Institute Orders Two Students To Remove E-mails from WebBy Waseem S. Daher
In response to complaints from Diebold Election Systems, MIT has asked two students to stop publishing on the Web a series of internal Diebold e-mails discussing weaknesses in the company’s voting machines. The students have complied for now, but say the dispute is not over.
More than 100 people across the country have posted copies of Diebold e-mails since last month, when they were first obtained from within the company. Many Internet service providers have received complaints from the company, whose voting machines are used by about eight percent of the population, The New York Times reported.
Diebold representatives and attorneys have argued that posting the company’s e-mails, which run from 1999 through this year, is copyright infringement.
People posting the e-mails have replied that the public deserves to read the internal correspondence, which appears to reveal embarrassing vulnerabilities in the company’s equipment and other internal company details. Some argue that copyright law’s “fair use” exemption protects those who post the e-mails.
Diebold did not respond to a request for comment. The company has said the e-mails were “stolen from a Diebold computer” but has not confirmed that the e-mails are authentic beyond asserting that it owns the copyright on them.
MIT asks two to remove e-mails
On Oct. 24, C. Scott Ananian G downloaded the trove of about 15,000 e-mails and published them on the Web, hosted by his computer at the Computer Science and Artificial Intelligence Laboratory.
Four days later, Diebold wrote to MIT, saying the company owned the copyright on its internal e-mails and demanding that the documents be removed from Ananian’s Web page and from the Athena locker of David T. Meyer ’06, another student who had posted the e-mails.
Timothy J. McGovern of Information Systems forwarded the complaints to Ananian and Meyer, writing to Meyer, “You have until 4 p.m. Thursday, Oct 30 to comply with this notice, or your Athena locker/volume will be unmounted to prevent further access.”
Meyer complied, saying there are now already enough mirrors of the memos on the Internet. Ananian also removed his copy of the e-mails, but sent MIT a “counter notification” that will allow him to repost the e-mails today without risking liability for MIT.
Ananian said he will repost the e-mails on the Web soon. He continues to publish the Diebold internal e-mails using the “BitTorrent” file distribution system, which the company did not mention in its complaint to MIT.
Christopher E. Kuklewicz G, has now also published the e-mails on the Web, at http://www.mit. edu/~chrisk/.
E-mails show flaws, Ananian says
“What I saw was pretty shocking,” Ananian said. “Certainly this is something more people should know about.”
One of the main security holes in Diebold’s AccuVote-TS, a touchscreen voting machine, appears to be its dependence on a Microsoft Access database to store the votes, according to critics who cite the e-mails.
When administrators log into the Global Election Management Software provided by Diebold, their work is recorded in an audit log, designed so that individuals cannot make unauthorized changes to votes. Each user’s actions are tracked and recorded in the audit log.
Both the votes and the audit log are stored in an unsecured Microsoft Access database, the e-mails said. Essentially, this allows anyone with physical access to the database’s computer to edit vote counts and the audit log without being detected.
Furthermore, the e-mails indicate that Diebold employees know about this flaw but have considered leaving the security hole in because “being able to end-run the database has admittedly got people out of a bind,” one employee wrote in 2001, according to the collection.
It is unclear whether this vulnerability remains in the company’s equipment today.
The Diebold e-mails also discuss several flaws in the operation of the software.
The most notable one occurred during the 2000 presidential election. One customer appears to have written to the company, “I need some answers! Our department is being audited by the County. I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16,022 when it was uploaded.”
In most cases, election software has to be certified by the state before it can be used in actual elections. However, the e-mails suggest that in some cases, Diebold distributed systems running new code that had not been certified.
E-mails add to Diebold criticism
Those who have posted the e-mails are not the first to suggest that Diebold’s voting machines are flawed. A July 2003 analysis of Diebold’s software by researchers at Johns Hopkins and Rice Universities reported large vulnerabilities in the machines.
The report says that the software allows for individuals to vote several times by creating their own voter smart cards, a simple process because Diebold does not encrypt the contents of the cards.
The report goes on to say that malicious individuals could create an “Administrator Card” to end an election prematurely.
The report is available online at http://avirubin.com/vote.pdf.
Seriousness of issues
Professor Charles Stewart III, a member of the Caltech-MIT Voting Technology Project, said some of the vulnerabilities discussed in the e-mails can be cause for concern.
“The tabulation algorithms within the machines themselves, if they aren’t done well, can cause problems,” Stewart said.
“What we recommend is open-source software and a more modular approach to voting equipment” to prevent issues similar to the ones discussed in the Diebold e-mails, Stewart said, referring to recommendations made in the Voting Technology Project’s 2001 report.
But Stewart says that some of the criticism against Diebold may be exaggerated.
“It’s hard to imagine the problem of a rogue smart card being more compelling than stuffing ballot boxes,” he said.