E-Voting Firm Threatens Ed Felten If He Reviews Its E-Voting Machine
from the well-that's-comforting dept
Many of the folks around here are surely aware of the name Ed Felten, the Princeton professor who runs the fantastic blog Freedom To Tinker, and who has been involved in a number of important technology news stories over the years. One of the first that brought him to much wider attention in the tech community happened back in 2001. The recording industry had set up a contest, asking anyone to try to hack its SDMI DRM offering. The idea was to prove that SDMI was a perfectly good DRM. But, of course, like every other DRM, it had its faults, and Felten and some of his researchers figured them out. That's where things got ridiculous. Despite the fact that the recording industry had told people to try to hack SDMI, when Felten went to present the paper, he was threatened with a lawsuit for breaking the anti-circumvention clause of the DMCA. Eventually, after a ton of public pressure, the recording industry backed down, but Felten's name was cemented in the minds of many in the tech industry as a fighter for freedom of speech and, more importantly, the freedom to tinker.It would appear that the folks at Sequoia, one of the big three e-voting firms out there, is somewhat unaware of this aspect of Felten's past. In the past few years, Felten has been one of a few top computer science experts who have been picking apart the problems with e-voting machines. His freedom to tinker with such machines has broken numerous stories revealing serious problems with the machines that many suspected, but were unable to confirm, since the e-voting firms kept the machines so under wraps. In publicizing these flaws, Felten has become one of the go-to guys when various governments are reviewing e-voting machines, so it should come as no surprise that election officials in New Jersey (where Felten lives and works) would be interested in having him run some tests on a Sequoia e-voting machine that they're looking at using in future elections.
This seems perfectly reasonable -- and if you're an e-voting company like Sequoia, it should also be a perfect way to build more trust in your machines, telling people that they've been reviewed by some of the top experts in the field who found nothing wrong with them. Except... that's not how execs at e-voting companies seem to think. Sequoia has, instead, sent a threatening email to Felten, saying that election officials who sent a machine to Felten would be breaking the state's terms of service with Sequoia, and that the company has:
"retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis. We will also take appropriate steps to protect against any publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property."Yes, this is quite reminiscent of the recording industry's threats to Felten in 2001. Hopefully this situation ends similarly -- with Sequoia backing down quite publicly and apologizing. It's disgusting that such a firm would threaten a well-respected researcher with lawsuits just for checking on the security of an e-voting machine. This is worse than the recording industry situation. This is about the sanctity of our democratic elections. For Sequoia, a firm entrusted with our elections, to threaten someone for merely testing its product to make sure it lives up to necessary standards is terribly worrisome. It should call into question any locality that chooses to make use of Sequoia e-voting machines.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: copyright, dmca, e-voting, ed felten, intellectual property, new jersey
Companies: sequoia
Reader Comments
Subscribe: RSS
View by: Time | Thread
Welcome to the future
[ link to this | view in chronology ]
leave, while we still can
[ link to this | view in chronology ]
The government should be doing more to stamp down these ridiculous threats.
[ link to this | view in chronology ]
Re: The government should be doing more...
We need to go back to manual tallying. Even then we face the potential buyouts but at least it's not fixed from the start and completely untrackable.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: A. C.
[ link to this | view in chronology ]
Re: Re: A. C.
[ link to this | view in chronology ]
Testing voting machines
[ link to this | view in chronology ]
Since these companies wouldn't be selling a damned machine without the government buying them (where else would they sell expensive voting machines?), maybe these government bodies would be best-served by adding in contract clauses that allow them to have these machines inspected by whatever experts they deem appropriate, and once certified, the code is locked, and becomes the property of both the voting machine company AND the government body.
Voting is so important, and it seems strange to me that the government (any local, state, or federal body) doesn't try to enlist something like Harvard or Carnegie Mellon to develop the code for the machines.
Why not have one company make the hardware, and another the software? Separation may make it more complex, but not needlessly so. And it means the two parties have to work together to make a working and safe/secure product.
Just spit-balling, but it seems we have allowed it to be less safe and thus more problematic than it needs to be.
Woadan
[ link to this | view in chronology ]
Reviews
[ link to this | view in chronology ]
If you can't look under the hood
All the government has to do is say, 'Sequoia, accept our independent testing regimen or take your business elsewhere'.
The either comply or simply end up with a product no government is willing to buy.
[ link to this | view in chronology ]
Never Ascribe...
[ link to this | view in chronology ]
Re: Never Ascribe...
They're a private company looking to run an election for the gov't. Thus, they should be reviewed clearly.
[ link to this | view in chronology ]
Just Hire Him
[ link to this | view in chronology ]
http://www.bbvforums.org/forums/messages/8/70403.html
And..
Sequoia Leadership - Jack A. Blaine currently serves as President of Sequoia Voting Systems and its parent company Smartmatic Corporation. Prior to his tenure at Smartmatic, he served as Executive Vice President of Unisys Corporation and President of Worldwide Sales and Services. Earlier, Mr. Blaine served in management roles for the Ford Motor Company and as a U.S. Naval officer.
And... (http://answers.google.com/answers/threadview?id=589189)
http://www.vcrisis.com/index.php?content =letters/200508141135
-- DO NOT FAIL TO READ THIS EXTREMELY INFORMATIVE INVESTIGATIVE REPORT --
According to the Miami Herald and Ochoa’s research, aside from the
apparent connection to the Venezuelan government, Ochoa said, “unknown
Venezuelan investors, operating via proxy European ventures, could
indeed be the controlling power behind Smartmatic.”
The legacy of Smartmatic is a tangled web indeed that has led
investigators to Switzerland, Amsterdam, The Netherlands, Italy, South
America and elsewhere in an effort to solve the riddle. Obviously I
have no knowledge about this personally and I am relying on The Miami
Herald and Orlando Ochoa’s published research on the matter as two of
my primary sources. Having said that, Ochoa’s research clearly
suggests that while many of the individual players in this soap opera
are largely concealed, it isn’t too far fetched to conclude that, due
to the obviously intimate connections, the Venezuelan government most
likely has a major controlling interest in Smartmatic Corporation.
*********
http://www.vcrisis.com/index.php?content=letters/200508141135
Follow the links... maybe if you really do a little research, you'll find it's not as clear as you might think.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
DRM
DRM for internal use is great, but not for items being sold or given away, such as being posted for public view on the internet, and especially not for something as important as e-voting.
Testing of e-voting machines should be required by the government to make sure no tampering or hacking of any kind can be done to insure proper results when they are put to use. These machines are not just for government officials or electoral groups, but are for all people within a given state or nation.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
non-compliant analysis
[ link to this | view in chronology ]
Re: non-compliant analysis
Would this be enough to tell them to take a long walk off a short pier?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
to coin a phrase
[ link to this | view in chronology ]
It's simply asinine to test the security of a device under ridge rules when no one follows those rules in the real world, especially the bad guys!
[ link to this | view in chronology ]
The Governor of New Jersey should send him a pardo
[ link to this | view in chronology ]
so....
most lawyers though really deserve a good kick in the head...
[ link to this | view in chronology ]
thats what you get
[ link to this | view in chronology ]
...
We don't have all day, sitting in our cubicles, for this crap.
Oh wait... never mind...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Then they shouldn't be making voting machines. Basically, Sequoia is saying that we should just trust that their voting machines are secure without any objective testing. In other words, we should just take their word for it.
Among the various flaws discovered in Sequoia's machines while being used for elections are incorrect time stamps, uncounted votes, random freezes, read errors, the ability for a person to vote multiple times, etc. When these flaws were discovered, their typical reaction has been to blame voters, election officials, basically anyone or anything except the machine responsible for the error.
Sequoia was also directly responsible for the massive miscounting in the 2000 Florida presidential election, as they delivered unusable punch cards, and then proceeded to try and cover up the fact.
They previously fought a lawsuit in Florida that would have forced them to reveal their source code when serious problems concerning their machines were discovered.
Other serious flaws in their security model were discovered when California investigated the Sequoia source code in 2007, which was discovered on an unprotected web page.
This is a company that is more concerned with trying to salvage their reputation than build a quality product. They are attempting to suppress criticism of their so called "tamper-proof" voting machines. They seem to be happy with the status quo; i.e. discover their system flaws during actual elections, and perform damage control.
I think it is decidedly unfair that voters are expected to trust their vote to a company with a history of false claims, faulty products, and unethical behavior. Source code examination and third party testing should be mandatory for any company providing electronic voting machines to a state or federal government.
[ link to this | view in chronology ]
Voting Machines
[ link to this | view in chronology ]
Avoiding a rerun
I suppose the NJ county that is trying to get Ed Felton do the audit can hire him and keep the report in-house. Less embarrassing until the county drops the company as a result of the in-house report.
If one is serious about reliability and security, it looks like there are two choices. One is to use proprietary code/hardware that is reviewed/audited extensively by independent experts. These experts could possibly include programmers hired by political parties as part of their voter observer teams...
The other choice is open source. Less fuss on accessing the source code.
[ link to this | view in chronology ]
Send them all back...
If we decide that we absolutely need the quick tallies, then the only kind of machines we should accept are ones that optically scan and count hand-marked paper ballots, which can be counted manually for audit purposes. And a few percent of the precincts should be audited every election at random.
With manual ballot counting, it is possible to rig elections, but you have to do it retail -- each precinct separately. With electronic ballots, someone can rig the elections wholesale, by corrupting the programming that gets distributed to all the machines.
[ link to this | view in chronology ]
E-voting could be very good if done right
Unfortunately, accuracy seems to be a low priority. Our paper ballot readers flag ballots that are not filled out correctly, but don't bother to tell the voter. It puts them in a separate pile, which they look at AFTER the voter has left. So, the voter can make the same mistake next time, and they apparently don't care.
[ link to this | view in chronology ]
Flaws
[ link to this | view in chronology ]
A Crappy Deal
[ link to this | view in chronology ]