1 May 2004
California decertifies Diebold eVoting machines
California turned up the heat yesterday in the evoting controversy. The New York Times reports this morning that Kevin Shelley, the Secretary of State, conditionally decertified Diebold voting machines now in use — at least until their security is upgraded. He went so far as to accuse Diebold of "fraudulent actions" and recommended to the Attorney General that he investigate criminal and civil remedies.
It is no surprise that California is the first state to decertify evoting machines. It seems to have had the most problems with (or at least the greatest public outcry against) them. This is certainly an interesting time to be a Californian again.
Sunday, 18 January 2004
Diebold winter wrap-up
The California Voter Foundation issued a news release a few days ago that gives a nice summary of recent developments regarding adoption of evoting machines in California. I will not regurgitate the summary here, but I will highlight a theme that seems to permeate each episode. Each time Diebold betrayed the public trust, it asked Californians to take it on faith that its breach was minor, inconsequential, or, as CVF writes, merely "cosmetic." An old saying keeps coming to mind: "Fool me once, shame on you. Fool me twice, shame on me."
Friday, 9 January 2004
eVoting machines fail to record 134 votes in Broward County
Earlier this week, residents of Broward County, Florida cast votes to fill a vacant seat in the House of Representatives. Unfortunately, their shiny new electronic voting machines — which replaced the punch card system that became the bane of Al Gore's existence — failed to record 134 votes. The voting machines were made by Election Systems & Software. (Via LawGeek)
How so many happened to cast nonvotes remains a riddle. Unlike with punch cards or paper ballots, there's no paper record with electronic voting that might offer a clue to the voter's intent.
In 2000, everyone was quick to blame butterfly ballots, the archane chad-punching system, and partisan bickering for the massive confusion that reigned after the election. My new theory: Maybe it really was just the old people!
Tuesday, 6 January 2004
Diebold/DMCA summary & analysis
Monday, 29 December 2003
E-voting security firm hacked
The Associated Press reports (via Wired News) that the e-voting security firm VoteHere, of Bellevue, Washington, was hacked in October. A yet-unidentified individual gained illicit access to VoteHere's network and read internal documents and may have copied some files. Company executives reportedly blame the break-in on the recent spate of public attention paid to electronic voting. If nothing else, this episode highlights the tenuous security to which public elections might be entrusted. (Via beSpacific)
Thursday, 18 December 2003
Felons making e-vote machines
The hits just keep on coming. Wired News reprints an AP article with this provocative opening: "At least five convicted felons secured management positions at a manufacturer of electronic voting machines, according to critics demanding more stringent background checks for people responsible for voting machine software."
Several of the people at issue were hired by Global Election Systems (GES), before Diebold acquired it in 2002 and renamed the subsidiary Global Election Management System, part of Diebold Election Systems. GES Vice President Jeffrey Dean, for example, was responsible for some of the company's proprietary code that counted ballots. The problem? According to court documents, he "served time in a Washington state correctional facility for stealing money and tampering with computer files in a scheme that 'involved a high degree of sophistication and planning.'"
The greatest threat to the integrity of our democracy may come from insiders at the companies that provide our election infrastructure. Who better to manufacture that infrastructure than people who have demonstrated a willingness to commit criminal and unethical acts for money? To state it mildly, this news qualifies as cause for alarm.
Wednesday, 17 December 2003
Diebold violated California election law
California Secretary of State Kevin Shelley made an announcement today regarding the audit of the State's Diebold voting machines that he ordered. He demanded the audit after learning that Diebold had illegally installed software patches on machines used in Alameda County after those machines were certified — meaning that the software was never approved. eVoting machines in at least 17 counties were found to contain uncertified software, and Diebold now stands on the brink of losing the right to sell voting machines to the State of California and her counties. The San Jose Mercury News has the story: "Voting machine maker dinged."
Tuesday, 16 December 2003
NYT summarizes e-vote quagmire
Saturday, 13 December 2003
Cringely, part 2
Robert Cringely has released part 2 of his column on e-voting. His analysis of e-voting problems from an IT project management perspective is refreshing; it is a perspective that has been sorely lacking in the debate thus far. Links: part 1 and part 2.
Wednesday, 10 December 2003
Update: More on the Election Technology Council
Earlier today I mentioned the new trade group formed by the major electronic voting machine manufacturers when I had read only one media article about it. There is much more "out there" now. C|Net News has better coverage than the Washington Post article I linked to before. Additionally, the new Election Technology Council (under the umbrella of the Information Technology Association of America) has released a press kit with much more information.
E-voting companies collude to counter bad press
The recent wave of criticism — and especially its press coverage — has prompted several major e-voting machine manufacturers to work together to counter the negative publicity. The Washington Post has the story: "Voting-Machine Makers To Fight Security Criticism."
Something about this (although I am sure exactly what) compels me to mention PR Watch.
Tuesday, 9 December 2003
Robert Cringely on the e-vote paper trail
Robert Cringely, the venerable PBS columnist, wrote an interesting column on the lack of a paper trail in e-voting machines ("No Confidence Vote: Why the Current Touch Screen Voting Fiasco Was Pretty Much Inevitable").
Now here's the really interesting part. Forgetting for a moment Diebold's voting machines, let's look at the other equipment they make. Diebold makes a lot of ATM machines. They make machines that sell tickets for trains and subways. They make store checkout scanners, including self- service scanners. They make machines that allow access to buildings for people with magnetic cards. They make machines that use magnetic cards for payment in closed systems like university dining rooms. All of these are machines that involve data input that results in a transaction, just like a voting machine. But unlike a voting machine, every one of these other kinds of Diebold machines — every one — creates a paper trail and can be audited. ould Citibank have it any other way? Would Home Depot? Would the CIA? Of course not. These machines affect the livelihood of their owners. If they can't be audited they can't be trusted. If they can't be trusted they won't be used.Thanks go to LawGeek for the heads up.
CNet summarizes e-voting developments
Monday, 8 December 2003
Mexico threatens 3 with treason charges for data sale
The government of Mexico is threatening to charge three of its citizens with treason. They are executives of a company called Soluciones Mercadologicas en Bases de Datos, which sold a database private information on 65 million Mexican voters to ChoicePoint, an Atlanta-based database company. ChoicePoint bought the data at the behest of the U.S. government shortly after 11 Sept. 2001 to help bolster Uncle Sam's investigation of terrorism.
The database contained such private information as the number of cars owned in households and unlisted phone numbers. If nothing else, this episode highlights the incumbent dangers when a government — any government — collects massive amounts of data on its citizens without a compelling and clearly articulated purpose. What, for example, does voter registration have to do with the number of cars one owns?
The Macon Telegraph has the story: "Mexican company officials may face treason charges."
Sunday, 7 December 2003
Ohio moves to block e-voting
The State of Ohio moved to block deployment of e-voting machines last week. The move follows the release of a report [pdf] commissioned by the Secretary of State that revealed serious security flaws. Wired News reports ("Ohio Halts E-Voting Machines") that "some of Ohio's 88 counties still will be using punch-card systems for the 2004 election." Unfortunately, there seems to be no viable alternative.
Thursday, 4 December 2003
Ohio finds flaws in e-voting systems
Earlier this week the State of Ohio joined Maryland and California in criticizing the electronic voting products currently on the market. Ohio's Secretary of State announced the findings of a comprehensive study of several electronic voting systems. (Summary of Findings & Recommendations [pdf], full report [pdf]) The result: 57 potential security risks.
Diebold Election Systems had five high potential risk areas, two medium and eight low potential risk areas. [Election Systems & Software] had one high potential risk area, three medium and 13 low potential risk areas. Hart InterCivic had four high potential risk areas, one medium and five low potential risk areas. Sequoia Election Systems had three high potential risk areas, five medium and seven low potential risk areas. [Hyperlinks added]Thanks go to Ed Felton (Freedom to Tinker) for the heads up.
Johns Hopkins still bars publication of Diebold memos
Derek Slater reports the tribulations of Asheesh Laroia, a student at Johns Hopkins University. Despite never having received a cease & desist letter, JHU cut off access to the memoranda. Even after Laroia informed JHU that Diebold had retreated (1, 2), the university persisted, writing that it "cannot allow its resources to be used in violation of copyright law, whether or not the holder of the copyright (in this case Diebold) plans to prosecute."
All I can say is I am glad I am not a student there.
Monday, 1 December 2003
Crimson confirms Diebold will not sue students
Zachary Seward reports in the Harvard Crimson that a Diebold spokesman confirmed that the company will not sue students who posted internal company memoranda on the Internet ("Diebold Won't Sue Students"). Thanks go to John Palfrey for the heads up. The article has one interesting point that bears mentioning here:
In one memorandum from April 23, 1999, [a Diebold] employee acknowledges a flaw in one of the company's electronic ballots. "I don't expect you will see a fix in time for the election," the employee writes, "since it is tomorrow." Diebold will not comment on the memoranda but has said that any imperfections in their systems have subsequently been fixed.Note that this claim can be interpreted to apply only that those particular ballot problems — tailor-made plausible deniability. It does not claim to have fixed the security flaws found in two independent reviews earlier this year. In one review, researchers at Johns Hopkins and Rice universities found weaknesses that could easily allow someone to cast multiple votes for one candidate. (Report (pdf), press release) The other report, conducted for the State of Maryland, concluded that flaws exist but that they were unlikely to cause practical problems in real elections — but only if external safeguards are in place. (Report (pdf))
Also recall that Diebold is the only manufacturer of ATMs in the world whose machines have become infected with a worm.
Thursday, 27 November 2003
Worm infects Diebold ATMs
Diebold, the very same company being raked over hot coals for its authoritarian response to criticism, now has the ignoble honor of being the first ATM manufacturer to have its machines infected with a worm. (New Scientist: "Cash machines infected with worm")
The controversy over Diebold's electronic voting machines is no longer theoretical (if it ever was). This is a real-world, already-happened, no-excuses problem affecting a Diebold product very similar to its voting machines. How could this happen? Simple — Diebold's ATMs run Windows XP.
Diebold backs down
Diebold filed court papers on Monday, stating that it would not file copyright infringement suits against people who hosted and linked to the infamous cache of damaging documents. Kudos go to the Stanford Cyberlaw Clinic, which represented two Swarthmore students in their lawsuit against the voting machine manufacturer. Too bad Rule 11 does not apply to DMCA notice-and-takedown letters. You have my best wishes if you sue Diebold under anti-SLAPP laws and for intentional infliction of emotional distress.
Friday, 21 November 2003
California to require e-vote paper trail
Wired News (among others: 1, 2) reports that California Secretary of State Kevin Shelley, announced today that he will require all voting machines used in that state to produce a paper trail of all ballots by 2006. (Article: E-Votes Must Leave a Paper Trail)
Beginning July 1, 2005, counties will not be able to purchase any machine that does not produce a paper trail. As of July 2006, all machines, no matter when they were purchased, must offer a voter-verifiable paper audit trail. This means machines currently in use by four counties in the state will have to be fitted with new printers to meet the requirement.
This measure addresses one of the major problems with electronic voting machines, but other problems remain. Shelley has been active in this area recently, so he may yet address the remaining problems.
Wednesday, 19 November 2003
Kucinich slaps Diebold
Congressman and presidential candidate Dennis Kucinich (D-OH) has come out decisively in favor of civil liberties. On his Voting Rights issue web page, he posts excerpts from and links to the memoranda that Diebold has tried so hard to erase from the public hivemind. Thanks to Donna at Copyfight for the heads up.
The Congressman writes:
Stopping False Copyright Claims
Earlier today, Doug Simpson of Unintended Consequences pointed out (Article: Congressman Posts Diebold Document Excerpts) that the Speech or Debate Clause of the U.S. Constitution (Art. I, § 6, cl. 1) may put Rep. Kucinich beyond Diebold's long reach if the company should choose to serve him with a DMCA notice-and-takedown letter. This clause immunizes members of Congress from "arrest" during any speech or debate in the course of their Congressional duties or while traveling thereto or therefrom. It further provides that members "shall not be questioned in any other place" "for any speech or debate in either House" of Congress.
Doug also brings up the similarity between this hypothetical case and Brown & Williamson Tobacco Company v. Williams, 62 F.3d 408 (D.C. Cir 1995), where a paralegal working for the law firm representing B&W (a tobacco company) leaked juicy documents to the press and to Congress. In this decision, the D.C. Circuit Court affirmed the District Court's quashing of the subpoena served on Rep. Waxman by B&W. Doug asks, "Can we expect Diebold to send Congressman Kucinich a cease and desist letter, with a takedown notice to the ISP hosting [his web site at] House.gov? I'd like to be a fly on the wall when those arrive."
Tuesday, 18 November 2003
History of voting technology
Amid the Diebold controversy, it is interesting to take a step back and ponder how we reached this point. Thanks to a post in LawMeme, I found this fascinating history of voting technology in America. The web site was compiled by Rachael Deane, on behalf of Dr. Jeffrey McClurken for a course at Mary Washington College.
Court hears Diebold arguments
Declan McCullagh reports on C|Net that the U.S. District Court in San Jose, California heard arguments in the case brought by students and the Electronic Frontier Foundation (EFF) against Diebold Election Systems. (Article: Students fight e-vote firm's DMCA claims)
As discussed here (1, 2) and elsewhere, Diebold manufactures electronic ("touch screen") voting machines. Students at Swarthmore launched what has since become a widespread electronic civil disobedience movement. Internal Diebold documents indicating mismanagement and a lack of security were publicly distributed, and protesters sought to bring them to the fore of public debate while Diebold sought to repress them, by sending threatening letters under the notice-and-takedown provision of the Digital Millenium Copyright Act (DMCA). There are also other political concerns, which Declan summarizes concisely:
Diebold gave at least $195,000 to the Republican party during a two-year period starting in 2000, and its chief executive, Walden W. O'Dell, once pledged to deliver Ohio's electoral votes for President George W. Bush. Earlier this month, California started an investigation into whether Diebold had improperly installed software into Alameda County's machines that had not been certified.
Up to this point, Diebold has been maintaining a stern face on the copyright front while hedging its bets behind the scenes by claiming that it could not tell whether any or all of the documents at issue had been altered. In court filings in the present case, however, it wrote, "Wholesale publication of unpublished, stolen materials, with no transformation or creativity and nothing other than a request that others download them in their entirety, is infringement, not fair use." This sounds to me like an admission that the documents are authentic. There goes Diebold's plausible deniability when it defends its products in the court of public opinion.
Thursday, 13 November 2003
Diebold & Democracy
The venerable Mary Hodder over at bIPlog gives us a terse summary of the goings on in California, with respect to Diebold Election Systems. (Article: Diebold Latest: The Effects of Student Spread Memos on CA Secretary of State) More importantly, I cannot overstate my support for her synopsis of the implications this affair holds for the future of American democracy.
Mary hit the nail on the head when she wrote:
[S]tudents at Swarthmore, followed by students at many other institutions…in spreading the Diebold memos around, have accomplished the goal of causing those with review power over Diebold systems to take another look at Diebold's work. … Even if the review doesn't cause the state to discontinue using Diebold systems or require severe changes (and I'm sure the pressure is enormous TO certify), the fact is the memos raise disturbing issues and the review is very necessary. If companies providing services of this sort feel that they can quash documents out on the Internet by using the DMCA, if Diebold succeeds on this point, we and our democracy will be the poorer for it.
The Diebold affair neatly illustrates two points. First, it shows the unconscionable overbreadth of the Digital Millenium Copyright Act (DMCA) — in this case, the "notice and takedown" provision. Second, it underscores the growing relevance of the blogosphere to national politics. The activists hosting the internal Diebold memoranda that triggered this affair deserve the lion's share of the credit for bringing this issue to light. Bloggers deserve the credit for keeping it there. While bloggers were giving the issue its due, the mainstream press was comparatively slow to report the acts of civil disobedience at Swarthmore and elsewhere. Bloggers can force the media to pay attention to important issues. We can force public officials to take notice. We can make a difference.
Tuesday, 4 November 2003
Diebold's reaction to California's prudence
California election officials at the state's State Department added fuel to the fiery blogosphere two days ago, when they announced they would halt the certification process for new voting machines manufactured by Diebold Election Systems. The announcement came in the wake of multiple, independent, public revelations that the software running the machines is horribly insecure and Diebold's infamous attempts to squelch public discussion of the issue. (Sources: 1, 2, 3) Amazingly, the blog furor has apparently overlooked one interesting bit. A recent Wired News article mentions the reaction of Diebold officials who attended the meeting where the State Department announced its decision. (Article: Calif. Halts E-Vote Certification) Quoth the article: "Diebold officials, who were attending the meeting, seemed surprised by the announcement and expressed displeasure to several panelists afterward that it had been introduced in a public forum. They were unavailable [after the meeting] for comment."
Is anyone surprised that Diebold's chief concern was the public nature of the announcement and not the problems underlying it?
NYT summarizes Diebold brouhaha
Yesterday the New York Times (NYT) published an excellent overview of the situation that Diebold Election Systems has created for itself. (Article: File Sharing Pits Copyright Against Free Speech) (See my previous blog entries on Diebold: 1, 2, 3, 4.) The crux of the summary:
Diebold Election Systems, which makes voting machines, is waging legal war against grass-roots advocates, including dozens of college students, who are posting on the Internet copies of the company’s internal communications about its electronic voting machines.
Monday, 27 October 2003
AP picks up the Diebold story
The Associated Press has picked up the story of Diebold's cease & desist demands under the DMCA. (Article: Diebold threatens publishers of leaked electronic-voting documents.) This should lead more mainstream news outlets to carry the story, beyond the paltry few that have carried it thus far (1, 2, 3). This could be the third major story with national political implications broken in the blogosphere after the mainstream press ignored it.
Sunday, 26 October 2003
Update: Indirect linking & the DMCA
Today, LawMeme asked essentially the same question I asked on Friday. I cannot link directly to the LawMeme article, in order to preserve the experiment I proposed on Friday (due to trackbacking effects). You can find it easily, however. The title is "How Direct is Too Direct When It Comes to Hyperlinks?," the author is James Grimmelmann, the publication date is 26 Oct 2003, and the category is copyright.
Friday, 24 October 2003
Indirect linking & the DMCA
Ed Felton asks an important question over at Freedom to Tinker. As first blogged by Ernest Miller, Swarthmore has begun suspending the Internet accounts of students who link to the Why War? web site, which maintains direct links to the infamous Diebold memos. (See my previous blog entries on Diebold: 1, 2, 3.) While Seth Finkelstein points out the potential dangers of linking under Rameirdes (the DeCSS case), Ed notes that Swarthmore has escalated the danger by punishing students who link indirectly to the Diebold memos. The college is shutting down web sites that link to a site that links to the memos. What, Ed asks, is the limit? His article links to Ernest's article, which links to Why War?, which links to the memos. How many intermediate links would Swarthmore require before its students may exercise their free speech rights?
Ed offers the opportunity to test the waters by linking to his page, which is two steps removed from the memos. I deliberatetly avoided linking this article to any page "closer" to the memos than Ed's blog, to increase the chain by one. Anyone at Swarthmore feeling lucky?
Thursday, 23 October 2003
Mark Fingerman posted a comment asking some good questions about my entry on the propriety of using copyright to quell criticism ("Diebold detractors defy DMCA desist demands"). I will try to answer them all here.
First, whether Bill Gates "should be allowed to profit from" software that he designs. Of course! The law should forbid people to profit from their labor only in rare circumstances — like murders for hire. Should Ford be allowed to sell cars at a profit? And Dole to sell pineapples? Surely, no one would argue that these companies are not permitted to build and grow physical products with their own factories and land, then place those items in the stream of commerce. The difference is that cars and pineapples are physical goods, which are rivalrous, meaning that only one person can consume them at any time (and, in the case of pineapples, only one person can eat a pineapple before it becomes useless to everyone else). Software is a nontangible good, which can be copied and used by two or more people at the same time — so if you copy my Office 2002 CD, my enjoyment of the software is not diminished. That is where copyright law comes in: the law erects an artificial barrier to some activities to imbue nontangible goods with some of the same qualities that allow producers to profit from tangible goods. (Note that "artificial" sometimes carries a negative connotation, but that is not what I intend here. I mean that a legal barrier does not exist in a "natural" world without laws.)
Second, on "intermediate" products of a copyrightable nature. Surely, Tom Clancy holds a copyright in chapter 1 before he finishes writing chapter 12. Copyright law protects the expression in any creative work beginning at the instant it is "fixed in a tangible medium of expression." Courts have interpreted the term "tangible medium of expression" broadly, as anything that can hold information in a stable form for a measurable period of time — e.g., paper, rock, clay, glass, wood, magnetic disks and RAM. Section 101 of the Copyright Act defines the moment of fixation:
A work is "fixed" in a tangible medium of expression when its embodiment in a copy or phonorecord, by or under the authority of the author, is sufficiently permanent or stable to permit it to be perceived, reproduced, or otherwise communicated for a period of more than transitory duration.
The Copyright Act does not distinguish between "finished" and "unfinished" works, and the copyrights in intermediate stages of production can be analyzed separately from the copyright in a finished work. Normally we need not bother, because the copyright in the finished product is much more valuable and is the focus of disputes that arise.
Next, Mark takes exception to my claim that "The public enjoys the right to make 'fair use' of copyrighted works — especially for purposes such as criticism, satire, parody, scholarly analysis, and other uses that are necessary to preserve unfettered public debate and preserve the liberty of free expression." He asks, "So the public has the right to break into your home, steal your private correspondence, and publish it 'especially for purposes such as criticism, satire, parody, scholarly analysis...?' Can I rob a bank for the purpose of holding them up to 'scholarly analysis?'"
The answer, of course, is no, because the actions you describe are crimes and torts. Diebold has clear legal remedies against the person who broke into its computer network. It can sue him for, among other claims, trespass, theft of trade secrets, and interference with business relations. It can also press criminal charges under the Computer Fraud & Abuse Act. Take note that Diebold has done none of these legitimate things. Instead, the company has taken aim at people who have, unquestionably, never committed a crime or tort against it. The harm that Diebold fears is not further loss of trade secrets (these "secrets" are already public knowledge so, by definition, they are no longer trade secrets). Rather, it is trying to use copyright law to stymie discussion its products after the public has learned of their flaws.
The Lanham Act, the foundation of American trademark law, explicitly allows us to reproduce trademarked words, phrases, and symbols for the purpose of discussing the products they represent. This limits the general rule that reproducing a trademark without permission is infringement, and it is necessary to avoid rendering the trademark regime unconstitutional under the First Amendment. If we can write Diebold's name but cannot discuss its products, then the limitation is meaningless. Forcing the public to discuss the voting machines' shortcomings without sufficient supporting facts is tantamount to the same thing. Yes, the person who "stole" Diebold's documents should be held responsible, if Diebold chooses to press the issue. The general public, however, should not be held responsible for one person's wrongdoing.
Finally, the questions "Is Diebolds product better than hanging chads? And did Diebold provide what the state requested?" I take it, you are referring to the Georgia election I discussed in a previous article. For all the reasons stated in that article: no, Diebold's products (in their current form and with current election laws) are not better than hanging chads. And no, it did not provide what the state requested. The state certified the machines prior to the election, according to its laws. Sometime thereafter, Diebold made changes to its software and did not disclose that changes had been made — let alone the content of those changes — to anyone. There has been no allegation that these particular changes compromised the election, but one can easily imagine a scenario where such changes would cause problems. If the government is not informed of the changes and has no opportunity to examine them, what is to stop Diebold or another manufacturer from changing every tenth Republican vote to a Democratic one?
I sympathize with Diebold's problems. Nobody likes criticism. It invested a lot of time and money in developing its touch-screen voting machines, and it wants to prevent that work from being wasted. But we live in a democracy that values the integrity of its elections and a capitalist economy that values the operation of market forces in an environment of as-nearly-perfect-as-possible information. Diebold could subvert the first and has subverted the second.
Wednesday, 22 October 2003
Diebold detractors defy DMCA desist demands
As I explained in a previous article (E-lection security in Georgia), the voting machine products and related services sold by Diebold Election Systems raise serious election-integrity concerns. After a hacker broke into Diebold's computer network and downloaded ("stole," in Diebold's words) several internal memoranda, he distributed those documents widely, including some copies to journalists and activists. The compromising documents confirm that the company has known of its voting machines' shortcomings for some time. Embarassed, Diebold played the great American trump card, the lawsuit.
Diebold has sent an unknown number of "cease and desist" letters to people who posted the documents on their web sites. The letters threaten that the company will sue under the Digital Millennium Copyright Act (DMCA) if the recipient does not promptly remove the offending memos from his web site. Diebold (correctly) insists that it owns a copyright in those documents and that they are being publicly displayed without permission. It then invokes the provision of the law which requires Internet Service Providers (ISPs) to remove material that infringes a copyright promptly upon being notified of its presence on its servers. Any webmaster who does not take down the memos, Diebold threatens, will soon stare down the barrel of a copyright infringement lawsuit.
How is this wrong? Let me count the ways.
Copyright law, including the DMCA, is intended to give authors and artists a chance to earn rewards for their creative work. It grants them the exclusive rights to copy, distribute, perform, and publicly display their literature and art. In the U.S., the rationale behind copyright goes like this: if an author has the legal right to prevent others from doing these things, he will hold a limited monopoly on his own work and will be able to derive income from it. In Europe (and especially in France), the rationale is different: authors and artists are naturally and morally attached to their work, and this attachment endows them with the right to control the distribution and use of their work. Diebold, on the other hand, has never had the intention of profiting from the writings at issue. In fact, these writings harm Diebold's profit interests because they expose flaws in its revenue-generating products. The company's desire to suppress public discussion of these documents is understandable, but its method of suppressing them bends copyright law past the breaking point.
Copyright law has always granted only a limited monopoly to authors. The public enjoys the right to make "fair use" of copyrighted works — especially for purposes such as criticism, satire, parody, scholarly analysis, and other uses that are necessary to preserve unfettered public debate and preserve the liberty of free expression. These limitations on the copyright monopoly are deeply affected with First Amendment interests, and they are the Copyright Act's last line of defense against constitutional challenges. See, e.g., Eldred v. Ashcroft, 123 S.Ct. 769, 154 L.Ed.2d 683 (2003).
It is axiomatic in First Amendment jurisprudence that "political speech," broadly defined, is at the core of what the Amendment protects. Few, if any, topics are more fundamentally political than the process by which citizens in a democracy elect their government's officials. As states and counties update their voting machinery in the wake of the 2000 Presidential election debacle and the California recall lawsuit, most of them are adopting (or at least considering) "touch screen" machines like Diebold's. In perhaps ten to 15 years, all American elections will be conducted on such machines. Diebold, by choosing to manufacture and sell voting machines, has thrust itself into the the election process and made itself a focal point of public debate. Unfortunately, the company has asserted its copyrights for the sole purpose of stifling the public discussion that is so vital if our communities are going to adopt the best election machinery and conduct the fairest possible elections.
Civil libertarian organizations like the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) are fighting to protect the public's right to access, read and discuss documents that directly affect the right to vote. Without public discussion, our communities might buy inferior equipment, and future elections would be tained with, at best, inefficiency and, at worst, fraud and corruption. Two brave groups of students at Swarthmore College are engaged in an "electronic civil disobedience" campaign to thwart Diebold's machinations. The groups, Why War? and the Swarthmore Coalition for the Digital Commons (whose web site Diebold has, at least temporarily, succeeded in shutting down), have organized a network of students and others who are willing to host the Diebold documents for at least a short time. Why War? maintains a web page with links to the "current" location of the documents, and the location changes as soon as Diebold sends another cease and desist letter. Efforts like this give life to John Gilmore's prescient statement, "The Net treats censorship as damage and routes around it."
We should support efforts like Why War?'s not only because they bolster the long-term integrity of the American electoral system (their narrowest goal) but because they also enable the free exchange of ideas (their broadest goal). The First Amendment embodies some of the most fundamental rights and liberties that our society recognizes. Pinching them through copyright law can only hurt our society.
Tuesday, 14 October 2003
E-lection security in Georgia
The issue of election integrity has gained widespread public attention since the 2000 Presidential election debacle. Demagogues have taken up electronic voting systems as the silver bullet to cure all the ills of paper-based elections. While it is true that electronic systems do eliminate some problems, they introduce just as many — which are not solvable with current technology and election laws.
It has been apparent for some time that electronic voting systems lack sufficient safeguards to guarantee their security and integrity. David Dill, a computer science profesor at Stanford, has been pointing out these flaws for over a year now. For example, the companies that produce "touch screen" voting machines guard their equipment (both hardware and software) as trade secrets. Very little information about the equipment (beyond marketing literature, of course) is available to the public or to local election authorities before they enter contracts with these companies to provide products and services. The methods of keeping ballots physically secure and safe from hacker-tamperers are proprietary information in this burgeoning industry. In other words, the public is not permitted to know how their elections are being kept secure. Furthermore, there is ample opportunity for deliberate tampering with election results from the inside.
No balloting machine currently on the market creates a hard copy of a ballot as it is cast. This would require installing a printer in each machine, which would increase the machine's cost, or connecting each machine to a central printer, which would destroy the secrecy of the ballot. Either way, the local jurisdiction must absorb the additional costs of printing (paper, ink, and maintenance on the printers). So why is a paper trail necessary when the point of these machines is to decrease costs while improving accuracy? Because the balloting machines' software is proprietary, nobody outside the company that manufactures it knows what it is doing. A first-year programming student could write a program that displays input from a keyboard on a screen while recording different information on a disk. A voter might press the button for Gray Davis and see his name on the screen, but Arnold Schwarzenegger's name could be recorded. If the voter cannot see a paper record to verify his vote, there is no way to ensure that the proper votes are being recorded. These paper ballots would be verified by each voter in the polling booth, then secured in a locked box in much the same way that paper ballots are stored now. Without paper records, it is impossible to link individual voters to individual ballots after the election, if tampering is suspected. Paper ballots remain intact long after the election, making investigations and hand recounts possible.
It is a long-shot that anyone would ever fix an election in the U.S., you say? Maybe. But this is a live issue right now. Diebold Election Systems had its software certified by Georgia's election commission in advance of that state's 2002 gubernatorial election. Diebold then altered the software before the election without telling anyone! Diebold seems to have made the changes in response to reports that its machines were insecure and unreliable. Perhaps, but the move was awfully suspicious, considering that the election resulted in an upset and was decided by a very slim margin. Only a few votes would have to be altered to change the outcome and, without a paper trail, those few votes would be impossible identify. Wired News reports this story here.