Professor Ed Felten and his Princeton colleagues are known internationally -- and with good reason. They've done some of the most thorough, ingenious, groundbreaking research on security issues to be found anywhere. Their most recent tour-de-force was demonstrating a technique that overcomes a wide variety of full-disk encryption methods: Attack on computer memory reveals vulnerability of widely used security systems.
It seems that the folks at Sequoia Voting Systems -- one of the makers of black-box voting systems -- are concerned about what Dr. Felten and his team might find if they get their hands on a Sequoia system. Their response? A direct threat.
Dr. Felten has reproduced the email he received from Sequoia on his Freedom-To-Tinker blog; he's marked it as Interesting Email from Sequoia. It's quite brief; here's the meat:
As you have likely read in the news media, certain New Jersey election officials have stated that they plan to send to you one or more Sequoia Advantage voting machines for analysis. I want to make you aware that if the County does so, it violates their established Sequoia licensing Agreement for use of the voting system. Sequoia has also retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis. We will also take appropriate steps to protect against any publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property.
The key phrase here is "non-compliant analysis". One of the many tactics used by black-box voting machine vendors to keep independent third parties from conducting a full and fair investigation of their devices is to exercise as much control as possible over the testing and analysis process -- including in some cases, writing the test plan and exercising editorial control over the subsequent analysis.
With that kind of leverage, I could get the ancient PC I'm using for a doorstop certified as a supercomputer.
But amazingly enough, many election officials around the country have actually signed contracts that stipulated just that. And the voting machine vendors haven't been shy about using strong-arm tactics to force this through -- for instance: Florida: Ion Sancho Fights Back notes:
Diebold has refused to return phone calls to Leon County election staff, refused to honor its existing contract with Leon County for maintenance and upgrades of its voting system, and further refused to sell Leon County touch-screen voting machines to meet state and federal requirements for disabled acessbility.
At a Leon County Commission meeting on February 28, 2006, county staff revealed that Chuck Owen, Division Counsel for Diebold Election Systems, met with county staff behind closed doors on February 27. According to staff, Owen stated that Diebold would sell its touch-screen voting machines to the county if, and only if, the county removed Supervisor Sancho from office.
There are only three companies that have state-certified voting systems in Florida: Diebold, ES&S and Sequoia. All three vendors have refused to sell disabled-accessible voting systems to Leon County, quite apparently in retribution for the series of "red team" security tests authorized by Sancho in 2005 to determine if there were security vulnerabilities in the Diebold voting system used in Leon County.
Why would the voting machine vendors do this? Because they know that these systems are hideously, laughably, pitifully insecure. As in: Diebold Voting Machine hacked in four minutes flat and Princeton scientist hack Diebold. Yes, those Princeton scientists -- which explains the pre-emptive threat from Sequoia.
As Cory Doctorow over at Boing Boing writes:
First of all, if Sequoia's voting machines actually, you know, work, then why would they threaten legal action against Felten and co., should they publish their findings after a security audit? Presumably, manufacturers want testers to publish glowing reports of their goods -- Sequoia's basically saying, "We're scared of what you'll find when you pop the hood on our product."
The next time a jurisdiction is thinking of sourcing its voting machines from Sequoia, activists just have to show up with copies of this letter: "Why should we entrust our precious votes to a machine from a manufacturer who threatens to sue anyone who does a quality assessment of its products?"
In a similar vein, Mike Masnick at TechDirt opines:
Despite the fact that the recording industry had told people to try to hack SDMI, when Felten went to present the paper, he was threatened with a lawsuit for breaking the anti-circumvention clause of the DMCA. Eventually, after a ton of public pressure, the recording industry backed down, but Felten's name was cemented in the minds of many in the tech industry as a fighter for freedom of speech and, more importantly, the freedom to tinker.
It would appear that the folks at Sequoia, one of the big three e-voting firms out there, is somewhat unaware of this aspect of Felten's past. In the past few years, Felten has been one of a few top computer science experts who have been picking apart the problems with e-voting machines. His freedom to tinker with such machines has broken numerous stories revealing serious problems with the machines that many suspected, but were unable to confirm, since the e-voting firms kept the machines so under wraps. In publicizing these flaws, Felten has become one of the go-to guys when various governments are reviewing e-voting machines, so it should come as no surprise that election officials in New Jersey (where Felten lives and works) would be interested in having him run some tests on a Sequoia e-voting machine that they're looking at using in future elections.
Those of us who have been following this debacle have long known that people like Ed Felten, and Avi Rubin (Johns Hopkins) and Bev Harris (Blackbox Voting) and others working in the field have been -- if anything -- understating the severity of the issues with these systems. We know that because every time an independent investigator gets their hands on one for a while, and writes about what they find, the report is invariably worse than the last one. It seems we're a long way from reaching the bottom of the barrel. This is hardly surprising: these systems weren't designed to be secure: they were designed to be profitable. And it's those profits which the vendors are desperately trying to protect -- not, I hope you'll notice, the sanctity of the franchise. They couldn't possibly care less about the right to vote, never mind how many people fought, bled and died for it. You can see this in their own words: do a search and read how they describe lost or miscounted votes: "a glitch".
"A glitch?!". A lost or miscounted vote isn't a glitch: it's a catastrophic mistake. It represents failure of the system to do the primary task it was ostensibly designed to do. It's no more a 'glitch" than "wings fell off the plane". Use of that term clearly signals that they don't consider it a serious problem -- that they simply don't value voting -- or voters. But they do value profits, hence this letter designed to ward off a possible threat to them.
Perhaps you might want to express your feelings about this to Ed Smith -- the guy who signed the threat. Dr. Felten redacted his email address, but I have good reason to believe it's esmith@sequoiavote.com. While you're at it, perhaps you might want to CC some of the other people working for Sequoia and ask them if they support threats designed to suppress academic research -- especially research with significant public policy implications.
- Alfie Charles acharles@sequoiavote.com
- Amanda Pitney apitney@sequoiavote.com
- Beth Buonanno bbuonanno@sequoiavote.com
- Cheryl Holmes cholmes@sequoiavote.com
- Christine Valeriano cvaleriano@sequoiavote.com
- Clayton Warren cwarren@sequoiavote.com
- Howard Cramer hcramer@sequoiavote.com
- John Homewood jhomewood@sequoiavote.com
- Larry Korb lkorb@sequoiavote.com
- Michelle M. Shafer mshafer@sequoiavote.com
- Paul Paiva ppaiva@sequoiavote.com
- Paul, Nolte pnolte@sequoiavote.com
- Phil Foster pfoster@sequoiavote.com
- Russell Huffman rhuffman@sequoiavote.com
- Sheree Noell snoell@sequoiavote.com
- Tom Keeling tkeeling@sequoiavote.com
- contact@sequoiavote.com
- info@sequoiavote.com
- kferguson@sequoiavote.com
- sales@sequoiavote.com
- sbennett@sequoiavote.com