randomwisdom.com

I mentioned this before, but a recent Slashdot story made me think of it again.

The issue is whether Diebold will comply with state legislation in North Carolina that requires it disclose the full source code for its voting machines as well as a list of programmers who worked on the project. While it's not reasonable that they be expected to disclose the source code for Windows or a list of programmers who worked on the operating system, but it seems to me like they're stonewalling against releasing the source and list of programmers for their own software. The first is because their software is probably buggy and insecure. The second is probably because some of their staff are ex-cons.

Here's a quote from one Slashdot reader who seems to have done his homework:

It's true that getting a total list of programmers in an open-source system would be impossible.

But as a practical matter it's impossible to name all of the Windows programmers either. The court wouldn't expect that of Diebold any more than they'd require a total list of Linux programmers from an open-source voting project.

What Diebold could easily do is name their own programmers.

Except there's no way in hell they'd want to do that.

In 2002 Diebold bought Global Election Systems, which became the Diebold Election Systems unit. Global was founded under another name in 1988 by Norton Cooper, Michael K. Graye and Charles Hong Lee...all with damned interesting resumes (footnote 1):

Norton Cooper - jail for a year mid-1980s for fraud against the Canada government; ordered out of stock pitch schemes and was part of the collapse of the Vancouver stock exchange - ordered by decree not to pitch stock after 1992 or so because he caused havoc every time. Written up by Barron's and Forbes as a "hazard to avoid at the golf course". First convicted of political corruption in 1974 - look up a Canadian case titled "The Queen v. Norton Cooper" 1977 Canadian Supreme Court.

Charles Hong Lee - stock schemes; Cooper's partner pitching deals. Defrauded Chinese immigrants, $600,000(Can) court-ordered restitution mid-90s. Sold "real estate" which was actually the bail for the third partner below to the tune of about $300,000(can) circa 1995ish.

Michael K. Graye - nailed for stealing $18mil from three companies in the '88-'89 era, caught in '94, jailed in the US for stock fraud around '94 re: Vinex wines, released around 2000 - 2002(3?) in the US, brought back to Canada, still in jail there. Arrested for tax evasion and money laundering circa '94.

Those three in turn hired even more "colorful" staff:

John Elder was a cocaine trafficker, in a WA prison early/mid 1990s...fellow inmate was Jeffrey Dean (see next entry). Handled ballot printing for Global late 1990s. Seems to have been the one to bring Dean into Global.

Jeffrey Dean was convicted early '90s of 23 counts of computer-aided embezzlement. He was a computer consultant for a large Seattle law firm and defrauded them of about $450,000 in what US courts called a "sophisticated computer-aided scheme". In a statement to Seattle PD, he claimed he needed the money because Canadians were blackmailing him; in that country, he'd gotten into a fistfight and the other guy had died. (Yes, I've seen the police report.) He joined Elder in the Global ballot printing business late '90s, and with Global's introduction was doing computer consulting with the King County WA elections division - they had no idea of his criminal record. By 2000 he was doing programming for Global and by early Oct. of 2000 he was a full employee and lead programmer for the GEMS vote-tally product still in use. By late Oct. 2000 and shipping in time for the November election, GEMS ver.1.17.5 contains the first "double set of books" problem where all votes are recorded twice internally and don't need to match...long story but it apparantly hides some forms of vote fraud. At the time Diebold bought Global in 2002, Dean quit and was immediately hired back as a consultant via management decision made within the division. This appears to be an attempt to keep Dean's criminal past out of Diebold corporate head office's scrutiny.

At the time Diebold bought Global, Dean owned 10% of Global's stock.

We don't know how many other lower-level progammers within Global/Diebold have criminal records. It's rather obvious that Diebold sure as hell doesn't want us finding out.

Footnote 1 - see also "Black Box Voting: Ballot Tampering In The 21st Century" by Bev Harris, esp. the "Diebold" section at the end of Chapter 8. Free PDF downloads can be found at: http://blackboxvoting.org/

Considering that elections are the foundation upon which our government stands, I think it's perfectly reasonable to expect election machines to be both secure and open to public scrutiny. If my vote is going into a "magic box", as a voter I damn well have the right to know _exactly_ how that box functions, in order to make sure my vote isn't being tampered with and is being counted properly. I'd expect the average Joe probably doesn't know much about secure computing practices or open source software. But read these two statements for me:
1. When the 30 programmers who wrote the software inspected the integrity of our machines, no security problems were reported.
2. When every programmer in the entire world had the opportunity to inspect the integrity of our machines, no security problems were reported.
The former describes a closed-source corporate voting system; the latter describes an open-source voting system-- such as that used in Australia, for instance. Which one of those describes a more secure system? (Hint: When the open source software was first released, many security holes were found. They were then fixed. We don't know whether the closed source software's bugs were ever fixed.)

But beyond that, I'd expect that a company that makes election machines would hire people of upstanding moral quality. Generally that means not hiring people convicted of fraud and embezzlement. Hmm.

Anyway, kudos to N.C. for not putting up with any crap.