laurent

Diebold Uses Copyright Law to Silence Critics


File Sharing Pits Copyright Against Free Speech

By John Schwartz
The New York Times
Monday 03 November 2003

Forbidden files are circulating on the Internet and threats of
lawsuits are in the air. Music trading? No, it is the growing
controversy over one company's electronic voting systems, and the
issues being raised, some legal scholars say, are as fundamental as
the sanctity of elections and the right to free speech.

Diebold Election Systems, which makes voting machines, is waging
legal war against grass-roots advocates, including dozens of college
students, who are posting on the Internet copies of the company's
internal communications about its electronic voting machines.

The students say that, by trying to spread the word about problems
with the company's software, they are performing a valuable form of
electronic civil disobedience, one that has broad implications for
American society. They also contend that they are protected by fair
use exceptions in copyright law.

Diebold, however, says it is a case of copyright infringement, and
has sent cease-and-desist orders to the students and, in many cases,
their colleges, demanding that the 15,000 e-mail messages and
memorandums be removed from each Web site. "We reserve the right to
protect that which we feel is proprietary," a spokesman for Diebold,
David Bear, said.

The files circulating online include thousands of e-mail messages
and memorandums dating to March 2003 from January 1999 that include
discussions of bugs in Diebold's software and warnings that its
computer network are poorly protected against hackers. Diebold has
sold more than 33,000 machines, many of which have been used in
elections.

Advocates and journalists have mined the trove of corporate messages
to find statements that appear to suggest many continuing security
problems with the software that runs the system, and last-minute
software changes that, by law, are generally not allowed after
election authorities have certified the software for an election.

Some colleges, like Swarthmore, have bowed to the pressure and
removed the x do***ents from their networks. But in doing so last
month, the dean, Robert Gross, maintained that Swarthmore supported
the students in spirit. "We believe their actions express the values
of the college, including its commitment to prepare students to be
engaged, socially responsible citizens," he said in a statement.
Swarthmore has encouraged the students to keep up the debate and is
providing legal advice about how to respond to the Diebold letters,
a Swarthmore spokesman, Tom Krattenmaker, said.

Last week the advocates' efforts to keep the do***ents online took
another step as Freenet, an international anticensorship
organization that promotes the anonymous distribution of files,
obtained copies of the Diebold do***ents. The technology that the
network uses is a peer-to-peer service, and is similar in many ways
to the software behind file-trading companies like Kazaa and the
original Napster.

Legal scholars say that the online protest and the use of copyright
law by Diebold have broad implications and show that the copyright
wars are about more than whether Britney Spears gets royalties from
downloaded songs. "We're so focused on the microview - whether EMI
is going to make a buck next year - but there is so much more at
stake in our battle to control the flows of information," including
issues at the core of free speech and democracy itself, said Siva
Vaidhyanathan, a professor in the department of culture and
communication at New York University.

Nelson Pavlosky, a sophomore at Swarthmore from Morristown, N.J.,
who put do***ents online through the campus organization Swarthmore
Coalition for the Digital Commons said the cease-and-desist letters
were "a perfect example of how copyright law can be and is abused by
corporations like Diebold" to stifle freedom of speech. He said that
he and other advocates wished the college had decided to fight
instead of take down the files.

"We feel like they wimped out," Mr. Pavlosky said.

But with each takedown, the publicity grows through online
discussion and media coverage, and more and more people join the
fray, giving Diebold's efforts a Sorcerer's Apprentice feel. The
advocates, meanwhile, are finding that civil disobedience carries
risks. One student who posted the do***ents and has received a
letter, Zac Elliott of Indiana University, said, "I'm starting to
worry about the ramifications for my entire family if I end up in
some sort of legal action."

Copyright law, and specifically the Digital Millennium Copyright
Act, are being abused by Diebold, said Wendy Seltzer, a lawyer for
the Electronic Frontier Foundation, a civil liberties group.
Copyright is supposed to protect creative expression, Ms. Seltzer
said, but in this case the law is being evoked "because they don't
want the facts out there."

The foundation is advising many students informally and helping them
to find legal aid, and it is representing the Online Policy Group, a
nonprofit Internet service provider that got a cease-and-desist
letter from Diebold after links to the do***ents were published on a
news Web site that the group posts.

Diebold has become a favorite target of advocates who accuse it of
partisanship: company executives have made large contributions to
the Republican Party and the chief executive, Walden W. O'Dell, said
in an invitation to a fund-raiser that he was "committed to helping
Ohio deliver its electoral votes to the president next year.''

He has since said that he will keep a lower political profile.
Diebold has been trying to stop the dissemination of the files for
months with cease and desist letters, but the number of sources for
the do***ents continues to proliferate. Then in July, the first
evaluation of the purloined software from recognized authorities in
the field - a team involving experts and Johns Hopkins University
and Rice University - found several serious holes in the software's
computer security which, if exploited, could allow someone to vote
repeatedly, or to change the votes of others. A later review of the
software for the State of Maryland agreed that the software flaws
did exist, but that in the practice of real elections, other safety
nets of security would keep the vulnerabilities in the code from
being exploited. Diebold has said it has been working to fix
problems.

As Diebold continued to deal with the headache resulting from its
leaked code last week, hackers released software from another of the
three major high-tech election companies, Sequoia Voting Systems.
Reports of that leak first appeared in the online news service of
Wired magazine, which suggested that the company's software also
suffered from poor security design.

A spokesman for Sequoia, Alfie Charles, said that the software that
had been taken was an older version that had been substantially
modified. Possible security flaws in that software, which were
discussed in the Wired account do not constitute an actual threat to
security, he said.

Mr. Charles also emphasized that his company's leak was unlike that
of Diebold, which had left much of the purloined data unprotected on
its own site. The Sequoia software was taken from the servers of a
"grossly negligent" contractor to Sequoia, and not from the company
itself, he said.

That defense does not sway Prof. Rebecca Mercuri, an specialist in
election technology who teaches computer science at Bryn Mawr
College. The fact that the software of both companies was not
protected raises questions about their security, she said.

"Are these companies staffed by folks completely ignorant of
computer security," she said, "or are they just blatantly flaunting
that they can breach every possible rule of protocol and still sell
voting machines everywhere with impunity?"

Mr. Bear of Diebold said the election security and the virtual walls
around his company's computer network are different; "You're looking
at apples and oranges," he said. Of the security breach, he said,
"We acknowledge that was unfortunate that that occurred." But the
"security and sanctity of the election process," he said, has been
proved by the Science Applications International Corporation report.

Mr. Bear said that Sequoia planned to submit its software to Aviel
D. Rubin, a computer security researcher at Johns Hopkins and the
leader of the team that ****yzed the Diebold code. Mr. Rubin said he
was optimistic that the relationship with Sequoia would be less
adversarial.

"It's very different from the way that Diebold has been doing
things." Mr. Rubin, who has received a cease-and-desist notice from
Diebold because of his research, said, "The solution is to stop
selling insecure voting machines and not to continue threatening
students who are only trying to protect our democracy."

Voting companies emphasize that their products undergo rigorous
testing and independent review required by federal laws for
certification.

"Judging from the majority of news coverage, one might think that
companies just throw software together and start selling equipment
and running elections, when the reality is just the opposite," Mr.
Charles of Sequoia said.

Some observers of the fight say it is having an effect beyond ones
and zeroes and virtual forms of hanging chad. Bev Harris, who is
writing a book on the electronic voting industry, was among the
first people to place the Diebold files online.

She said that when she began her research, young people tended to
tell her that voting was irrelevant to their lives. That is
changing, she said; "What more important thing can we do so that we
can get them involved, and see how important voting is?"

http://www.truthout.org/docs_03/110403E.shtml


More on Diebold at -

http://www.scoop.co.nz/mason/stories/HL0310/S00211.htm