Diebold Warns on Electronic Voting Papers

SAN JOSE, Calif. - Despite lawsuit threats from one of the nation's largest electronic voting machine suppliers, some activists are refusing to remove from Web sites internal company documents that they claim raise serious security questions.

  Diebold Inc. sent "cease and desist" letters after the documents and internal e-mails, allegedly stolen by a hacker, were distributed on the Internet. Recipients of the letters included computer programmers, students at colleges including Swarthmore and at least one Internet provider.

Most of the 13,000 pages of documents are little more than banal employee e-mails, routine software manuals and old voter record files. But several items appear to raise security concerns.

Diebold refused to discuss the documents' contents. Company spokesman Mike Jacobsen said the fact that the company sent the cease-and-desist letters does not mean the documents are authentic — or give credence to advocates who claim lax Diebold security could allow hackers to rig machines.

"We're cautioning anyone from drawing wrong or incomplete conclusions about any of those documents or files purporting to be authentic," Jacobsen said.

But the activists say the mere fact that Diebold was hacked shows that the company's technology cannot be trusted.

"These legal threats are an acknowledgment of the horrific security risks of electronic voting," said Sacramento-based programmer Jim March, who received a cease and desist order last month but continues to publish the documents on his personal Web site.

In one series of e-mails, a senior engineer dismisses concern from a lower-level programmer who questions why the company lacked certification for a customized operating system used in touch-screen voting machines.

The Federal Election Commission (news - web sites) requires voting software to be certified by an independent research lab.

In another e-mail, a Diebold executive scolded programmers for leaving software files on an Internet site without password protection.

"This potentially gives the software away to whomever wants it," the manager wrote in the e-mail.

March contends the public has a right to know about Diebold security problems.

"The cease-and-desist orders are like a drug dealer saying, 'Hey, cop, give me back my crack.' It's an incredible tactical blunder," he said.

The documents began appearing online in August, six months after a hacker broke into the North Canton, Ohio-based company's servers using an employee's ID number, Jacobsen said. The hacker copied company announcements, software bulletins and internal e-mails dating back to January 1999, Jacobsen said.

In August, someone e-mailed the data to electronic-voting activists, many of whom published stories on their Web logs and personal sites. A freelance journalist at Wired News, Brian McWilliams, also received data and wrote about it in an online story.

The data was further distributed in digital form around the Internet and it is not known how many copies exist.

Wendy Seltzer, an attorney for the Electronic Frontier Foundation, said she has been contacted by about a dozen groups that received cease-and-desist letters. Among them is Online Policy Group, a nonprofit ISP that hosts the San Francisco Bay Area Independent Media Center, which published links to the data.

Seltzer encouraged them to defy the Diebold cease-and-desist letters.

"There is a strong fair-use defense," Seltzer said. "People are using these documents to talk about the very mechanism of democracy — how the votes are counted. It's at the heart of what the First Amendment protects."

Although Seltzer believes Diebold's legal case to be weak, she worries about a chilling effect.

Angered last week after Swarthmore College told them they could not link to the documents from college-sponsored sites, some students at the liberal arts school near Philadelphia found Internet providers abroad to host the content. Others took down the offending material at their dean's request, but they promised to put the documents back online if Diebold doesn't provide a more detailed explanation within two weeks. Branen Salmon, 22, president of the Swarthmore College Computer Society, said Diebold's threats put the documents in the spotlight.

"A week ago, this was still a murmur," Salmon said last Thursday. "Now this is front page stuff that people are talking about."