[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NY Times weighs in

http://www.nytimes.com/2003/11/03/business/media/03secure.html?hp=&pagewanted=all&position=

Diebold Uses Copyright Law to Silence Critics
  By John Schwartz
  The New York Times

  Monday 03 November 2003

File Sharing Pits Copyright Against Free Speech

  Forbidden files are circulating on the Internet and threats of
lawsuits are in the air. Music trading? No, it is the growing
controversy over one companys electronic voting systems, and the
issues being raised, some legal scholars say, are as fundamental as
the sanctity of elections and the right to free speech.

  Diebold Election Systems, which makes voting machines, is waging
legal war against grass-roots advocates, including dozens of college
students, who are posting on the Internet copies of the companys
internal communications about its electronic voting machines.

  The students say that, by trying to spread the word about problems
with the companys software, they are performing a valuable form of
electronic civil disobedience, one that has broad implications for
American society. They also contend that they are protected by fair
use exceptions in copyright law.

  Diebold, however, says it is a case of copyright infringement, and
has sent cease-and-desist orders to the students and, in many cases,
their colleges, demanding that the 15,000 e-mail messages and
memorandums be removed from each Web site. We reserve the right to
protect that which we feel is proprietary, a spokesman for Diebold,
David Bear, said.

  The files circulating online include thousands of e-mail messages
and memorandums dating to March 2003 from January 1999 that include
discussions of bugs in Diebolds software and warnings that its
computer network are poorly protected against hackers. Diebold has
sold more than 33,000 machines, many of which have been used in
elections.

  Advocates and journalists have mined the trove of corporate messages
to find statements that appear to suggest many continuing security
problems with the software that runs the system, and last-minute
software changes that, by law, are generally not allowed after
election authorities have certified the software for an election.

  Some colleges, like Swarthmore, have bowed to the pressure and
removed the x documents from their networks. But in doing so last
month, the dean, Robert Gross, maintained that Swarthmore supported
the students in spirit. We believe their actions express the values of
the college, including its commitment to prepare students to be
engaged, socially responsible citizens, he said in a statement.
Swarthmore has encouraged the students to keep up the debate and is
providing legal advice about how to respond to the Diebold letters, a
Swarthmore spokesman, Tom Krattenmaker, said.

  Last week the advocates efforts to keep the documents online took
another step as Freenet, an international anticensorship organization
that promotes the anonymous distribution of files, obtained copies of
the Diebold documents. The technology that the network uses is a
peer-to-peer service, and is similar in many ways to the software
behind file-trading companies like Kazaa and the original Napster.

  Legal scholars say that the online protest and the use of copyright
law by Diebold have broad implications and show that the copyright
wars are about more than whether Britney Spears gets royalties from
downloaded songs.

  Were so focused on the microview  whether EMI is going to make a
buck next year  but there is so much more at stake in our battle to
control the flows of information, including issues at the core of free
speech and democracy itself, said Siva Vaidhyanathan, a professor in
the department of culture and communication at New York University.

  Nelson Pavlosky, a sophomore at Swarthmore from Morristown, N.J.,
who put documents online through the campus organization Swarthmore
Coalition for the Digital Commons said the cease-and-desist letters
were a perfect example of how copyright law can be and is abused by
corporations like Diebold to stifle freedom of speech. He said that he
and other advocates wished the college had decided to fight instead of
take down the files.

  We feel like they wimped out, Mr. Pavlosky said.

  But with each takedown, the publicity grows through online
discussion and media coverage, and more and more people join the fray,
giving Diebolds efforts a Sorcerers Apprentice feel. The advocates,
meanwhile, are finding that civil disobedience carries risks. One
student who posted the documents and has received a letter, Zac
Elliott of Indiana University, said, Im starting to worry about the
ramifications for my entire family if I end up in some sort of legal
action.

  Copyright law, and specifically the Digital Millennium Copyright
Act, are being abused by Diebold, said Wendy Seltzer, a lawyer for the
Electronic Frontier Foundation, a civil liberties group. Copyright is
supposed to protect creative expression, Ms. Seltzer said, but in this
case the law is being evoked because they dont want the facts out
there.

  The foundation is advising many students informally and helping them
to find legal aid, and it is representing the Online Policy Group, a
nonprofit Internet service provider that got a cease-and-desist letter
from Diebold after links to the documents were published on a news Web
site that the group posts.

  Diebold has become a favorite target of advocates who accuse it of
partisanship: company executives have made large contributions to the
Republican Party and the chief executive, Walden W. ODell, said in an
invitation to a fund-raiser that he was committed to helping Ohio
deliver its electoral votes to the president next year.

  He has since said that he will keep a lower political profile.
Diebold has been trying to stop the dissemination of the files for
months with cease and desist letters, but the number of sources for
the documents continues to proliferate. Then in July, the first
evaluation of the purloined software from recognized authorities in
the field  a team involving experts and Johns Hopkins University and
Rice University  found several serious holes in the softwares computer
security which, if exploited, could allow someone to vote repeatedly,
or to change the votes of others. A later review of the software for
the State of Maryland agreed that the software flaws did exist, but
that in the practice of real elections, other safety nets of security
would keep the vulnerabilities in the code from being exploited.
Diebold has said it has been working to fix problems.

  As Diebold continued to deal with the headache resulting from its
leaked code last week, hackers released software from another of the
three major high-tech election companies, Sequoia Voting Systems.
Reports of that leak first appeared in the online news service of
Wired magazine, which suggested that the companys software also
suffered from poor security design.

  A spokesman for Sequoia, Alfie Charles, said that the software that
had been taken was an older version that had been substantially
modified. Possible security flaws in that software, which were
discussed in the Wired account do not constitute an actual threat to
security, he said.

  Mr. Charles also emphasized that his companys leak was unlike that
of Diebold, which had left much of the purloined data unprotected on
its own site. The Sequoia software was taken from the servers of a
grossly negligent contractor to Sequoia, and not from the company
itself, he said.

  That defense does not sway Prof. Rebecca Mercuri, an specialist in
election technology who teaches computer science at Bryn Mawr College.
The fact that the software of both companies was not protected raises
questions about their security, she said.

  Are these companies staffed by folks completely ignorant of computer
security, she said, or are they just blatantly flaunting that they can
breach every possible rule of protocol and still sell voting machines
everywhere with impunity?

  Mr. Bear of Diebold said the election security and the virtual walls
around his companys computer network are different; Youre looking at
apples and oranges, he said. Of the security breach, he said, We
acknowledge that was unfortunate that that occurred. But the security
and sanctity of the election process, he said, has been proved by the
Science Applications International Corporation report.

  Mr. Bear said that Sequoia planned to submit its software to Aviel
D. Rubin, a computer security researcher at Johns Hopkins and the
leader of the team that analyzed the Diebold code. Mr. Rubin said he
was optimistic that the relationship with Sequoia would be less
adversarial.

  Its very different from the way that Diebold has been doing things.
Mr. Rubin, who has received a cease-and-desist notice from Diebold
because of his research, said, The solution is to stop selling
insecure voting machines and not to continue threatening students who
are only trying to protect our democracy.

  Voting companies emphasize that their products undergo rigorous
testing and independent review required by federal laws for
certification.

  Judging from the majority of news coverage, one might think that
companies just throw software together and start selling equipment and
running elections, when the reality is just the opposite, Mr. Charles
of Sequoia said.

  Some observers of the fight say it is having an effect beyond ones
and zeroes and virtual forms of hanging chad. Bev Harris, who is
writing a book on the electronic voting industry, was among the first
people to place the Diebold files online.

  She said that when she began her research, young people tended to
tell her that voting was irrelevant to their lives. That is changing,
she said; What more important thing can we do so that we can get them
involved, and see how important voting is?