I wonder if there are any mirrors of this out there?


--- begin forwarded text

Status:  U
Date: Fri, 12 Sep 2003 18:36:13 -0700
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US;
        rv:1.0.2) Gecko/20021120 Netscape/7.01
Subject: Diebold Inc.
Reply-To: Fork <[EMAIL PROTECTED]>
List-Id: Friends of Rohit Khare  <fork.xent.com>
List-Archive: <http://lair.xent.com/pipermail/fork>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <http://xent.com/mailman/listinfo/fork>,
        <mailto:[EMAIL PROTECTED]>

Holy election time stories, BatMan! I wonder how/when this will hit major media... 
Hope none of you have stock in this company.


-------- Original Message --------

"It doesn't matter who votes, it matters who counts the votes"- Joe Stalin


All files yanked by webhost at request of Diebold, Inc.

A copy of the email is below. I received this 28 hours after the now-vanished files 
went live.

While I am not a legal professional in any way, I firmly believe that these files, 
while copyrighted, carry credible evidence of illegal vote-accessing activity and thus 
are not covered under the DCMA due to the "dirty hands" defense, which disallows an 
entity seeking damages in cases involving illegal activities connected to that which 
is being protected.

I furthermore adamantly oppose the secrecy and unlawful proliferation of voting 
machines lacking in an auditable, transparent paper backup trail as mandated by law 
via the Helping Americans Vote Act. I refuse to stand by and watch our voting rights 
be subverted, controlled, and ultimately destroyed.

I will post further updates, should they become available.


-- Original message --

September 11, 2003
Jennifer Bryan Dragonwind Internet Services 608 Live Oak Drive Cedar Park, TX 78613
Ms. Jennifer Bryan,
We represent Diebold, Incorporated and its wholly owned subsidiary Diebold Election 
Systems, Inc. (collectively "Diebold"). Diebold is the owner of copyrights in certain 
software, documentation, and other works of authorship associated with its proprietary 
electronic voting machines ("Diebold Property"). It has recently come to our clients' 
attention that you appear to be hosting the following website: 
<http://www.smashthetrifecta.com>www.smashthetrifecta.com on one or more of your 
servers, identified as NS1.DRAGONWIND.NET or NS2.DRAGONWIND.NET. This websinte , 
particularly each of the following pages, includes program and/or data files 
containing Diebold Property.:


Other information posted on these web pages encourages the downloading of Diebold 
Property from the server and describes how to circumvent passwords and other 
technological measures that are designed to control access to the Diebold property. 
The owner of the smashthetrifecta.com website does not have Diebold's consent to use 
any Diebold Property. These web pages infringe Diebold's copyrights by (1) placing an 
unauthorized copy of the Diebold Property on the server, (2) making the Diebold 
property available to third parties to download from the server and authorizing third 
parties to further infringe our clients' copyrights by downloading and therefore 
copying Diebold Property, and (3) encouraging and assisting in the circumvention of 
copyright protection systems. The purpose of this letter is to advise you of our 
clients' rights and to seek your agreement to the following:

1. To stop using and to immediately delete any Diebold Property from all computer 
systems used by you, or operated under your control, and to confirm having done so in 

2. To confirm, in writing, that you have no backup copies of any Diebold Property;

3. To cease making Diebold Property available on your server and to cease providing 
the opportunity for any third parties to download, and thereby copy, Diebold Property.

The value of property protected by copyright arises in large part from the right to 
control access to and use of such property. Hosting a website which encourages all 
visitors to copy and use the Diebold Property without permission from or accounting to 
Diebold is a clear infringement of Diebold's rights in the Diebold Property. Our 
clients reserve their position insofar as costs and damages caused by the unauthorized 
reproduction and distribution of Diebold Property are concerned, and their right to 
seek injunctive relief to prevent further unauthorized reproduction and distribution 
of Diebold Property, pending your response to this letter. We suggest you contact your 
legal advisors to obtain legal advice as to your position. We await your response 
within 24 hours.


Nancy L. Reeves
Walker & Jocke 231
South Broadway Medina, Ohio 44256

-- Walker & Jocke

Jim March's email response to Diebold
Ms. Reeves,

I read with interest your statement of alleged copyright/IP infringement against the 
owner of the "smashthetrifecta" site:




The purpose of this missive is to inform you of several basic facts:

1) I am the individual who provided that site's owner with the files in question;

2) The files are up on other sites in addition to that one; I fully expect you'll try 
bullying them into submission too;

3) Ultimately, this will not work because I *will* continue to distribute them under 
"fair use" principles.

I take this stance after repeated consultation with legal counsel. Allow me to 

Copyright law cannot be used to hide evidence of a crime. Diebold has clearly 
committed so many legal violations at this point, that "unclean hands" principles 
apply in spades.

a) Diebold had, on their website and available for public download, a copy of an 
elections data file created at 3:31pm on the day of the March 5th 2002 primary 
elections in San Luis Obispo County. There is no possible reason for that file to have 
been in Diebold's possession. Under California law, it is illegal to release elections 
data before the close of the election. I suggest consulting with the SLO County 
Registrar, Julie Rodewald, to confirm the authenticity of this file which I provided 

b) California Elections Code 19205(c) prevents the Calif Secretary of State from 
certifying electronic voting systems which are subject to tampering. There is ZERO 
practical security at all on the GEMS data management system. Anybody with a copy of 
MS-Access can alter voting data, passwords and audit trails at will, without leaving 
any trace. Worse, there is a runtime edition of MS-Access shipped on every GEMS box 
(central vote-count computer system as used with all Diebold Elections Systems 
products), which would allow exactly the same alterations from a script executed via a 
dial-in connection through the RAS server and Digiboard from a Touchscreen terminal, 
Optical Scan terminal or standard PC/Laptop. We can prove that Diebold would have 
enough access to the GEMS box in mid-election to "booger the vote" by their possession 
of the SLO county data file referred to above.

c) Internal memos slipped to activists BY DIEBOLD INSIDERS (the "1.8gigs of data" 
first referred to in Wired magazine) and in my possession show that Diebold field tech 
support staffs noticed teh "zero security under MS-Access" issue literally years ago, 
and deliberately kept it quiet from county elections officials and state certification 
boards. This constitutes pure criminal conspiracy.

d) The same internal memos reveal a widespread pattern of installing and using 
UNcertified versions of the various programs, both at the terminals and central 
vote-count box (running the "GEMS" app and related components).

e) While purporting to sell an application that operates under high security 
standards, your clients have displayed technical incompetence in security matters at a 
level seldom seen outside of a "Dilbert" comic strip.

To recap: your clients have set out to secretly rig elections. They have installed 
features into their software making it deliberatel open to tampering in ways that 
defeat the usual "spot recount of random precincts" procedures of honest local 
elections officials rely on.

Your clients actions are literally horrifying, evidence of nothing less than a coup 
attempt in progress. You will be hearing from metomorrow by phone; if it is your 
client's intent to sue me, I will facilitate that at the earliest possible 
convenience, in order to rape them in discovery and depositions and annihilate them in 

You see, Ms. Reeves, sometimes when you push people around, you run into somebody 
who's had about enough and isn't going to back down./p>

I hate bullies. With a passion. I am going to *enjoy* our future interactions.

I guarantee you your clients won't.

Jim March

Blind Carbon Copy to: a *whole* lotta people. :)

: FLASHBACK: Wired.com Aug 7th, 20003
: "Following an embarrassing leak of its proprietary
: software over a file transfer protocol site last January,
: the inner workings of Diebold Election Systems have again
: been laid bare. A hacker has.... made off... with
: Diebold's internal discussion-list archives, a software
: bug database and more software. The unidentified attacker
: provided Wired News with an archive containing 1.8 GB of
: files apparently taken March 2 from a site referred to by
: the Ohio-based company as its "staff website."

: Scoop.co.nz has obtained internal mail messages from Diebold
: Election Systems which clearly and explicitly confirm
: security problems in the GEMS vote counting software that
: were highlighted in reports published on Scoop.co.nz and
: widely elsewhere in July.


: In the internal mail Diebold Election Systems principal
: engineer R&D Ken Clark - then working for Global Election
: Systems before Diebold took the company over - responded to
: an internal query over a security problem. The official
: certification laboratory responsible for assessing the
: voting technology company software's robustness had noticed
: a problem, and a staff member was seeking Clark's advice.

: The "GEMS Access database" that Finberg refers to is
: a piece of computer software which is loaded onto county
: election supervisors computers. It is responsible for
: tallying votes from county precinct voting booths, these
: results are typically modemed into the central computer.

: Significantly this software is responsible for tallying all
: votes, optical scan, touchscreen and absentee ballots. It
: was this software that Scoop initially reported was all too
: easy to hack in its July 8th report from Bev Harris.

: In reply to Finberg's query Clark responded with an
: astonishingly frank posting which clearly confirms most of
: the worst aspects of the GEMS system security outlined by
: Harris in her July report.


: To: "support"
: Subject: alteration of Audit Log in Access
: From: "Nel Finberg"
: Date: Tue, 16 Oct 2001 23:31:30 -0700
: Importance: Normal

: Jennifer Price at Metamor (about to be Ciber) has indicated
: that she can access the GEMS Access database and alter the
: Audit log without entering a password. What is the position
: of our development staff on this issue? Can we justify
: this? Or should this be anathema?

: Nel

: To: "support"
: Subject: RE: alteration of Audit Log in Access
: From: "Ken Clark"
: Date: Thu, 18 Oct 2001 09:55:02 -0700
: Importance: Normal

: Its a tough question, and it has a lot to do with perception.
: Of course everyone knows perception is reality.

: Right now you can open GEMS' .mdb file with MS-Access, and
: alter its contents. That includes the audit log. This isn't
: anything new. In VTS, you can open the database with
: progress and do the same. The same would go for anyone
: else's system using whatever database they are using. Hard
: drives are read-write entities. You can change their
: contents.

: Now, where the perception comes in is that its right now very
: *easy* to change the contents. Double click the .mdb file.
: Even technical wizards at Metamor (or Ciber, or whatever)
: can figure that one out.

: It is possible to put a secret password on the .mdb file to
: prevent Metamor from opening it with Access. I've
: threatened to put a password on the .mdb before when
: dealers/customers/support have done stupid things with the
: GEMS database structure using Access. Being able to
: end-run the database has admittedly got people out of a
: bind though. Jane (I think it was Jane) did some fancy
: footwork on the .mdb file in Gaston recently. I know our
: dealers do it. King County is famous for it. That's why
: we've never put a password on the file before.

: Note however that even if we put a password on the file, it
: doesn't really prove much. Someone has to know the
: password, else how would GEMS open it. So this technically
: brings us back to square one: the audit log is modifiable
: by that person at least (read, me). Back to perception
: though, if you don't bring this up you might skate through
: Metamor . [i.e. certification -nFormed]

: There might be some clever crypto techniques to make it even
: harder to change the log (for me, they guy with the
: password that is). We're talking big changes here though,
: and at the moment largely theoretical ones. I'd doubt that
: any of our competitors are that clever.

: By the way, all of this is why Texas gets its sh*t in a knot
: over the log printer. Log printers are not read-write, so
: you don't have the problem. Of course if I were Texas I
: would be more worried about modifications to our electronic
: ballots than to our electron logs, but that is another
: story I guess.

: Bottom line on Metamor is to find out what it is going to take
: to make them happy. You can try the old standard of the NT
: password gains access to the operating system, and that
: after that point all bets are off. You have to trust the
: person with the NT password at least. This is all about
: Florida, and we have had VTS certified in Florida under the
: status quo for nearly ten years.

: I sense a loosing battle here though. The changes to put a
: password on the .mdb file are not trivial and probably not
: even backward compatible, but we'll do it if that is what
: it is going to take.

: Ken

: To: "support"
: Subject: RE: alteration of Audit Log in Access
: From: "Nel Finberg"
: Date: Wed, 17 Oct 2001 14:48:16 -0700
: Importance: Normal

: Thanks for the response, Ken. For now Metamor accepts the
: requirement to restrict the server password to authorized
: staff in the jurisdiction, and that it should be the
: responsibility of the jurisdiction to restrict knowledge of
: this password. So no action is necessary in this matter, at
: this time.

: Nel


Do you Yahoo!?
<http://us.rd.yahoo.com/evt=10469/*http://sitebuilder.yahoo.com>Yahoo! SiteBuilder - 
Free, easy-to-use web site design software

FoRK mailing list

--- end forwarded text

R. A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to