E-Voting Firm Threatens Ed Felten If He Reviews Its E-Voting Machine

from the well-that's-comforting dept

Many of the folks around here are surely aware of the name Ed Felten, the Princeton professor who runs the fantastic blog Freedom To Tinker, and who has been involved in a number of important technology news stories over the years. One of the first that brought him to much wider attention in the tech community happened back in 2001. The recording industry had set up a contest, asking anyone to try to hack its SDMI DRM offering. The idea was to prove that SDMI was a perfectly good DRM. But, of course, like every other DRM, it had its faults, and Felten and some of his researchers figured them out. That's where things got ridiculous. Despite the fact that the recording industry had told people to try to hack SDMI, when Felten went to present the paper, he was threatened with a lawsuit for breaking the anti-circumvention clause of the DMCA. Eventually, after a ton of public pressure, the recording industry backed down, but Felten's name was cemented in the minds of many in the tech industry as a fighter for freedom of speech and, more importantly, the freedom to tinker.

It would appear that the folks at Sequoia, one of the big three e-voting firms out there, is somewhat unaware of this aspect of Felten's past. In the past few years, Felten has been one of a few top computer science experts who have been picking apart the problems with e-voting machines. His freedom to tinker with such machines has broken numerous stories revealing serious problems with the machines that many suspected, but were unable to confirm, since the e-voting firms kept the machines so under wraps. In publicizing these flaws, Felten has become one of the go-to guys when various governments are reviewing e-voting machines, so it should come as no surprise that election officials in New Jersey (where Felten lives and works) would be interested in having him run some tests on a Sequoia e-voting machine that they're looking at using in future elections.

This seems perfectly reasonable -- and if you're an e-voting company like Sequoia, it should also be a perfect way to build more trust in your machines, telling people that they've been reviewed by some of the top experts in the field who found nothing wrong with them. Except... that's not how execs at e-voting companies seem to think. Sequoia has, instead, sent a threatening email to Felten, saying that election officials who sent a machine to Felten would be breaking the state's terms of service with Sequoia, and that the company has:
"retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis. We will also take appropriate steps to protect against any publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property."
Yes, this is quite reminiscent of the recording industry's threats to Felten in 2001. Hopefully this situation ends similarly -- with Sequoia backing down quite publicly and apologizing. It's disgusting that such a firm would threaten a well-respected researcher with lawsuits just for checking on the security of an e-voting machine. This is worse than the recording industry situation. This is about the sanctity of our democratic elections. For Sequoia, a firm entrusted with our elections, to threaten someone for merely testing its product to make sure it lives up to necessary standards is terribly worrisome. It should call into question any locality that chooses to make use of Sequoia e-voting machines.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Hellsvilla, Mar 18th, 2008 @ 7:46am

    Welcome to the future

    Welcome to the future. The year is 1984, and its currently 24 years behind schedule, so you may want to keep out of its way.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    piperonal, Mar 18th, 2008 @ 8:28am

    leave, while we still can

    How many Germans bailed in the years between Hitler's rise and WWII?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 18th, 2008 @ 8:30am

    Imagine if 'Motoring Magazine' faced a lawsuit by Ford for testing their vehicles for front-end impact safety because they 'might' point out a flaw or deficiency.

    The government should be doing more to stamp down these ridiculous threats.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Mike Kinney, Mar 18th, 2008 @ 8:54am

      Re: The government should be doing more...

      My friend, the point is that they WANT to be able to control the e-voting machines. THEY want to be able to elect whomever they wish to in order to get the 'right' minded people in this ever faltering and vastly overgrown government. Right minded in this case means 'like' minded.

      We need to go back to manual tallying. Even then we face the potential buyouts but at least it's not fixed from the start and completely untrackable.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Pat Ondabak, Mar 18th, 2008 @ 10:13am

      Re:

      Great analogy!

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Russell, Mar 18th, 2008 @ 4:58pm

      Re: A. C.

      Yes the government should protect the truth instead of the tel-coms for invading our privacy.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Orbeli, Mar 19th, 2008 @ 5:02am

      Testing voting machines

      Let's leave the government out of this sort of situation as long as we can. If regs are not already in place to protect those testing the voting machines, there'll be plenty of time to introduce appropriate legislation. Lining up concerned, important Senators and Representatives is, of course, not a bad idea -- the publicity may be enough to make Sequoia have second thoughts about proceeding against Prof. Felten .

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Woadan, Mar 18th, 2008 @ 8:31am

    Wow! If this isn't justification for IP review, what is?

    Since these companies wouldn't be selling a damned machine without the government buying them (where else would they sell expensive voting machines?), maybe these government bodies would be best-served by adding in contract clauses that allow them to have these machines inspected by whatever experts they deem appropriate, and once certified, the code is locked, and becomes the property of both the voting machine company AND the government body.

    Voting is so important, and it seems strange to me that the government (any local, state, or federal body) doesn't try to enlist something like Harvard or Carnegie Mellon to develop the code for the machines.

    Why not have one company make the hardware, and another the software? Separation may make it more complex, but not needlessly so. And it means the two parties have to work together to make a working and safe/secure product.

    Just spit-balling, but it seems we have allowed it to be less safe and thus more problematic than it needs to be.

    Woadan

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Lohocla, Mar 18th, 2008 @ 10:24am

      Reviews

      Shame, even vegas has to comply with that shit for their electronic gaming equipment, no one's bitching (much) there.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Don't Buy it, Mar 18th, 2008 @ 8:34am

    If you can't look under the hood

    "It should call into question any locality that chooses to make use of Sequoia e-voting machines."

    All the government has to do is say, 'Sequoia, accept our independent testing regimen or take your business elsewhere'.

    The either comply or simply end up with a product no government is willing to buy.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    The Mighty Buzzard, Mar 18th, 2008 @ 8:35am

    Never Ascribe...

    Please, I think the tinfoil hat has seriously screwed up your brain. Sequoia's actions have nothing to do with wanting to control people's actions at large and everything to do with not wanting people to find out they half-assed a job. They're not the government, they're a private company, you twit.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike (profile), Mar 18th, 2008 @ 10:35am

      Re: Never Ascribe...

      They're not the government, they're a private company, you twit.

      They're a private company looking to run an election for the gov't. Thus, they should be reviewed clearly.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Syn-Ack, Mar 18th, 2008 @ 8:41am

    Just Hire Him

    Why doesn't one of these firms just hire the guy themselves first? It'll save them a lot of heartache, bad publicity, and lawyer fees.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Overcast, Mar 18th, 2008 @ 8:59am

    Please, I think the tinfoil hat has seriously screwed up your brain. Sequoia's actions have nothing to do with wanting to control people's actions at large and everything to do with not wanting people to find out they half-assed a job. They're not the government, they're a private company, you twit.

    http://www.bbvforums.org/forums/messages/8/70403.html

    And..

    Sequoia Leadership - Jack A. Blaine currently serves as President of Sequoia Voting Systems and its parent company Smartmatic Corporation. Prior to his tenure at Smartmatic, he served as Executive Vice President of Unisys Corporation and President of Worldwide Sales and Services. Earlier, Mr. Blaine served in management roles for the Ford Motor Company and as a U.S. Naval officer.

    And... (http://answers.google.com/answers/threadview?id=589189)

    http://www.vcrisis.com/index.php?content =letters/200508141135
    -- DO NOT FAIL TO READ THIS EXTREMELY INFORMATIVE INVESTIGATIVE REPORT --

    According to the Miami Herald and Ochoa’s research, aside from the
    apparent connection to the Venezuelan government, Ochoa said, “unknown
    Venezuelan investors, operating via proxy European ventures, could
    indeed be the controlling power behind Smartmatic.”

    The legacy of Smartmatic is a tangled web indeed that has led
    investigators to Switzerland, Amsterdam, The Netherlands, Italy, South
    America and elsewhere in an effort to solve the riddle. Obviously I
    have no knowledge about this personally and I am relying on The Miami
    Herald and Orlando Ochoa’s published research on the matter as two of
    my primary sources. Having said that, Ochoa’s research clearly
    suggests that while many of the individual players in this soap opera
    are largely concealed, it isn’t too far fetched to conclude that, due
    to the obviously intimate connections, the Venezuelan government most
    likely has a major controlling interest in Smartmatic Corporation.

    *********
    http://www.vcrisis.com/index.php?content=letters/200508141135

    Follow the links... maybe if you really do a little research, you'll find it's not as clear as you might think.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Overcast, Mar 18th, 2008 @ 9:02am

    Plus - you know, if they are a private company they should have no problems with 'transparency' when doing a service for the US Government - who, is supposedly "The People" in spite of what the media spins anymore.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    techsyn, Mar 18th, 2008 @ 9:08am

    DRM

    This is just another example of the misuse of DRM.

    DRM for internal use is great, but not for items being sold or given away, such as being posted for public view on the internet, and especially not for something as important as e-voting.

    Testing of e-voting machines should be required by the government to make sure no tampering or hacking of any kind can be done to insure proper results when they are put to use. These machines are not just for government officials or electoral groups, but are for all people within a given state or nation.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Gary McGath, Mar 18th, 2008 @ 9:15am

    Sequoia has effectively confessed to having untrustworthy technology.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Ken Chan, Mar 18th, 2008 @ 9:43am

    non-compliant analysis

    WTF? I suppose if you dictate the terms of the examination, you will always pass.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 18th, 2008 @ 10:00am

    f that!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    mike allen, Mar 18th, 2008 @ 10:15am

    to coin a phrase

    If you got nothing to hide so whats this firms softwear got to hide I KMOW FIX FIX FIX So we can only assume the machines are flawed.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Ima Fish, Mar 18th, 2008 @ 10:16am

    Sequoia seems to be under the impression that anyone cracking into one of their machines would only do so under a compliant manner. Someone should teach the powers at be at Sequoia that crackers only follow one rule: Crack by any means necessary.

    It's simply asinine to test the security of a device under ridge rules when no one follows those rules in the real world, especially the bad guys!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    PRMan, Mar 18th, 2008 @ 10:28am

    The Governor of New Jersey should send him a pardo

    Send him a pardon letter in advance and let him at it.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    bubba, Mar 18th, 2008 @ 10:37am

    so....

    somebody will eventually go into a voting booth one day, hack a machine and take a picture...or some other proof...i wonder if the machine itself is really the problem though, where do they upload the voting counts too?

    most lawyers though really deserve a good kick in the head...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    stan smith, Mar 18th, 2008 @ 10:56am

    thats what you get

    let one republican jackass steal 2 elections and thats what you get, serves you people right, welcome to the soviet states of america.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Cubicle Crusader, Mar 18th, 2008 @ 11:55am

    ...

    I love how most of the techdirt articles you have to read through a bunch of crap before you get to the facts or the subject of the story. Stop sensationalizing and get to the point.

    We don't have all day, sitting in our cubicles, for this crap.
    Oh wait... never mind...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Jake, Mar 18th, 2008 @ 12:04pm

    In fairness to Sequoia, I can understand them not wanting proprietary technological information reaching the public domain, and you could even argue that it's a technical violation of the warranty. I'd have thought however that a well-respected academic would have more sense than that, as Sequoia ought to know.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      DanC, Mar 18th, 2008 @ 1:17pm

      Re:

      understand them not wanting proprietary technological information reaching the public domain

      Then they shouldn't be making voting machines. Basically, Sequoia is saying that we should just trust that their voting machines are secure without any objective testing. In other words, we should just take their word for it.

      Among the various flaws discovered in Sequoia's machines while being used for elections are incorrect time stamps, uncounted votes, random freezes, read errors, the ability for a person to vote multiple times, etc. When these flaws were discovered, their typical reaction has been to blame voters, election officials, basically anyone or anything except the machine responsible for the error.

      Sequoia was also directly responsible for the massive miscounting in the 2000 Florida presidential election, as they delivered unusable punch cards, and then proceeded to try and cover up the fact.

      They previously fought a lawsuit in Florida that would have forced them to reveal their source code when serious problems concerning their machines were discovered.

      Other serious flaws in their security model were discovered when California investigated the Sequoia source code in 2007, which was discovered on an unprotected web page.

      This is a company that is more concerned with trying to salvage their reputation than build a quality product. They are attempting to suppress criticism of their so called "tamper-proof" voting machines. They seem to be happy with the status quo; i.e. discover their system flaws during actual elections, and perform damage control.

      I think it is decidedly unfair that voters are expected to trust their vote to a company with a history of false claims, faulty products, and unethical behavior. Source code examination and third party testing should be mandatory for any company providing electronic voting machines to a state or federal government.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 18th, 2008 @ 5:31pm

      Avoiding a rerun

      I think they are trying to avoid a repeat of what happened in California-- where a detailed report on the workings of their machine and its vulnerabilities was published.

      I suppose the NJ county that is trying to get Ed Felton do the audit can hire him and keep the report in-house. Less embarrassing until the county drops the company as a result of the in-house report.

      If one is serious about reliability and security, it looks like there are two choices. One is to use proprietary code/hardware that is reviewed/audited extensively by independent experts. These experts could possibly include programmers hired by political parties as part of their voter observer teams...

      The other choice is open source. Less fuss on accessing the source code.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    KD, Mar 18th, 2008 @ 12:12pm

    Send them all back...

    Mike Kinney (reply #8) has it right -- the votes should be counted manually. There is no reason we can't wait a few hours or a day for election results. We don't need the fancy electronic voting machines.

    If we decide that we absolutely need the quick tallies, then the only kind of machines we should accept are ones that optically scan and count hand-marked paper ballots, which can be counted manually for audit purposes. And a few percent of the precincts should be audited every election at random.

    With manual ballot counting, it is possible to rig elections, but you have to do it retail -- each precinct separately. With electronic ballots, someone can rig the elections wholesale, by corrupting the programming that gets distributed to all the machines.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Joe Krahn, Mar 18th, 2008 @ 12:28pm

    E-voting could be very good if done right

    E-voting could be the best solution if done right. Voters could leave with receipt containing a vote "hash" that would allow each voter to verify that their individual vote is in the result database. Ideally, the vote should be securely transmitted to multiple remote database locations before you leave the voting booth, all using encryption techniques that avoids any need for secrecy.

    Unfortunately, accuracy seems to be a low priority. Our paper ballot readers flag ballots that are not filled out correctly, but don't bother to tell the voter. It puts them in a separate pile, which they look at AFTER the voter has left. So, the voter can make the same mistake next time, and they apparently don't care.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Ima Voter, Mar 18th, 2008 @ 3:34pm

    Flaws

    My guess is that the machines are flawed and Sequoia knows it. There should not be a Sequoia machine used for voting until the lawsuit is wrapped up and they clear their name.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Bryan, Mar 19th, 2008 @ 1:34pm

    A Crappy Deal

    Hey Everyone, I just invented a new voting machine. I've tested it and I can assure you that it works super great! Unfortunately, for security and intellectual property reasons, I can't allow you to test it or even look at it until you have to use it. Per our licensing agreement, you (and your entire country) are just going to have to trust me, buy it and use it. I promise to tell you who won the election, as usual. Let me know where to send the bill.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This