Call it the doctrine of pre-emptive litigation. EFF has filed a lawsuit against Diebold, Inc., the manufacturer of an electronic voting machine that is said to be “unverifiable.” When a citizen votes, there’s apparently no way to tell that the vote has been recorded. To make matters worse, some computer security experts believe that Diebold’s voting machines aren’t trustworthy, allowing a single voter to cast multiple votes and votes already cast to be changed.
Steven Levy, reporting for Newsweek, for example, cites Johns Hopkins professor Avi Rubin who has examined the device’s source code with his students and concluded that “the protections against fraud and tampering were strictly amateur hour…. The cryptography was weak and poorly implemented, and the smart-card system that supposedly increased security actually created new vulnerabilities.” Rubin published a paper (.pdf) on the results of his investigation of the Diebold device and concluded that the system was “far below even the most minimal security standards.”
Maryland put a US$57 million purchase of the Diebold voting machines on hold after an independent firm reached mostly the same conclusion as Rubin. Other experts joined in, singing the same tune. Meanwhile, Diebold has sold some 33,000 of the problematic machines that have already been used in elections.
Within the technology community, the emerging consensus appears to be for “verifiable voting,” whereby some form of protected — and probably encrypted — receipt is created upon the citizen’s vote and is immediately secured in case it’s needed for a later manual recount.
Diebold, for its part, denies any security vulnerabilities exist with its system. It doesn’t help that the company’s CEO, Walden O’Dell, is a major player in President Bush’s re-election campaign. In a fund-raiser invitation, O’Dell wrote that he was “committed to helping Ohio deliver its electoral votes to the president next year.”
Smelling a rat, two Swarthmore College students obtained — and published to the Internet — internal Diebold documents indicating that the company was aware of security problems with its machinery. Diebold is claiming copyright infringement and is seeking to prosecute the students, and others, under provisions of the Digital Millennium Copyright Act (DMCA). While Swarthmore removed the documents in question, the Diebold documents have slipped onto the peer-to-peer service Freenet where information can be published and perused anonymously. Diebold continues to send cease-and-desist letters to anyone who researches or publishes information about the matter.
First Amendment activists argue that Diebold is using copyright laws to stifle free speech. Wendy Seltzer, an EFF lawyer, reminded The New York Times‘ John Schwartz that copyright laws were enacted to protect creative expression, but that Diebold is misusing those laws “because they don’t want the facts out there.”
From today’s EFF press release:
“‘Diebold’s blanket cease-and-desist notices are a blatant abuse of copyright law,’ said EFF Staff Attorney Wendy Seltzer. ‘Publication of the Diebold documents is clear fair use because of their importance to the public debate over the accuracy of electronic voting machines.’
“Diebold threatened not only the ISPs of direct publishers of the corporate documents, but also the ISPs of those who merely publish links to the documents. In one such instance, the ISP Online Policy Group (OPG) refused to comply with Diebold’s demand that it prohibit Independent Media Network (IndyMedia) from linking to Diebold documents. Neither IndyMedia nor any other publisher hosted by OPG has yet published the Diebold documents directly.
“‘As an ISP committed to free speech, we are defending our users’ right to link to information that’s critical to the debate on the reliability of electronic voting machines,’ said OPG’s Colocation Director David Weekly. ‘This case is an important step in defending free speech by helping protect small publishers and ISPs from frivolous legal threats by large corporations.'”