Tag Archives: DIEBOLD INCORPORATED

Wikipedia: Important enough to whitewash

This is an edited version of my weekly column for Loose Wire Service, a service providing print publications with technology writing designed for the general reader. Email me if you’re interested in learning more.

Wikipedia has gone through some interesting times, good and bad, but I think the last couple of weeks has proved just how powerful it is.

Powerful enough for those who feel denigrated by it to have been trying to spin, airbrush and generally rewrite how history — or at least Wikipedia — remembers them.

Take WikiScanner, cooked up by a young student, Virgil Griffith. WikiScanner does something very simple: It searches the Internet addresses of an organization — government, private, company or whatever — and matches them with any anonymous edit of a Wikipedia entry.

This means that while the edits themselves may be anonymous, the organization where the person is based is not. We may not know who did it, in other words, but we’ve got a pretty good idea of whom they work for.

The results have been surprising. Users of WikiScanner have come up with dozens of cases of companies, organizations and government departments apparently changing entries to either delete stuff they may not like, or making the text more palatable.

Some examples of apparent — none of these is confirmed but the Internet addresses match — self-interested alterations that have hit the news in the last few weeks:

* Diebold removes sections critical of the company’s electronic voting machines

* Apple and Microsoft trade negative comments about each other

* Amnesty International removes negative comments about itself, according to the Malta Star

(My own searches threw up no examples at all of institutions in my current home of Indonesia spinning on Wikipedia. Shame on them. What have they been doing with their time? One Indonesian embassy official seems to have spent most of his day editing an entry on rude finger gestures, but that’s about it. Clearly these people are not working hard enough for their country.)

The point about all this: Wikipedia is often derided as irrelevant and unworthy. Clearly, though, it’s important enough for these people, either officially or unofficially, on their own initiative or at the behest of higher-ups, to rewrite stuff to make themselves or their employer look better.

You might conclude from this that Wikipedia is not reliable as a result. I would argue the opposite: These edits have nearly all been undone by alert Wikipedians, usually very quickly.

(Wikipedia automatically stores all previous versions of a page and keeps a record of all the edits, and the Internet address from where they originate.)

The truth is that Wikipedia has come of age. Wikipedia is now important enough for ExxonMobil, The Church of Scientology, the U.S. Defense Department and the Australian government to spend time and effort trying to get their version of events across. If it was so irrelevant or unreliable, why would these people bother?

Of course, coming of age isn’t always a good thing. A recent conference on Wikipedia in Taiwan highlighted how Wikipedia is no longer an anarchic, free-for-all, but has somehow miraculously produced a golden egg.

It is now a bureaucracy, run by the kind of people who like to post “Don’t … ” notices on pantry walls. I’m not saying this is necessarily a bad thing. We all hate such people until our sandwich goes missing. Then we turn to them — or turn into them.

WikiScanner reveals that it’s probably good that such people take an interest in Wikipedia, because it’s clear that the site is under threat from people who would censor history and whitewash the truth to suit them.

Thanks to Virgil and the Wikipedians, that’s not going to happen anytime soon.

The Jakarta Post – The Journal of Indonesia Today

Loose Change Sept 19 2006

It used to be called Loose Bits, but I prefer Loose Change. For now. It’s the same thing: tidbits I found that might be of interest:

  • First off, NeatReceipts, which sells a small scanner and special software to scan in your receipts while you’re on the road, has announced a new version of its software, which should be in the shops next month. Includes color Scanning, a better Document Organizer and better OCR. Version 2.5 will retail for $200, the same price as the current Scanalizer. I reviewed the product a few months back and was impressed, though you’ve got to really love receipts to get into it.
  • Lost in the Crowd allows you to search the web more anonymously by mixing in with your normal searches entirely random ones sent on your behalf: “What searches did you care about versus those that were just made up? There’s no way for the search engine, or anyone else, to tell.” Nice idea. Only hitch I can think of is if those random searches lead down weird alleys that may come back to haunt me.
  • Forget Google anonymity. Just worry about voting. A blog by two Princeton University types reveals an ordinary “hotel minibar” or office key will open the door on Diebold Voting Machines, allowing someone to remove, alter or replace the memory card that stores the votes.

“Internet Voting Isn’t Safe”

The e-voting saga continues.

Four computer scientists say in a new report that a federally funded online absentee voting system scheduled to debut in less than two weeks “has security vulnerabilities that could jeopardize voter privacy and allow votes to be altered”. They say the risks associated with Internet voting cannot be eliminated and urge that the system be shut down.

The report’s authors are computer scientists David Wagner, Avi Rubin and David Jefferson from the University of California, Berkeley; The Johns Hopkins University and the Lawrence Livermore National Laboratory, respectively, and Barbara Simons, a computer scientist and leading technology policy consultant. They are members of the Security Peer Review Group, an advisory group formed by the Federal Voting Assistance Program to evaluate a system called SERVE, set up to allow overseas Americans to vote in their home districts. The first tryout is scheduled Feb. 3 for South Carolina’s presidential primary.

The four say that “Internet voting presents far too many opportunities for hackers or even terrorists to interfere with fair and accurate voting, potentially in ways impossible to detect. Such tampering could alter election results, particularly in close contests.” They “recommend shutting down the development of SERVE and not attempting anything like it in the future until both the Internet and the world’s home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear.”

The authors of the report state that there is no way to plug the security vulnerabilities inherent in the SERVE online voting design. “The flaws are unsolvable because they are fundamental to the architecture of the Internet,” says Wagner, assistant professor of computer science at UC Berkeley. “Using a voting system based upon the Internet poses a serious and unacceptable risk for election fraud. It is simply not secure enough for something as serious as the election of a government official.”

In short, the guys are saying the Internet is just not up to handling something like voting. But they also see the way the SERVE program carries the same flaws as the Diebold and other commercial electronic voting systems that have gotten such bad press in recent weeks (some of the four authors have been in the forefront of exposing those weaknesses). “The SERVE system has all of the problems that electronic touchscreen voting systems have: secret software, no protection against insider fraud and lack of voter verifiability,” says Jefferson. “But it also has a host of additional security vulnerabilities associated with the PC and the Internet, including denial-of-service attacks, automated vote buying and selling, spoofing attacks and virus attacks.”

After studying the prototype system the four researchers said it would be too easy for a hacker, located anywhere in the world, to disrupt an election or influence its outcome by employing any of several common types of attacks familiar to regular readers:

  • A denial-of-service attack, which would delay or prevent a voter from casting a ballot through the SERVE Web site.
  • A “Man in the Middle” or “spoofing” attack, in which a hacker would insert a phony Web page between the voter and the authentic server to prevent the vote from being counted or to alter the voter’s choice. What is particularly problematic, the authors say, is that victims of “spoofing” may never know that their votes were not counted.
  • Use of a virus or other malicious software on the voter’s computer to allow an outside party to monitor or modify a voter’s choices. The malicious software might then erase itself and never be detected.

Electronic Voting And The Criminal Connection

The story of electronic voting machines, and the company that makes many of them, continues to roll along. I wrote in a column a few weeks back (Beware E-Voting, 20 November 2003, Far Eastern Economic Review; subscription required) about Bev Harris, a 52-year old grandmother from near Seattle, who discovered 40,000 computer files at the website of a Diebold Inc subsidiary, Global Elections Systems Inc, beginning a public campaign against a company she believed was responsible for a seriously flawed e-voting system., already in use in several states.

Anyway, now she’s turned up more explosive material, it seems. The Associated Press yesterday quoted her as saying that managers of Global Elections Systems “included a cocaine trafficker, a man who conducted fraudulent stock transactions, and a programmer jailed for falsifying computer records”. The programmer, Jeffrey Dean, AP reports, wrote and maintained proprietary code used to count hundreds of thousands of votes as senior vice president of Global Election Systems Inc. Previously, according to a public court document released before GES hired him, Dean served time in a Washington correctional facility for stealing money and tampering with computer files in a scheme that “involved a high degree of sophistication and planning.”

Needless to say this is all somewhat worrying. When I followed the story I tried to concern myself merely with the technological aspects, which were pretty worrying in themselves; The e-voting system being pushed by Diebold seemed to have too many security flaws to be usable in its present state. But Ms. Harris’ digging seems to reveal a company that is, to put it tactfully, less than thorough in its background checks.

So what’s Diebold’s version? AP quoted a company spokesman as saying that the company performs background checks on all managers and programmers. He also said many GES managers left at the time of the acquisition. “We can’t speak for the hiring process of a company before we acquired it”. Acccording to Ms. Harris’ website, however, that’s misleading. Quoting a memo issued shortly after Diebold bought GES in early 2002, Dean had “elected to maintain his affiliation with the company in a consulting role”. Diebold, the memo says, “greatly values Jeff’s contribution to this business and is looking forward to his continued expertise in this market place”. AP said Dean could not be reached for comment Tuesday afternoon and I cannot find any subsequent report online.

It’s hard to see how Diebold is going to recover from what has been a series of body blows to its credibility in such a sensitive field as voting. The same day as Ms. Harris revealed her latest bombshell, the company announced “a complete restructuring of the way the company handles qualification and certification processes for its software, hardware and firmware”. Diebold hopes the announcement will “ensure the public’s confidence that all of our hardware, software and firmware products are fully certified and qualified by all of the appropriate federal, state and local authorities prior to use in any election”.

Clearly the whole fracas has done serious damage to public confidence in electronic voting. But it’s important to keep perspective. There’s nothing wrong intrinsically with e-voting — it’s a sensible way to speed up the process, make it easier for citizens and, perhaps, to extend the use of such mechanisms to allow the population to have a greater and more regular say in how their lives are governed. But like every technological innovation, it’s got to be done right, by the right people, with the right checks and balances built in, and it can’t be done quickly and shoddily. Most importantly, it’s got to be done transparently, and those involved in building the machines must never be allowed to conceal their incompetence by preventing others from inspecting their work and assessing its worthiness.

For details of Ms. Harris allegations, check out her website Blackbox Voting. A summary of the press conference is here, as are the supporting documents (both PDF files.)

Worm Hits Diebold’s Windows ATMs

It’s not happy days for Diebold, the company behind ATMs and electronic voting. Its e-voting machines have been the source of much controversy — earlier this month it withdrew its suit against people who had posted leaked documents about alleged security breaches in the software. Now its automatic teller machines have been hit — by viruses.

Wired reports that ATMs at two banks running Microsoft Windows software were infected by a computer virus in August, the maker of the machines said. The ATM infections, first reported by SecurityFocus.com, are believed to be the first of a computer virus wiggling directly onto cash machines. (The Register said in January that the Slammer worm brought down 13,000 Bank of America ATMs, but they weren’t directly infected: the worm infected database servers on the same network, spewing so much traffic the cash machines couldn’t process transactions.)

But how can an ATM get infected? SecurityFocus says that while “ATMs typically sit on private networks or VPNs, the most serious worms in the last year have demonstrated that supposedly-isolated networks often have undocumented connections to the Internet, or can fall to a piece of malicious code inadvertently carried beyond the firewall on a laptop computer.” In other words: the folk who write worms are smarter than we are.

Diebold Confirms Dropping E-voting Suit

 Diebold, the electronic voting company and the subject of a recent Loose Wire column, have confirmed that they’ve decided not to sue folk who published leaked documents about the alleged security breaches of electronic voting. 
 
AP reports (no URL available yet) that a Diebold spokesman promised in a conference call Monday with U.S. District Judge Jeremy Fogel and attorneys from the Electronic Frontier Foundation that it would not sue dozens of students, computer scientists and ISP operators who received cease-and-desist letters from August to October. 
Diebold did not disclose specifics on why it had dropped its legal case, but the decision is a major reversal of the company’s previous strategy. Ohio-based Diebold, which controls more than 50,000 touch-screen voting machines nationwide, had threatened legal action against dozens of individuals who refused to remove links to its stolen data.
 

Update: Diebold Withdraws E-voting Suit?

 Further to my column about e-voting a few weeks back, Diebold, maker of electronic voting machines, has apparently withdrawn its suit against an ISP and some individuals for posting leaked company documents about some of the problems with their system.
Stanford Law School reports that Diebold had filed papers with the court saying it ?has decided not to take the additional step of suing for copyright infringement for the materials at issue. Given the widespread availability of the stolen materials, Diebold has further decided to withdraw its existing DMCA notifications and not to issue any further ones for those materials.?
 
No mention of this yet on the Electronic Freedom Foundation’s website (which is funding legal protection for the ISP) or Diebold’s.