ES&S Sues Former Workers Over Taking Buggy, Vulnerability-Filled Code

from the why-would-they-bother? dept

Michael Scott alerts us to the news that e-voting firm ES&S has sued two former employees, claiming copyright infringement over code they took with them from ES&S, along with additional trade secrets. I have no idea whether or not this is true, but all I can ask is "why?" As has been documented time and time again, ES&S's e-voting code has a ton of problems. Remember, these are the machines that have been found to have serious security vulnerabilities, with some serious bugs, such as adding votes to the wrong election, calibration problems that lead to people voting for the wrong candidate, and bugs that resulted in phantom votes. And ES&S is the company that knew about some of these bugs, and let them be used in elections anyway. So if you were going to go off and start your own e-voting company (and it's not clear these individuals did that), wouldn't you be better off starting from scratch?


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Sep 9th, 2009 @ 5:45am

    Why would you want to start from scratch when the entire point is to sell elections to the highest bidder? Bugs are the perfect scapegoat to avoid going to jail!

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    NullOp, Sep 9th, 2009 @ 6:19am

    Good Point!

    AC makes a good point. Elections can be sold, stolen and rigged. There is no better culprit than the computer. Since day one, workers, world over, have used "the computer did it" as an excuse for whatever.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Money Mike (profile), Sep 9th, 2009 @ 6:44am

    I think the main thing to realize is that whether it's buggy code or not, it's still complete code and it just can't be all bad. I'm sure there are pieces of it that work well and are quite valuable, so why not use it and build on top of it?

    However, even if they consider it "complete" and use it as is, then why shouldn't they? If ES&S can use it as is, why couldn't a competitor? More importantly, if these guys are taking code and trade secrets from their former employee, do you really think they would let integrity stand in the way of profit? Keep in mind that they did come from this shady company in the first place.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Money Mike (profile), Sep 9th, 2009 @ 6:46am

    Not Surprised

    I think the main thing to realize is that whether it's buggy code or not, it's still complete code and it just can't be all bad. I'm sure there are pieces of it that work well and are quite valuable, so why not use it and build on top of it?

    However, even if they consider it "complete" and use it as is, then why shouldn't they? If ES&S can use it as is, why couldn't a competitor? More importantly, if these guys are taking code and trade secrets from their former employee, do you really think they would let integrity stand in the way of profit? Keep in mind that they did come from this shady company in the first place.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Dark Helmet (profile), Sep 9th, 2009 @ 6:59am

    Question:

    What reasonable person can take a machine that "have serious security vulnerabilities, with some serious bugs, such as adding votes to the wrong election, calibration problems that lead to people voting for the wrong candidate, and bugs that resulted in phantom votes" and NOT realize that this is a purposefu endeavor?

    Are we so far gone as a "free" nation that we are no longer all that concerned when the machinations of VOTING are so flawed as to render the whole process meaningless?

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    hmm, Sep 9th, 2009 @ 7:03am

    When i installed word, I didn't have to "calibrate" the software so it knew when i pressed A that I wanted the letter A on screen, I didn't have to worry that if I clicked File/Save that it would (without telling me) decide to change the font size.

    All this stuff about "calibrating" votes is 100% bullshit. Its a simple matter of "if button A is pressed then candidate A's votes=candidate A's votes+1.

    I've never been sure why these companies claim that their software is so difficult to fix and make sure votes are correct. the only "difficulty" involved is making sure the software has a reasonable level of security (a basic web-connected interface with 2 buttons that sends info on the button pressed (encrypted) would be sufficient...and virtually hack-proof as theres nothing to actually exploit in there.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Spyder (profile), Sep 9th, 2009 @ 7:06am

    Re:

    You are obviously not a programmer. Debugging bad code is much harder than writing good code the first time. A simple flow chart or UML diagram would be more helpful than the code, either of which can be easily memorized and are generic enough that a claim would be next to impossible.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Geoff, Sep 9th, 2009 @ 7:08am

    Not the point

    Your attempt to excuse employee theft of code is quite flawed. Simply put, sloppy code or not, it belongs to the company, NOT the programmer. Something you fail to mention.

    Now if they want to start from scratch and write their own evoting code, they are free to do so.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Sean T Henry (profile), Sep 9th, 2009 @ 7:22am

    The problem is not

    The problem is not that ES&S thinks that the two employees will start a competing company with the crappy software. The problem is that they do not want the crappy code released showing how bad it is.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    R. Miles (profile), Sep 9th, 2009 @ 7:48am

    Start from scratch? This isn't the 70s, Mike.

    So if you were going to go off and start your own e-voting company (and it's not clear these individuals did that), wouldn't you be better off starting from scratch?
    Better yet, why not take what's broken and fix it, as this would be faster than starting from scratch and get the business up and running much faster.

    I would speculate these employees may know exactly what's wrong with the code in order to take it to begin with.

    That alone should make one wonder about it. But hell, what do I care.

    Corporate America owns every damn politician anyway, so it doesn't matter who gets "voted" in.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Chronno S. Trigger (profile), Sep 9th, 2009 @ 7:54am

    Re:

    "When i installed word, I didn't have to "calibrate" the software so it knew when i pressed A that I wanted the letter A on screen"

    No, but if you have a touch screen display (like most voting machines), you have to calibrate it to make sure that when you hit the A on the screen it types A instead of the S beside it. That's still something that should be insanely easy and should be a one time thing.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Sep 9th, 2009 @ 8:33am

    If those guys had access to the code they probably worked on it. They got paid to write the code so the company 'owns' it but can you really steal your own work?

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    anymouse (profile), Sep 9th, 2009 @ 8:45am

    I'm with Miles

    "I would speculate these employees may know exactly what's wrong with the code in order to take it to begin with."

    I would go a step farther and say that perhaps these two are the ones who were 'encouraged' to break the code in the specified manner in order to get it to do what ES&S wanted it to do (Dropped votes, misplaced votes, phantom votes.... these sound like designed 'features' to me). Nothing pisses off a programmer more than taking the excellent work they did and asking them to 'break' it in specific ways. Perhaps these two got tired of all the crap and decided to take their code so they could clean it up to do what it was intended to do, not what ES&S Twisted it into.

    What better way to shut them up then to drop them and file suit against them. If they did stand up and say ES&S made us write 'buggy' code on purpose, who would believe them now?

    Or perhaps my tinfoil hat is just a little tight today....

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    TheStupidOne, Sep 9th, 2009 @ 8:49am

    Re: Re:

    but if it is a problem ... USE AN F*ING MOUSE AND KEYBOARD

    everybody i know has used a mouse before and even if you haven't it is pretty intuitive, and even if you still have problems poll workers can help you out.

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    chris (profile), Sep 9th, 2009 @ 8:56am

    Re: Re:

    You are obviously not a programmer. Debugging bad code is much harder than writing good code the first time.

    sure if you intend to use the code to build products from.

    if you just want to sell it to competitors or to people interested in rigging elections, then the bugs (0dayz) contained in the code are worth more than the completed code.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    pferland, Sep 9th, 2009 @ 8:57am

    Re: Good Point!

    As someone in IT, I refuse to accept that as an excuse.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    hmm, Sep 10th, 2009 @ 6:13am

    OK so these things need "calibrating"..change them..have a big RED button for candidate 1...big blue button for candidate 2....etc etc...no calibration..no touch screen, just an on-screen picture of the person you voted for with "you have voted for "...please press the button again to confirm

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    hmm, Sep 10th, 2009 @ 6:19am

    final note...i assume there aren't 26 buttons on a voting screen..."please type the name of your candidate here..spelling errors invalidate your vote"...

    so why isnt the screen simply split into large chunks, where calibration wouldn't be needed.
    You press for your candidate..it comes up with "you have chosen....NAME.....are you sure?" with big yes/no buttons underneath.

    Then shows a final third screen "you voted for NAME...vote recorded"...no fancy interface just plain text...

    That way if the vote suddenly "accidentally" goes to the wrong candidate we'd have 100% proof that the election was rigged and whoever created the voting machine could be charged with treason.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This