vote fraud ?

Diebold warns on electronic voting papers

By RACHEL KONRAD
ASSOCIATED PRESS WRITER

SAN JOSE, Calif. -- Despite lawsuit threats from one of the nation's largest
electronic voting machine suppliers, some activists are refusing to remove from
Web sites internal company documents that they claim raise serious security
questions.

Diebold Inc. sent "cease and desist" letters after the documents and internal
e-mails, allegedly stolen by a hacker, were distributed on the Internet.
Recipients of the letters included computer programmers, students at colleges
including Swarthmore and at least one Internet provider.

Most of the 13,000 pages of documents are little more than banal employee
e-mails, routine software manuals and old voter record files. But several items
appear to raise security concerns.

Diebold refused to discuss the documents' contents. Company spokesman Mike
Jacobsen said the fact that the company sent the cease-and-desist letters does
not mean the documents are authentic - or give credence to advocates who claim
lax Diebold security could allow hackers to rig machines.

"We're cautioning anyone from drawing wrong or incomplete conclusions about any
of those documents or files purporting to be authentic," Jacobsen said.

But the activists say the mere fact that Diebold was hacked shows that the
company's technology cannot be trusted.

"These legal threats are an acknowledgment of the horrific security risks of
electronic voting," said Sacramento-based programmer Jim March, who received a
cease and desist order last month but continues to publish the documents on his
personal Web site.

In one series of e-mails, a senior engineer dismisses concern from a
lower-level programmer who questions why the company lacked certification for a
customized operating system used in touch-screen voting machines.

The Federal Election Commission requires voting software to be certified by an
independent research lab.

In another e-mail, a Diebold executive scolded programmers for leaving software
files on an Internet site without password protection.

"This potentially gives the software away to whomever wants it," the manager
wrote in the e-mail.

March contends the public has a right to know about Diebold security problems.

"The cease-and-desist orders are like a drug dealer saying, 'Hey, cop, give me
back my crack.' It's an incredible tactical blunder," he said.

The documents began appearing online in August, six months after a hacker broke
into the North Canton, Ohio-based company's servers using an employee's ID
number, Jacobsen said. The hacker copied company announcements, software
bulletins and internal e-mails dating back to January 1999, Jacobsen said.

In August, someone e-mailed the data to electronic-voting activists, many of
whom published stories on their Web logs and personal sites. A freelance
journalist at Wired News, Brian McWilliams, also received data and wrote about
it in an online story.

The data was further distributed in digital form around the Internet and it is
not known how many copies exist.

Wendy Seltzer, an attorney for the Electronic Frontier Foundation, said she has
been contacted by about a dozen groups that received cease-and-desist letters.
Among them is Online Policy Group, a nonprofit ISP that hosts the San Francisco
Bay Area Independent Media Center, which published links to the data.

Seltzer encouraged them to defy the Diebold cease-and-desist letters.

"There is a strong fair-use defense," Seltzer said. "People are using these
documents to talk about the very mechanism of democracy - how the votes are
counted. It's at the heart of what the First Amendment protects."

Although Seltzer believes Diebold's legal case to be weak, she worries about a
chilling effect.

Angered last week after Swarthmore College told them they could not link to the
documents from college-sponsored sites, some students at the liberal arts
school near Philadelphia found Internet providers abroad to host the content.
Others took down the offending material at their dean's request, but they
promised to put the documents back online if Diebold doesn't provide a more
detailed explanation within two weeks. Branen Salmon, 22, president of the
Swarthmore College Computer Society, said Diebold's threats put the documents
in the spotlight.

"A week ago, this was still a murmur," Salmon said last Thursday. "Now this is
front page stuff that people are talking about."