TECHSPLOITATION: Die, Diebold, Die!
Annalee Newitz, AlterNet, November 12, 2003
In yet another stunning example of how the Digital Millennium Copyright Act can be abused, voting-machine manufacturer Diebold has issued a series of cease and desist orders to college students protesting the company's shoddy and irresponsible business practices. Several weeks ago an anonymous whistle-blower leaked several years' worth of Diebold internal e-mails on the Internet. Shockingly, these documents revealed that software engineers and sales staff were fully aware Diebold voting machines had troubling memory problems and multiple security vulnerabilities.
Political Web site Why War? posted a list of all the places where you can download these memos (http://www.why-war.com/features/2003/10/diebold.html
), along with choice excerpts from them. Soon after people began hosting the Diebold files on their machines, however, the company started sending out cease and desists -- known as "takedown notices" -- claiming that posting the documents amounted to a copyright violation.
The idea was that Diebold internal memos were copyrighted material and that somehow posting them elsewhere was like pirating. While many attorneys and civil liberties groups question this use of the DMCA, these takedown orders are nevertheless tantamount to censorship. The person receiving the notice must immediately remove the material or risk a lawsuit. Since most of the individuals hosting the documents were university students who had put them on their schools' servers, they had little choice but to comply.
Working jointly, the Electronic Frontier Foundation and Center for Internet and Society Cyberlaw Clinic at Stanford Law School are defending one ISP, the Open Policy Group, which refused to comply with Diebold's takedown notice and continues to host the files. The legal organizations have requested a restraining order against Diebold that would forbid the company from harassing people with legal threats that represent a misuse of copyright law. A judge will hear the case Nov. 17.
Three students at UC Berkeley were hosting the Diebold files on school computers. One, Joseph Hall, a graduate student at Berkeley's School of Information Management, received a takedown notice two days after he put the files online Oct. 28. He says he risked a lawsuit because "I want this information out there. The way Diebold has behaved doesn't fit with my vision of the way democracy works." He says one of the main problems he has with Diebold is that it doesn't release its code to the public. "Any code that counts votes needs to be open to public audit," he says. He also points out the Diebold memos reveal the company has changed its software without getting it recertified, which is a violation of federal and state laws.
Bradley Clark, registrar of voters for Alameda County, admits his county used some of this uncertified software in the last two elections: a statewide recall election that installed Arnold Schwarzenegger as governor and a municipal election that was held last week. Although this would mean the two elections were held in violation of state law, he says he's not concerned: "I'm not worried because the software is federally certified and [state certification] is just paper shuffling." Nevertheless, the state of California is holding an investigation to look into the matter.
While we wait to find out the results of this investigation, as well as what the judge will rule in the restraining order case against Diebold, the incriminating Diebold documents just keep on circulating. Currently they're available in popular file-sharing systems like Freenet, eMule, and BitTorrent. And every time a student is served with a takedown notice, it seems three others pop up to take her or his place.
Ka-Ping Yee, a UC Berkeley computer science grad student, started hosting the documents at the same time Hall did. As someone who studies human factors in computer security, Yee is particularly concerned about security flaws in the machines. He says his ideal e-voting system would allow "voters themselves to verify their voting record -- a simple way to do this would be to give people a paper receipt of their votes." If he receives a takedown notice, Yee says he's tempted not to comply with it because "we're not breaking the law. This is fair use."
This is one of those moments when I love the Internet. Sometimes there just isn't room in my heart for irony.
Annalee Newitz is a surly media nerd who is waiting for some angry security geek to hack the shit out of one of those Diebold boxes and prove to the world how truly exploitable they are. Her column also appears in Metro, Silicon Valley's weekly newspaper.