E-Voting Firm Threatens Ed Felten If He Reviews Its E-Voting Machine

from the well-that's-comforting dept

Tue, Mar 18th 2008 7:34am — Mike Masnick

Many of the folks around here are surely aware of the name Ed Felten, the Princeton professor who runs the fantastic blog Freedom To Tinker, and who has been involved in a number of important technology news stories over the years. One of the first that brought him to much wider attention in the tech community happened back in 2001. The recording industry had set up a contest, asking anyone to try to hack its SDMI DRM offering. The idea was to prove that SDMI was a perfectly good DRM. But, of course, like every other DRM, it had its faults, and Felten and some of his researchers figured them out. That's where things got ridiculous. Despite the fact that the recording industry had told people to try to hack SDMI, when Felten went to present the paper, he was threatened with a lawsuit for breaking the anti-circumvention clause of the DMCA. Eventually, after a ton of public pressure, the recording industry backed down, but Felten's name was cemented in the minds of many in the tech industry as a fighter for freedom of speech and, more importantly, the freedom to tinker.

It would appear that the folks at Sequoia, one of the big three e-voting firms out there, is somewhat unaware of this aspect of Felten's past. In the past few years, Felten has been one of a few top computer science experts who have been picking apart the problems with e-voting machines. His freedom to tinker with such machines has broken numerous stories revealing serious problems with the machines that many suspected, but were unable to confirm, since the e-voting firms kept the machines so under wraps. In publicizing these flaws, Felten has become one of the go-to guys when various governments are reviewing e-voting machines, so it should come as no surprise that election officials in New Jersey (where Felten lives and works) would be interested in having him run some tests on a Sequoia e-voting machine that they're looking at using in future elections.

This seems perfectly reasonable -- and if you're an e-voting company like Sequoia, it should also be a perfect way to build more trust in your machines, telling people that they've been reviewed by some of the top experts in the field who found nothing wrong with them. Except... that's not how execs at e-voting companies seem to think. Sequoia has, instead, sent a threatening email to Felten, saying that election officials who sent a machine to Felten would be breaking the state's terms of service with Sequoia, and that the company has:

"retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis. We will also take appropriate steps to protect against any publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property."

Yes, this is quite reminiscent of the recording industry's threats to Felten in 2001. Hopefully this situation ends similarly -- with Sequoia backing down quite publicly and apologizing. It's disgusting that such a firm would threaten a well-respected researcher with lawsuits just for checking on the security of an e-voting machine. This is worse than the recording industry situation. This is about the sanctity of our democratic elections. For Sequoia, a firm entrusted with our elections, to threaten someone for merely testing its product to make sure it lives up to necessary standards is terribly worrisome. It should call into question any locality that chooses to make use of Sequoia e-voting machines.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: copyright, dmca, e-voting, ed felten, intellectual property, new jersey
Companies: sequoia

35 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Hellsvilla, 18 Mar 2008 @ 7:46am

Welcome to the future
Welcome to the future. The year is 1984, and its currently 24 years behind schedule, so you may want to keep out of its way.
[ link to this | view in chronology ]
piperonal, 18 Mar 2008 @ 8:28am

leave, while we still can
How many Germans bailed in the years between Hitler's rise and WWII?
[ link to this | view in chronology ]
Anonymous Coward, 18 Mar 2008 @ 8:30am

Imagine if 'Motoring Magazine' faced a lawsuit by Ford for testing their vehicles for front-end impact safety because they 'might' point out a flaw or deficiency.

The government should be doing more to stamp down these ridiculous threats.
[ link to this | view in chronology ]
- Mike Kinney, 18 Mar 2008 @ 8:54am
  
  Re: The government should be doing more...
  My friend, the point is that they WANT to be able to control the e-voting machines. THEY want to be able to elect whomever they wish to in order to get the 'right' minded people in this ever faltering and vastly overgrown government. Right minded in this case means 'like' minded.
  
  We need to go back to manual tallying. Even then we face the potential buyouts but at least it's not fixed from the start and completely untrackable.
  [ link to this | view in chronology ]
- Pat Ondabak, 18 Mar 2008 @ 10:13am
  
  Re:
  Great analogy!
  [ link to this | view in chronology ]
- Russell, 18 Mar 2008 @ 4:58pm
  
  Re: A. C.
  Yes the government should protect the truth instead of the tel-coms for invading our privacy.
  [ link to this | view in chronology ]
  - inc, 18 Mar 2008 @ 11:50pm
    
    Re: Re: A. C.
    huh?... wtf?
    [ link to this | view in chronology ]
- Orbeli, 19 Mar 2008 @ 5:02am
  
  Testing voting machines
  Let's leave the government out of this sort of situation as long as we can. If regs are not already in place to protect those testing the voting machines, there'll be plenty of time to introduce appropriate legislation. Lining up concerned, important Senators and Representatives is, of course, not a bad idea -- the publicity may be enough to make Sequoia have second thoughts about proceeding against Prof. Felten .
  [ link to this | view in chronology ]
Woadan, 18 Mar 2008 @ 8:31am

Wow! If this isn't justification for IP review, what is?

Since these companies wouldn't be selling a damned machine without the government buying them (where else would they sell expensive voting machines?), maybe these government bodies would be best-served by adding in contract clauses that allow them to have these machines inspected by whatever experts they deem appropriate, and once certified, the code is locked, and becomes the property of both the voting machine company AND the government body.

Voting is so important, and it seems strange to me that the government (any local, state, or federal body) doesn't try to enlist something like Harvard or Carnegie Mellon to develop the code for the machines.

Why not have one company make the hardware, and another the software? Separation may make it more complex, but not needlessly so. And it means the two parties have to work together to make a working and safe/secure product.

Just spit-balling, but it seems we have allowed it to be less safe and thus more problematic than it needs to be.

Woadan
[ link to this | view in chronology ]
- Lohocla, 18 Mar 2008 @ 10:24am
  
  Reviews
  Shame, even vegas has to comply with that shit for their electronic gaming equipment, no one's bitching (much) there.
  [ link to this | view in chronology ]
Don't Buy it, 18 Mar 2008 @ 8:34am

If you can't look under the hood
"It should call into question any locality that chooses to make use of Sequoia e-voting machines."

All the government has to do is say, 'Sequoia, accept our independent testing regimen or take your business elsewhere'.

The either comply or simply end up with a product no government is willing to buy.
[ link to this | view in chronology ]
The Mighty Buzzard, 18 Mar 2008 @ 8:35am

Never Ascribe...
Please, I think the tinfoil hat has seriously screwed up your brain. Sequoia's actions have nothing to do with wanting to control people's actions at large and everything to do with not wanting people to find out they half-assed a job. They're not the government, they're a private company, you twit.
[ link to this | view in chronology ]
- Mike (profile), 18 Mar 2008 @ 10:35am
  
  Re: Never Ascribe...
  They're not the government, they're a private company, you twit.
  
  They're a private company looking to run an election for the gov't. Thus, they should be reviewed clearly.
  [ link to this | view in chronology ]
Syn-Ack, 18 Mar 2008 @ 8:41am

Just Hire Him
Why doesn't one of these firms just hire the guy themselves first? It'll save them a lot of heartache, bad publicity, and lawyer fees.
[ link to this | view in chronology ]
Overcast, 18 Mar 2008 @ 8:59am

Please, I think the tinfoil hat has seriously screwed up your brain. Sequoia's actions have nothing to do with wanting to control people's actions at large and everything to do with not wanting people to find out they half-assed a job. They're not the government, they're a private company, you twit.

http://www.bbvforums.org/forums/messages/8/70403.html

And..

Sequoia Leadership - Jack A. Blaine currently serves as President of Sequoia Voting Systems and its parent company Smartmatic Corporation. Prior to his tenure at Smartmatic, he served as Executive Vice President of Unisys Corporation and President of Worldwide Sales and Services. Earlier, Mr. Blaine served in management roles for the Ford Motor Company and as a U.S. Naval officer.

And... (http://answers.google.com/answers/threadview?id=589189)

http://www.vcrisis.com/index.php?content =letters/200508141135
-- DO NOT FAIL TO READ THIS EXTREMELY INFORMATIVE INVESTIGATIVE REPORT --

According to the Miami Herald and Ochoa’s research, aside from the
apparent connection to the Venezuelan government, Ochoa said, “unknown
Venezuelan investors, operating via proxy European ventures, could
indeed be the controlling power behind Smartmatic.”

The legacy of Smartmatic is a tangled web indeed that has led
investigators to Switzerland, Amsterdam, The Netherlands, Italy, South
America and elsewhere in an effort to solve the riddle. Obviously I
have no knowledge about this personally and I am relying on The Miami
Herald and Orlando Ochoa’s published research on the matter as two of
my primary sources. Having said that, Ochoa’s research clearly
suggests that while many of the individual players in this soap opera
are largely concealed, it isn’t too far fetched to conclude that, due
to the obviously intimate connections, the Venezuelan government most
likely has a major controlling interest in Smartmatic Corporation.

*********
http://www.vcrisis.com/index.php?content=letters/200508141135

Follow the links... maybe if you really do a little research, you'll find it's not as clear as you might think.
[ link to this | view in chronology ]
Overcast, 18 Mar 2008 @ 9:02am

Plus - you know, if they are a private company they should have no problems with 'transparency' when doing a service for the US Government - who, is supposedly "The People" in spite of what the media spins anymore.
[ link to this | view in chronology ]
techsyn, 18 Mar 2008 @ 9:08am

DRM
This is just another example of the misuse of DRM.

DRM for internal use is great, but not for items being sold or given away, such as being posted for public view on the internet, and especially not for something as important as e-voting.

Testing of e-voting machines should be required by the government to make sure no tampering or hacking of any kind can be done to insure proper results when they are put to use. These machines are not just for government officials or electoral groups, but are for all people within a given state or nation.
[ link to this | view in chronology ]
Gary McGath, 18 Mar 2008 @ 9:15am

Sequoia has effectively confessed to having untrustworthy technology.
[ link to this | view in chronology ]
Ken Chan, 18 Mar 2008 @ 9:43am

non-compliant analysis
WTF? I suppose if you dictate the terms of the examination, you will always pass.
[ link to this | view in chronology ]
- Nicole, 30 Jul 2016 @ 9:19am
  
  Re: non-compliant analysis
  The email is not particularly articulate. The expression "non-compliant" refers to the analysis. So they are complaining about the analysis not being compliant with something. Perhaps the author meant "non-compliance analysis".
  
  Would this be enough to tell them to take a long walk off a short pier?
  [ link to this | view in chronology ]
Anonymous Coward, 18 Mar 2008 @ 10:00am

f that!
[ link to this | view in chronology ]
mike allen, 18 Mar 2008 @ 10:15am

to coin a phrase
If you got nothing to hide so whats this firms softwear got to hide I KMOW FIX FIX FIX So we can only assume the machines are flawed.
[ link to this | view in chronology ]
Ima Fish, 18 Mar 2008 @ 10:16am

Sequoia seems to be under the impression that anyone cracking into one of their machines would only do so under a compliant manner. Someone should teach the powers at be at Sequoia that crackers only follow one rule: Crack by any means necessary.

It's simply asinine to test the security of a device under ridge rules when no one follows those rules in the real world, especially the bad guys!
[ link to this | view in chronology ]
PRMan, 18 Mar 2008 @ 10:28am

The Governor of New Jersey should send him a pardo
Send him a pardon letter in advance and let him at it.
[ link to this | view in chronology ]
bubba, 18 Mar 2008 @ 10:37am

so....
somebody will eventually go into a voting booth one day, hack a machine and take a picture...or some other proof...i wonder if the machine itself is really the problem though, where do they upload the voting counts too?

most lawyers though really deserve a good kick in the head...
[ link to this | view in chronology ]
stan smith, 18 Mar 2008 @ 10:56am

thats what you get
let one republican jackass steal 2 elections and thats what you get, serves you people right, welcome to the soviet states of america.
[ link to this | view in chronology ]
Cubicle Crusader, 18 Mar 2008 @ 11:55am

...
I love how most of the techdirt articles you have to read through a bunch of crap before you get to the facts or the subject of the story. Stop sensationalizing and get to the point.

We don't have all day, sitting in our cubicles, for this crap.
Oh wait... never mind...
[ link to this | view in chronology ]
Jake, 18 Mar 2008 @ 12:04pm

In fairness to Sequoia, I can understand them not wanting proprietary technological information reaching the public domain, and you could even argue that it's a technical violation of the warranty. I'd have thought however that a well-respected academic would have more sense than that, as Sequoia ought to know.
[ link to this | view in chronology ]
- DanC, 18 Mar 2008 @ 1:17pm
  
  Re:
  understand them not wanting proprietary technological information reaching the public domain
  
  Then they shouldn't be making voting machines. Basically, Sequoia is saying that we should just trust that their voting machines are secure without any objective testing. In other words, we should just take their word for it.
  
  Among the various flaws discovered in Sequoia's machines while being used for elections are incorrect time stamps, uncounted votes, random freezes, read errors, the ability for a person to vote multiple times, etc. When these flaws were discovered, their typical reaction has been to blame voters, election officials, basically anyone or anything except the machine responsible for the error.
  
  Sequoia was also directly responsible for the massive miscounting in the 2000 Florida presidential election, as they delivered unusable punch cards, and then proceeded to try and cover up the fact.
  
  They previously fought a lawsuit in Florida that would have forced them to reveal their source code when serious problems concerning their machines were discovered.
  
  Other serious flaws in their security model were discovered when California investigated the Sequoia source code in 2007, which was discovered on an unprotected web page.
  
  This is a company that is more concerned with trying to salvage their reputation than build a quality product. They are attempting to suppress criticism of their so called "tamper-proof" voting machines. They seem to be happy with the status quo; i.e. discover their system flaws during actual elections, and perform damage control.
  
  I think it is decidedly unfair that voters are expected to trust their vote to a company with a history of false claims, faulty products, and unethical behavior. Source code examination and third party testing should be mandatory for any company providing electronic voting machines to a state or federal government.
  [ link to this | view in chronology ]
  - Ima Voter, 18 Mar 2008 @ 3:37pm
    
    Voting Machines
    That is right. Obscurity Does not Equal Security.
    [ link to this | view in chronology ]
- Anonymous Coward, 18 Mar 2008 @ 5:31pm
  
  Avoiding a rerun
  I think they are trying to avoid a repeat of what happened in California-- where a detailed report on the workings of their machine and its vulnerabilities was published.
  I suppose the NJ county that is trying to get Ed Felton do the audit can hire him and keep the report in-house. Less embarrassing until the county drops the company as a result of the in-house report.
  
  If one is serious about reliability and security, it looks like there are two choices. One is to use proprietary code/hardware that is reviewed/audited extensively by independent experts. These experts could possibly include programmers hired by political parties as part of their voter observer teams...
  The other choice is open source. Less fuss on accessing the source code.
  [ link to this | view in chronology ]
KD, 18 Mar 2008 @ 12:12pm

Send them all back...
Mike Kinney (reply #8) has it right -- the votes should be counted manually. There is no reason we can't wait a few hours or a day for election results. We don't need the fancy electronic voting machines.

If we decide that we absolutely need the quick tallies, then the only kind of machines we should accept are ones that optically scan and count hand-marked paper ballots, which can be counted manually for audit purposes. And a few percent of the precincts should be audited every election at random.

With manual ballot counting, it is possible to rig elections, but you have to do it retail -- each precinct separately. With electronic ballots, someone can rig the elections wholesale, by corrupting the programming that gets distributed to all the machines.
[ link to this | view in chronology ]
Joe Krahn, 18 Mar 2008 @ 12:28pm

E-voting could be very good if done right
E-voting could be the best solution if done right. Voters could leave with receipt containing a vote "hash" that would allow each voter to verify that their individual vote is in the result database. Ideally, the vote should be securely transmitted to multiple remote database locations before you leave the voting booth, all using encryption techniques that avoids any need for secrecy.

Unfortunately, accuracy seems to be a low priority. Our paper ballot readers flag ballots that are not filled out correctly, but don't bother to tell the voter. It puts them in a separate pile, which they look at AFTER the voter has left. So, the voter can make the same mistake next time, and they apparently don't care.
[ link to this | view in chronology ]
Ima Voter, 18 Mar 2008 @ 3:34pm

Flaws
My guess is that the machines are flawed and Sequoia knows it. There should not be a Sequoia machine used for voting until the lawsuit is wrapped up and they clear their name.
[ link to this | view in chronology ]
Bryan, 19 Mar 2008 @ 1:34pm

A Crappy Deal
Hey Everyone, I just invented a new voting machine. I've tested it and I can assure you that it works super great! Unfortunately, for security and intellectual property reasons, I can't allow you to test it or even look at it until you have to use it. Per our licensing agreement, you (and your entire country) are just going to have to trust me, buy it and use it. I promise to tell you who won the election, as usual. Let me know where to send the bill.
[ link to this | view in chronology ]