Diebold Inc.

R. A. Hettinga rah at shipwright.com
Sat Sep 13 01:23:29 EDT 2003 

I wonder if there are any mirrors of this out there?

Cheers,
RAH

--- begin forwarded text


Status:  U
Date: Fri, 12 Sep 2003 18:36:13 -0700
From: Elias <elias at cse.ucsc.edu>
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US;
	rv:1.0.2) Gecko/20021120 Netscape/7.01
To: Fork <Fork at xent.com>
Cc:
Subject: Diebold Inc.
Reply-To: Fork <Fork at xent.com>
List-Id: Friends of Rohit Khare  <fork.xent.com>
List-Archive: <http://lair.xent.com/pipermail/fork>
List-Post: <mailto:fork at xent.com>
List-Help: <mailto:fork-request at xent.com?subject=help>
List-Subscribe: <http://xent.com/mailman/listinfo/fork>,
	<mailto:fork-request at xent.com?subject=subscribe>
Sender: fork-bounces at xent.com

Holy election time stories, BatMan! I wonder how/when this will hit major media... Hope none of you have stock in this company.

Reeling,
Elias

-------- Original Message --------
[...]

"It doesn't matter who votes, it matters who counts the votes"- Joe Stalin

DIEBOLD DEMANDS WEB SITES REMOVE SOFTWARE
AND DAMNING EMAILS, CHARGING COPYRIGHT VIOLATIONS!

<http://www.smashthetrifecta.com/>http://www.smashthetrifecta.com/
DIEBOLD ALERT
All files yanked by webhost at request of Diebold, Inc.

A copy of the email is below. I received this 28 hours after the now-vanished files went live.

While I am not a legal professional in any way, I firmly believe that these files, while copyrighted, carry credible evidence of illegal vote-accessing activity and thus are not covered under the DCMA due to the "dirty hands" defense, which disallows an entity seeking damages in cases involving illegal activities connected to that which is being protected.

I furthermore adamantly oppose the secrecy and unlawful proliferation of voting machines lacking in an auditable, transparent paper backup trail as mandated by law via the Helping Americans Vote Act. I refuse to stand by and watch our voting rights be subverted, controlled, and ultimately destroyed.

I will post further updates, should they become available.

--Zhade


-- Original message --

September 11, 2003
Jennifer Bryan Dragonwind Internet Services 608 Live Oak Drive Cedar Park, TX 78613
<mailto:dragonwind at dragonwind.net>dragonwind at dragonwind.net
RE: COPYRIGHT INFRINGEMENT
Ms. Jennifer Bryan,
We represent Diebold, Incorporated and its wholly owned subsidiary Diebold Election Systems, Inc. (collectively "Diebold"). Diebold is the owner of copyrights in certain software, documentation, and other works of authorship associated with its proprietary electronic voting machines ("Diebold Property"). It has recently come to our clients' attention that you appear to be hosting the following website: <http://www.smashthetrifecta.com>www.smashthetrifecta.com on one or more of your servers, identified as NS1.DRAGONWIND.NET or NS2.DRAGONWIND.NET. This websinte , particularly each of the following pages, includes program and/or data files containing Diebold Property.:

<http://www.smashthetrifecta.com/pimaupgrade.zip>http://www.smashthetrifecta.com/pimaupgrade.zip
<http://www.smashthetrifecta.com/GEMSIS-1-17-17.ZIP>http://www.smashthetrifecta.com/GEMSIS-1-17-17.ZIP
<http://www.smashthetrifecta.com/GEMSIS-1-17-23.zip>http://www.smashthetrifecta.com/GEMSIS-1-17-23.zip
<http://www.coopster.net/Web%20Shares/GEMSIS-1-18-17.zip>http://www.coopster.net/Web%20Shares/GEMSIS-1-18-17.zip
<http://www.smashthetrifecta.com/cobb-corrected-100102-backup.zip>http://www.smashthetrifecta.com/cobb-corrected-100102-backup.zip
<http://www.smashthetrifecta.com/sloprimary030502.zip>http://www.smashthetrifecta.com/sloprimary030502.zip
<http://www.smashthetrifecta.com/ATL-TSRepair.zip>http://www.smashthetrifecta.com/ATL-TSRepair.zip

Other information posted on these web pages encourages the downloading of Diebold Property from the server and describes how to circumvent passwords and other technological measures that are designed to control access to the Diebold property. The owner of the smashthetrifecta.com website does not have Diebold's consent to use any Diebold Property. These web pages infringe Diebold's copyrights by (1) placing an unauthorized copy of the Diebold Property on the server, (2) making the Diebold property available to third parties to download from the server and authorizing third parties to further infringe our clients' copyrights by downloading and therefore copying Diebold Property, and (3) encouraging and assisting in the circumvention of copyright protection systems. The purpose of this letter is to advise you of our clients' rights and to seek your agreement to the following:

1. To stop using and to immediately delete any Diebold Property from all computer systems used by you, or operated under your control, and to confirm having done so in writing;

2. To confirm, in writing, that you have no backup copies of any Diebold Property;

3. To cease making Diebold Property available on your server and to cease providing the opportunity for any third parties to download, and thereby copy, Diebold Property.

The value of property protected by copyright arises in large part from the right to control access to and use of such property. Hosting a website which encourages all visitors to copy and use the Diebold Property without permission from or accounting to Diebold is a clear infringement of Diebold's rights in the Diebold Property. Our clients reserve their position insofar as costs and damages caused by the unauthorized reproduction and distribution of Diebold Property are concerned, and their right to seek injunctive relief to prevent further unauthorized reproduction and distribution of Diebold Property, pending your response to this letter. We suggest you contact your legal advisors to obtain legal advice as to your position. We await your response within 24 hours.

Respectfully,

Nancy L. Reeves
Walker & Jocke 231
South Broadway Medina, Ohio 44256

-- Walker & Jocke
<http://www.walkerandjocke.com>http://www.walkerandjocke.com


Jim March's email response to Diebold
Ms. Reeves,

I read with interest your statement of alleged copyright/IP infringement against the owner of the "smashthetrifecta" site:

<http://www.smashthetrifecta.com/>http://www.smashthetrifecta.com/

and:

<http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=104&topic_id=323463&mesg_id=323463>http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=104&topic_id=323463&mesg_id=323463

The purpose of this missive is to inform you of several basic facts:

1) I am the individual who provided that site's owner with the files in question;

2) The files are up on other sites in addition to that one; I fully expect you'll try bullying them into submission too;

3) Ultimately, this will not work because I *will* continue to distribute them under "fair use" principles.

I take this stance after repeated consultation with legal counsel. Allow me to elaborate:

Copyright law cannot be used to hide evidence of a crime. Diebold has clearly committed so many legal violations at this point, that "unclean hands" principles apply in spades.

a) Diebold had, on their website and available for public download, a copy of an elections data file created at 3:31pm on the day of the March 5th 2002 primary elections in San Luis Obispo County. There is no possible reason for that file to have been in Diebold's possession. Under California law, it is illegal to release elections data before the close of the election. I suggest consulting with the SLO County Registrar, Julie Rodewald, to confirm the authenticity of this file which I provided her.

b) California Elections Code 19205(c) prevents the Calif Secretary of State from certifying electronic voting systems which are subject to tampering. There is ZERO practical security at all on the GEMS data management system. Anybody with a copy of MS-Access can alter voting data, passwords and audit trails at will, without leaving any trace. Worse, there is a runtime edition of MS-Access shipped on every GEMS box (central vote-count computer system as used with all Diebold Elections Systems products), which would allow exactly the same alterations from a script executed via a dial-in connection through the RAS server and Digiboard from a Touchscreen terminal, Optical Scan terminal or standard PC/Laptop. We can prove that Diebold would have enough access to the GEMS box in mid-election to "booger the vote" by their possession of the SLO county data file referred to above.

c) Internal memos slipped to activists BY DIEBOLD INSIDERS (the "1.8gigs of data" first referred to in Wired magazine) and in my possession show that Diebold field tech support staffs noticed teh "zero security under MS-Access" issue literally years ago, and deliberately kept it quiet from county elections officials and state certification boards. This constitutes pure criminal conspiracy.

d) The same internal memos reveal a widespread pattern of installing and using UNcertified versions of the various programs, both at the terminals and central vote-count box (running the "GEMS" app and related components).

e) While purporting to sell an application that operates under high security standards, your clients have displayed technical incompetence in security matters at a level seldom seen outside of a "Dilbert" comic strip.

To recap: your clients have set out to secretly rig elections. They have installed features into their software making it deliberatel open to tampering in ways that defeat the usual "spot recount of random precincts" procedures of honest local elections officials rely on.

Your clients actions are literally horrifying, evidence of nothing less than a coup attempt in progress. You will be hearing from metomorrow by phone; if it is your client's intent to sue me, I will facilitate that at the earliest possible convenience, in order to rape them in discovery and depositions and annihilate them in court.

You see, Ms. Reeves, sometimes when you push people around, you run into somebody who's had about enough and isn't going to back down./p>

I hate bullies. With a passion. I am going to *enjoy* our future interactions.

I guarantee you your clients won't.

Jim March

Blind Carbon Copy to: a *whole* lotta people. :)

:
: FLASHBACK: Wired.com Aug 7th, 20003
: "Following an embarrassing leak of its proprietary
: software over a file transfer protocol site last January,
: the inner workings of Diebold Election Systems have again
: been laid bare. A hacker has.... made off... with
: Diebold's internal discussion-list archives, a software
: bug database and more software. The unidentified attacker
: provided Wired News with an archive containing 1.8 GB of
: files apparently taken March 2 from a site referred to by
: the Ohio-based company as its "staff website."
: <http://www.wired.com/news/privacy/0,1848,59925,00.html>http://www.wired.com/news/privacy/0,1848,59925,00.html
:

: Scoop.co.nz has obtained internal mail messages from Diebold
: Election Systems which clearly and explicitly confirm
: security problems in the GEMS vote counting software that
: were highlighted in reports published on Scoop.co.nz and
: widely elsewhere in July.

: FULL STORY
: <http://www.scoop.co.nz/mason/stories/HL0309/S00106.htm>http://www.scoop.co.nz/mason/stories/HL0309/S00106.htm

: In the internal mail Diebold Election Systems principal
: engineer R&D Ken Clark - then working for Global Election
: Systems before Diebold took the company over - responded to
: an internal query over a security problem. The official
: certification laboratory responsible for assessing the
: voting technology company software's robustness had noticed
: a problem, and a staff member was seeking Clark's advice.

: The "GEMS Access database" that Finberg refers to is
: a piece of computer software which is loaded onto county
: election supervisors computers. It is responsible for
: tallying votes from county precinct voting booths, these
: results are typically modemed into the central computer.

: Significantly this software is responsible for tallying all
: votes, optical scan, touchscreen and absentee ballots. It
: was this software that Scoop initially reported was all too
: easy to hack in its July 8th report from Bev Harris.

: In reply to Finberg's query Clark responded with an
: astonishingly frank posting which clearly confirms most of
: the worst aspects of the GEMS system security outlined by
: Harris in her July report.

: FULL STORY
: <http://www.scoop.co.nz/mason/stories/HL0309/S00106.htm>http://www.scoop.co.nz/mason/stories/HL0309/S00106.htm

: EMAIL 1
: To: "support"
: Subject: alteration of Audit Log in Access
: From: "Nel Finberg"
: Date: Tue, 16 Oct 2001 23:31:30 -0700
: Importance: Normal

: Jennifer Price at Metamor (about to be Ciber) has indicated
: that she can access the GEMS Access database and alter the
: Audit log without entering a password. What is the position
: of our development staff on this issue? Can we justify
: this? Or should this be anathema?

: Nel

: EMAIL 2
: To: "support"
: Subject: RE: alteration of Audit Log in Access
: From: "Ken Clark"
: Date: Thu, 18 Oct 2001 09:55:02 -0700
: Importance: Normal

: Its a tough question, and it has a lot to do with perception.
: Of course everyone knows perception is reality.

: Right now you can open GEMS' .mdb file with MS-Access, and
: alter its contents. That includes the audit log. This isn't
: anything new. In VTS, you can open the database with
: progress and do the same. The same would go for anyone
: else's system using whatever database they are using. Hard
: drives are read-write entities. You can change their
: contents.

: Now, where the perception comes in is that its right now very
: *easy* to change the contents. Double click the .mdb file.
: Even technical wizards at Metamor (or Ciber, or whatever)
: can figure that one out.

: It is possible to put a secret password on the .mdb file to
: prevent Metamor from opening it with Access. I've
: threatened to put a password on the .mdb before when
: dealers/customers/support have done stupid things with the
: GEMS database structure using Access. Being able to
: end-run the database has admittedly got people out of a
: bind though. Jane (I think it was Jane) did some fancy
: footwork on the .mdb file in Gaston recently. I know our
: dealers do it. King County is famous for it. That's why
: we've never put a password on the file before.

: Note however that even if we put a password on the file, it
: doesn't really prove much. Someone has to know the
: password, else how would GEMS open it. So this technically
: brings us back to square one: the audit log is modifiable
: by that person at least (read, me). Back to perception
: though, if you don't bring this up you might skate through
: Metamor . [i.e. certification -nFormed]

: There might be some clever crypto techniques to make it even
: harder to change the log (for me, they guy with the
: password that is). We're talking big changes here though,
: and at the moment largely theoretical ones. I'd doubt that
: any of our competitors are that clever.

: By the way, all of this is why Texas gets its sh*t in a knot
: over the log printer. Log printers are not read-write, so
: you don't have the problem. Of course if I were Texas I
: would be more worried about modifications to our electronic
: ballots than to our electron logs, but that is another
: story I guess.

: Bottom line on Metamor is to find out what it is going to take
: to make them happy. You can try the old standard of the NT
: password gains access to the operating system, and that
: after that point all bets are off. You have to trust the
: person with the NT password at least. This is all about
: Florida, and we have had VTS certified in Florida under the
: status quo for nearly ten years.

: I sense a loosing battle here though. The changes to put a
: password on the .mdb file are not trivial and probably not
: even backward compatible, but we'll do it if that is what
: it is going to take.

: Ken

: EMAIL 3
: To: "support"
: Subject: RE: alteration of Audit Log in Access
: From: "Nel Finberg"
: Date: Wed, 17 Oct 2001 14:48:16 -0700
: Importance: Normal

: Thanks for the response, Ken. For now Metamor accepts the
: requirement to restrict the server password to authorized
: staff in the jurisdiction, and that it should be the
: responsibility of the jurisdiction to restrict knowledge of
: this password. So no action is necessary in this matter, at
: this time.

: Nel


http


Do you Yahoo!?
<http://us.rd.yahoo.com/evt=10469/*http://sitebuilder.yahoo.com>Yahoo! SiteBuilder - Free, easy-to-use web site design software

_______________________________________________
FoRK mailing list
http://xent.com/mailman/listinfo/fork

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list