Diebold Threatens to Pull Out of North Carolina

Posted on Tech Site Slashdot:

A North Carolina judge ruled that Diebold may not be protected from criminal prosecution if it fails to disclose the code behind its voting machines as required by law. In response, Diebold has threatened to pull out of North Carolina." From the article: "The dispute centers on the state's requirement that suppliers place in escrow 'all software that is relevant to functionality, setup, configuration, and operation of the voting system,' as well as a list of programmers responsible for creating the software. That's not possible for Diebold's machines, which use Microsoft Windows, Hanna said. The company does not have the right to provide Microsoft's code, he said, adding it would be impossible to provide the names of every programmer who worked on Windows."

Slashdot (one of the very first blogs) is an IT geek site. You can get thier perspective by reading the responses here :

http://yro.slashdot.org/yro/05/11/29/2024208.shtml?tid=103&tid=123&tid=219

linked article:
http://seattlepi.nwsource.com/business/1700AP_Voting_Problems.html

:sarcasm:

Now keep pounding at it! This may be the breakthrough we've all been looking for!

I don't know enough to understand how we can use this to HELP.

Either that or they'll be forced to reveal their code.

A good precedent either way.

The issue in NC isn't actually about Diebold revealing their source code, although it's been reported that way. The truth is they actually "reveal their source code" all the time... lots of states have laws requiring them (and any other vendors) to deposit the source code in escrow as required in NC, and all the vendors typically comply. Diebold's case is especially hilarious -- their "secret, proprietary" source code has already been deposited with a bunch of states, has been reviewed by SAIC, RABA, CompuWare and various others just because certain states asked to do their own reviews, and has even been posted on the internet. :rofl:

(As an aside, even if they complied with the law it's still not like we'd get to peruse the source code... it would be stored by a 3rd-party escrow agency, not published for people off the street to download or review.)

In the NC case the issue is actually about the interpretation of the new voting machine transparency law they passed there. There's some poor (IMHO, take it for what it's worth) choice of wording that requires "all" source code in the voting system to be deposited in escrow, and "all" programmers who contributed to it identified. The use of the term "all" is problematic: any 3rd-party components (Diebold apparently used Windows as their example, but there are probably other 3rd-party elements in use as well) are necessarily included by use of the word "all" but it's impossible to comply with the law for those components where vendors don't have the source (windows, for example), or aren't allowed to publish the source (e.g. commercial 3rd-party libraries that might be licensed for use with the product). It's also not just a Diebold problem. I think it was reported somewhere that ES&S uses Linux in their voting machines. They can provide the source code for it because it's open-source, but they almost certainly can't identify all the programmers who ever contributed to it -- even though they're required to according to the new NC law.

Of course it's all pretty stupid... I didn't participate in the drafting of the new legislation (although I think David Allen did, he's posted about it here before and might be a better source of information on the topic) but I'm guessing they were more interested in the actual voting system software than 3rd-party stuff (although I suppose I could be wrong... maybe someone who was involved can comment). The other vendors apparently guessed the same because they just submitted their bids even though they can't really comply with the law (as written) any more than Diebold can. The problem for Diebold is that the law specifies actual criminal charges for any violations. So if they bid successfully and sell their system they have to figure that we'll just push to have them punished for non-compliance with the law, which means someone at Diebold probably gets indicted over it down the line. They can decide to risk that and just try to clarify the intent of the law in court at the trial (I'm not a lawyer but I suspect they'd win on the 3rd-party part, assuming they'd turned over all their own source code and identified all their own programmers). But even if they eventually do win and the charges are dropped, they still have to deal with the whole headache of stories appearing in the media about criminal charges being filed against them, or with people like Bev Harris posting nonsense like "NC CONVICTS ALL DIEBOLD PROGRAMMERS OF CLASS G FELONIES, PLANS TO EXTRADITE THEM ALL FROM CANADA" complete with colorful but not especially apt analogies about Thanksgiving turkeys and exploding Ford Pintos. So according to Diebold's lawyers and my own sources, they'll probably just decide not to bid on the NC contract on the grounds that the potential profits don't outweigh the potential headaches.

All of which is to say "chalk one up for the good guys." :)

(Well, sort of. So Diebold pulls out of NC, which leaves only Sequoia and ES&S as bidders. Sequoia probably gets disqualified because they still don't have a system qualified to federal FEC 2002 standards, which means ES&S probably sweeps the whole state by default. Which is good if you're just anti-Diebold, but bad if you consider that ES&S probably isn't much better. So you win some, you lose some.)

Neil

One thing I don't understand, though.

Do they all use the same mix of applications? These systems seem to rely on a crazy quilt of software, and as someone in the technology biz, I can tell you that that is a recipe for un-knowable problems in the future.

And why are there no scrupulous companies trying to cash in on this? Seems to me that a company that promised reliable hardware (this is not rocket science), 100% open source code and verifiable paper trails wouldn't have to worry about any of this.

I'm not sure whether they all use the same mix of applications. Certainly they all have their own software products, but there may be some common 3rd-party components that are used by more than one vendor. Don't know.

As for scrupulous companies cashing in, I suspect there are lots of reasons, and I can play devil's advocate and hazard a guess as to a few:

• Reliable hardware actually isn't an easy problem -- it's got to have particular performance characteristics, it's got to survive drops from a height, bombardment with electromagnetic radiation, it's got to be tamper-proof, it's got to operate on battery power for several hours in the event of power failure while still being self-contained and portable. Software is easy, anyone can sit down and write it. Hardware design and (especially) manufacturing is a harder problem: it's expensive and lots of companies just don't have the resources.
  
• 100% open source code would be nice, but almost all software companies vigorously protect their source code since it's their intellectual property and what sets them apart from people who don't have some source code to do the same thing. Despite claims to the contrary, election management software isn't easy and most companies don't want to make it easy for potential competitors by putting all their intellectual property out there to copy. (Licensing agreements would theoretically protect them, but then they have to litigate with every competitor they think might have used their intellectual property inappropriately).
  
• Verifiable paper trails aren't a huge problem, every current vendor who was asked to provide one has either done so or has one in development. The main issue is hardware design and manufacture (see point #1 above) -- you can't just bring a bunch of inkjet printers and hook them up to some DREs. What happens in the event of failure, or a paper jam? How will the printer work in the event of power failure? The DRE has to keep working, but what do you do about an external printer that's attached? Oops... so maybe you build the printer to make use of the existing report printer instead (which is what all vendors have essentially done, incidentally) but now you're using a lot more power (because you have to print a bunch of paper for every ballot and running a mechanical device like a printer is relatively expensive compared to driving some electronics) and you find out that your DRE won't run on battery power long enough to satisfy FEC regulations because it was originally designed without planning to drive a printer. So now you need to redesign some hardware, and you can refer back to point #1 again. :) That's the main sort of issue that arises with voter-verified paper audit trails.
  
• Most major election equipment vendors (ES&S, Diebold, Sequoia and to a lesser extent Hart-Intercivic) sell not only the vote-counting equipment but a bunch of additional services and expertise for election officials that are often overwhelmed and underfunded. That includes everything from ballot printing and absentee handling, ballot layout, election setup, technical support, etc. All these companies have a significant amount of industry experience (mostly because half their respective staffs are made up of former election officials, lol) and support infrastructure. The scrupulous startup hypothesized in your post probably doesn't have any of that, probably has no connections with the industry or any election people, and would have a tough time selling its wares as a result. Take a look at AccuPoll. They have a DRE and an EMS product. They're federally certified to the latest standards. But they have less than 10 employees, total, and no customers. Suppose they bid on NC against the big vendors... the RFP asks the vendor to indicate the number of support representatives the company will provide to support the state's 100 counties, and to specify their experience. AccuPoll responds with "uh, 6?". ES&S responds with "we'll supply 5 subject matter experts, a 10-man state help desk with phone support, 20 roving support techs to address local county problems, and a two-person project management team to coordinate it all." Diebold responds with "all of that, plus we'll make available 50 local ATM technicians who can be on call to replace faulty equipment, act as runners and who can quickly be deployed wherever there's a problem." Everything else (including price, etc.) being equal, if you're a beleaguered, overworked and understaffed election official, who do you buy your equipment from? Probably not AccuPoll, if you're honest, and probably not your hypothesized scrupulous startup vendor either.
  

All of which is way off topic, lol. :)

Also, I take back part of my earlier post too: my sources in the industry tell me today that Diebold is probably not going to withdraw its bid from NC and is going to let their bid stand. I'm still waiting for an independent confirmation of that, but the source was pretty reliable so I'm inclined to believe it.

Neil

has the uncompiled source code really been examined?

Yes, the uncompiled source code has certainly been examined. (Source code is "uncompiled" by its very definition.) Some recent well-known examples:

Avi Rubin examined the source code for the Diebold touchscreen system and wrote a report on his findings. That was 2 1/2 years ago, and the source code was older than that, but he did examine the source code.

Maryland had SAIC review a newer copy of the Diebold source code and compiled applications on their behalf. They had RABA Technologies review the same source code and applications on their behalf as well. Seems like a reasonable request when you spend $50 or $60 million on voting equipment, I suppose. As far as I know, Diebold simply turned over all the relevant code and documentation when the state asked for it. I assume the usual non-disclosure agreements were signed, etc., but both agencies did review it in detail.

Ohio had CompuWare review the source code and applications for four different vendors, including Diebold and ES&S, Hart-Intercivic and Sequoia. Amusingly all the vendors turned over their source code for the review -- more than a year before Ohio even bought anything from them -- and in fact Ohio ended up buying its equipment mostly from ES&S and Diebold so two of the vendors submitted their source code to someone who wasn't even a customer and who didn't end up buying anything from them.

California asked Diebold to let their source code be reviewed by an agency designated by the state, and Diebold turned it over. I'm not sure if they did the same to any other vendors or not, but Diebold's a special case in California where they've been trying to get their equipment re-certified for over a year.

Most states (e.g. California) require the source code to be deposited with an escrow agency in case of default by the vendor. (That actually applies to all kinds of systems, not just voting equipment vendors -- it's a fairly standard practice.) That's not actual examination of the source code, but it's the same thing that's required by NC (although I don't think there's a requirement for all the programmer names in CA -- not sure).

And obviously all the vendors have submitted their source code to examination by the ITAs, although the general consensus seems to be that the ITAs are pretty useless (or at least hampered by FEC requirements that don't give them a lot to go by, which amounts to roughly the same thing).

Anyway, the uncompiled source code for all major vendors is actually turned over and examined by various people all the time, lol. Which is the distinction between secret and proprietary: the source code is proprietary -- i.e. the vendors own and protect the rights to their source code, which is just intellectual property -- but it's not especially secret because they let lots of people review it on request and subject to NDAs.

Neil

Unless the source code is digitally signed, you can't tell if it's running on a given machine on election day(s) anyway. I don't think it would be that hard to do using public/private key encryption. A web browser could authenticate the stuff, but of course you'd need an Internet connection to the certificate authority and that might be a no-no. Authenticate the code via dial-up maybe? But you'd have to train poll workers to do it.

At the moment it's kind of a free for all. I don't think anyone has reviewed all the source code. RABA said there were 285,000 lines of Diebold and only a fraction was carefully studied.

That said, there are enough ways to rig this junk without having access to the source code anyway and this is the real threat.

Actually you need the compiled stuff digitally signed to do that. Signing the source code doesn't help. Ideally you'd have the ITAs review the source code, hash and/or sign it, build the target executables and libraries and what-have-you, and then hash and/or sign those. You could check the signature of the installed applications against the signatures/hashes published by the ITAs, so you'd at least know that it's the version the ITA built from the source code they actually reviewed. (Whether you think the ITAs are otherwise useful as reviewers is a separate discussion.)




The voting machines don't have a web browser or an internet connection. (Although you don't need an internet connection to verify a certificate's authenticity, you just need the certificate authority's own certificate.) I think many people would object to any kind of dial-up model -- I'm not sure I want poll workers to call up some remote computer using the modem in the voting machine, it sounds like a pretty serious security risk.




That may in fact be true (I don't have any of the numbers at my disposal right now). But -- and it's a pretty big "but", really -- the observation that "they haven't reviewed all the source code" is a much different statement from "nobody's had the opportunity to review all the source code" or "Diebold refuses to let anyone look at it". Clearly they do and have let people look at it, and there's no credible reason to think they'd object to releasing their source code to an NC-designated escrow agency... something they pretty much do all the time in other states.




Totally agreed on the alternate rigging opportunities. That's why I personally don't understand the general obsession people have over source code.

Neil

Re dial up, well if it's good enough for downloading ballot definitions from and uploading election results to GEMS servers before and after the election (and I'm not necessarily saying it is!), I don't see any major problem using it to ensure that the software on the machines is that which was actually certified.

Of course, Diebold wasn't even using encryption on their network connections and that includes dial-up, Ethernet and by extension, the Internet. That's just stupid.

Dial-up isn't good enough for downloading ballot definitions and uploading election results to GEMS servers before and after the election in all cases. Ballot definitions are generally downloaded over a closed local network before the election, not via dial-up over a public phone line. Election results (generally unofficial ones) can be uploaded by modem, but a lot of places (California, for example) simply prohibit it and require the memory cards to be brought in for upload over a closed local network instead.

Diebold actually has been using encryption on their network connections since 2003, when SAIC recommended it in their review of the system. Maryland made adoption of the SAIC recommendations a requirement and Diebold added it to their system over two years ago. Georgia just recently upgraded their software to a newer version that includes various security enhancements like the encrypted network transfer -- it was in the news a few weeks ago because it apparently caused the result uploads to be a little slower.

Your comment about "...and by extension, the Internet" is kind of a non-sequitur. I'm pretty sure nobody in their right mind hooks their voting machines up to the internet.

Neil

And if you consult a Diebold TSX user's manual, you will find that:



Modem + PSTN = Dial-up. Another sequitur!

So, who do you work for anyway?

On edit: I'm not saying any of this is "good enough" for anything! DREs are a bad voting technology because of their ability to corrupt the ballot itself. All the IT security in the world can't stop that from happening either accidentally or deliberately.

"Ethernet + Router" does not actually equal "Internet". Ethernet is a networking technology for local area networks. A router is a device that forwards data packets between two networks, neither of which has to be "the internet".




What I'll find is that data can be transferred to and from GEMS via dial-up or secure local network, which is what I said the first time, and which is what you ignored when you posted your ignorant reply. In practice, election definition data is downloaded from GEMS over a disconnected (i.e. secure) local network. Which I also said the first time. Post-election results are sometimes uploaded back to GEMS via dial-up, but as a matter of security many jurisdictions (e.g. California) prohibit modem-based upload and require the memory cards to be returned back to election central. Where they are uploaded locally. Over a secure, disconnected network. Other jurisdictions may permit modem-based uploads of unofficial election results, which is usually followed by a second upload of the memory cards later back at election central -- over a secure, disconnected network. Or, which should be followed by that secure second upload at any rate.




The government.

And I don't like what you're implying. Sometimes people sound better informed than you just because they are better informed than you -- not because they work for some vendor you don't like.




But a voter-verified paper ballot/audit trail/whatever can.

Neil

Listen, I know how networks are networked. I've had my name in a few RFCs and I have other related experience.

I didn't feel that it was necessary to spell this out so precisely on an Election Reform message board, but my point was simply that if you throw an Internet-connected router on a DRE-connected Ethernet, you can put the DRE on the Internet in a matter of minutes. Same for an Ethernet-connected GEMS server. This is pretty basic stuff. I'm sure I don't have to draw you one of those ASCII diagrams, but it might be fun! (And yes, I know you need the appropriate IP addresses and that Bev Harris said on Air America Radio that she thought the 192.168 block belonged to some "private corporation" who was presumably hacking the vote.):rofl:

However, since there are thousands of jurisdictions, I will be the first to admit that I'm not in a position to know exactly who does what, which is part of the problem, i.e., there are no enforceable national standards.

And asking who you work for implies only that you seem to have some first hand knowledge of this stuff, so I assumed it was either a vendor or a BoE. It was not intended as a slur. That said, if you'd like to say _which_ government you work for, and/or if your job involves elections or voting systems, that might be interesting.

Now I hope you will please reconsider the following:

I wrote:

"DREs are a bad voting technology because of their ability to corrupt the ballot itself. All the IT security in the world can't stop that from happening either accidentally or deliberately."

You wrote:

"But a voter-verified paper ballot/audit trail/whatever can."

To which I will now respond:

Not necessarily. If the VVPAT is reflecting what's on the screen, as I expect it would, and if the ballot on the screen has been corrupted, so has the VVPAT. If the VVPAT is reflecting what's in the vote database, as the results reports do, then it might be more useful, and might actually NOT reflect what's on the screen at any given time.

So is there ANY standard that says what the VVPAT is actually supposed to be linked to? I doubt it. But one of Michael Shamos' main objections to VVPATs is that they only reflect what's already on the screen. IMO, a REAL VVPAT would reflect what's actually being COUNTED, but I'm not holding my breath on that.

One thing that is absolutely unforgivable IMHO is that in the case of Diebold at least, the ballot text is fully editable and NOT linked to the database labels at all. Yet the vote database is where the results reports come from. This truly makes the ballot an illusion, whether it's printed on a piece of paper or not.

Not to mention the fact that the VVPATs must actually be audited at some point to be of any use, but that's obvious.

I don't know what else to say. If you have a few more posts, you'll be able to start your own threads here. I look forward to hearing more of your views.

And I think that the software in escrow would have to be in that form.

Microsoft or Intel something... Nobody cares if they leave.

right about NOW?

lol!

What do you mean Skink?

about paper ballots and private enterprise. :)

Link or something?

Don't let the screen door hit your ass on the way out...

That's all I got. Anyone?

As long as you brought it up, let's say it to Da Governator too. I'm fed up with the Austrian Republican Man-Whore and his wife, Bulimic Trophy-from-Democrats.

Let's get Diebold to pull out of all the states.

I wonder if we can use this to our benefit as well. If it is good enough for the brother, perhaps we can get the other sibling as well.

I wonder how much we're talking about to deliver CA? :(

So then connect the dots for me..."NY State has a s/w escrow law too."
left message for you on election reform re:avante

If Diebold won't do business in a state that requires source code escrow, that includes NY. The law may not be worded identically to NC's (probably isn't) but I would think an escrow is an escrow. With the NY one, the code can be revealed in court if there's a contest of election. I'd think that would happen in a NY minute if these machines were ever actually used here.

Perhaps NC has different conditions for revealing the escrowed code.

From what I hear in NY, Diebold is thought of more as a joke than anything else, thanks to Wally O'Dell. Surprised they don't pink slip the guy for making that stupid remark about delivering for Bush. How can they expect to do business anywhere but in the Reddest of the Red states (and CA of course) with that kind of BS! It's clear they demand no accountability from their employees. How much business did that one stupid remark cost their elections division?

We should each buy a share of stock, show up at the Diebold shareholders' meeting, and demand that he resign and they spin off the elections division to a bi-partisan not for profit corporation. That's how companies were initially encouraged to boycott the old South Africa, wasn't it?

eom

And not just any corporations. Major Bush donors and rightwingnuts.

When you write it out like this, it never ceases to cause people to open their windows and scream into night: "I'm. Mad. As. Hell. And. I. Am. *NOT.* Going. To. Take. It. Any. More!!!!!!!!!"

Altogether now.....

It so appears as if they are not on the level! I have known that for a very long time, so what about our politicians? When will "our" politicians speak up! They only need to tell the truth!

.. every state required it.

If forced to comply with a court order then if they pass a false product, i.e. one without nefarious code, then they are criminally liable. If they release false code otherwise, it's only a mistake.

They won't comply, no matter what.

Who's to say the compiled code of the source filed and distributed for review is the one actually on the machine? I know how to hide code on a machine and extract it perfectly without a trace, without a hint of a trace. It would take ten-million dollars to find it, and even then, they'd fail.

It was reviewed you say. If so, good. Still not good enough.

The sleuths need to be street savvy as well as computer savvy. Some of the officials allowing these machines appear to have been bought, either with money or just by weakness of mind. This limited review puts power in the hands of few persons to risk countless billions in a world where people would be happy with a couple million.

You're only going to catch the lazy thief, who did not complete enough extract and hide.

If they want to keep it proprietary, they're in the wrong business.

If Venezuela can have its code, so can we. We're even bigger than they are.

To verify the version of the code actually on the machine you'd use a one-way hash of the executable and library files and compare it against the hash that was computed by the ITA who reviewed the source code and compiled it. If they're the same, the software's legitimate. Or the ITA who builds it can digitally sign it, in which case you can verify the digital signature.

I can't argue over the actual quality of any source code reviews, I agree that the review process isn't anywhere near good or useful enough. My point as it pertains to this thread is simply that it makes no sense to think Diebold would have a problem putting their source code in escrow or having it reviewed, since they (and all the other vendors) actually do that all the time.

Neil

If this is true, maybe their programmers have been smoking too much of it! I suppose you could check it when there's a zero count or something, but certainly NOT DURING an election. Clever huh?

Seriously, that's nonsense.

Make a hash of an executable file (the software for a voting machine, for example). Recalculate that hash any time you want, and compare it against the original. If the hashes are the same, then the software is the same. If the hashes are different, then the software is different. End of story.

If an ITA examines the source code, compiles it into executable form and then computes (say) MD5 and SHA-1 hashes for the compiled file(s), then you (or technically, the state/county board of elections on your behalf) can then recompute the same hashes for the software at any time you feel like doing it. Before the election. After the election. Even during the election, if you want. (Which is slightly problematic, because it means taking a machine out of service -- you probably don't want to pick a random machine, "do something" to it (like whatever steps are necessary to verify the hashes) and then put it back into service... if only to avoid the inevitable frantic "OMG I saw someone come and mess with the voting machine I think they stole my vote OMG OMG" calls and reports on the internet). If the recomputed hashes match the ones originally computed by the ITA when they compiled it, then you can be certain that the software is the same software that was examined and compiled by the ITA (whether or not you think their review is useful or worthwhile is a different discussion). If the hash values are different, as you seem to claim, then the software has been modified and you have a serious problem to resolve.

Counties using electronic voting machines of any kind should take these basic steps to verify that what's installed on their voting equipment is what's supposed to be there. (They should also take whatever procedural steps they need to ensure that software isn't magically installed or changed without their knowledge and consent.) They can check every single machine before and after the election if they want. (Realistically you only need to randomly sample a relatively small subset of the machines to say with a high degree of statistical certainty that the machines all have the right software, but given a big enough election budget you can just check them all).

Of course counties may not take these well-advised steps (and frankly, I suspect that most probably don't). That's entirely their failing... there's absolutely nothing preventing them from doing it (and if there is, they should buy different voting equipment.)

Neil

It has to be user friendly. That's why I suggested a web browser sort of approach where it's as easy as making a credit card transaction with SSL, or whatever they call SSL nowadays.

The hash has to be authenticated somehow. Suppose the intruder somehow provides a bogus hash that matches their hacked code? This is why it would be good to have the correct hash accessible via the web or some other authenticated connection like dial up so that you know it's the real thing.

But this discussion is the sort of thing that will make most voters' eyes glaze over and there is a powerful argument advanced here that says this sort of thing has nothing to do with democracy anyway. The process should be transparent enough on its face that questions of this nature would never come up. Personally, I have one foot on each side of that argument, but I lean toward the "transparent democracy" side.

Also, the issue of ballot corruption, for lack of a better term, pretty much rules out DREs as a voting technology for me. It's just too easy for the machine to rewrite the ballot, or not record the voters' intent, even through accidental ballot definition programming errors. At least with an Op Scan or other paper ballot, you can always go back and count them as marked by the voters. Then it's just a matter of auditing, which I think most people can understand.

Are you referring to the executable file on the GEMS server or the DRE?

During an election. Hash would cause an alarm if it were used.

Some Diebold programmers were criminals(Score:5, Informative)
by JimMarch(equalccw) (710249) on Tuesday November 29, @05:17PM (#14142022)
It's true that getting a total list of programmers in an open-source system would be impossible.

But as a practical matter it's impossible to name all of the Windows programmers either. The court wouldn't expect that of Diebold any more than they'd require a total list of Linux programmers from an open-source voting project.

What Diebold could easily do is name their own programmers.

Except there's no way in hell they'd want to do that.

In 2002 Diebold bought Global Election Systems, which became the Diebold Election Systems unit. Global was founded under another name in 1988 by Norton Cooper, Michael K. Graye and Charles Hong Lee...all with damned interesting resumes (footnote 1):

Norton Cooper - jail for a year mid-1980s for fraud against the Canada government; ordered out of stock pitch schemes and was part of the collapse of the Vancouver stock exchange - ordered by decree not to pitch stock after 1992 or so because he caused havoc every time. Written up by Barron's and Forbes as a "hazard to avoid at the golf course". First convicted of political corruption in 1974 - look up a Canadian case titled "The Queen v. Norton Cooper" 1977 Canadian Supreme Court.

Charles Hong Lee - stock schemes; Cooper's partner pitching deals. Defrauded Chinese immigrants, $600,000(Can) court-ordered restitution mid-90s. Sold "real estate" which was actually the bail for the third partner below to the tune of about $300,000(can) circa 1995ish.

Michael K. Graye - nailed for stealing $18mil from three companies in the '88-'89 era, caught in '94, jailed in the US for stock fraud around '94 re: Vinex wines, released around 2000 - 2002(3?) in the US, brought back to Canada, still in jail there. Arrested for tax evasion and money laundering circa '94.

Those three in turn hired even more "colorful" staff:

John Elder was a cocaine trafficker, in a WA prison early/mid 1990s...fellow inmate was Jeffrey Dean (see next entry). Handled ballot printing for Global late 1990s. Seems to have been the one to bring Dean into Global.

Jeffrey Dean was convicted early '90s of 23 counts of computer-aided embezzlement. He was a computer consultant for a large Seattle law firm and defrauded them of about $450,000 in what US courts called a "sophisticated computer-aided scheme". In a statement to Seattle PD, he claimed he needed the money because Canadians were blackmailing him; in that country, he'd gotten into a fistfight and the other guy had died. (Yes, I've seen the police report.) He joined Elder in the Global ballot printing business late '90s, and with Global's introduction was doing computer consulting with the King County WA elections division - they had no idea of his criminal record. By 2000 he was doing programming for Global and by early Oct. of 2000 he was a full employee and lead programmer for the GEMS vote-tally product still in use. By late Oct. 2000 and shipping in time for the November election, GEMS ver.1.17.5 contains the first "double set of books" problem where all votes are recorded twice internally and don't need to match...long story but it apparantly hides some forms of vote fraud. At the time Diebold bought Global in 2002, Dean quit and was immediately hired back as a consultant via management decision made within the division. This appears to be an attempt to keep Dean's criminal past out of Diebold corporate head office's scrutiny.

At the time Diebold bought Global, Dean owned 10% of Global's stock.

We don't know how many other lower-level progammers within Global/Diebold have criminal records. It's rather obvious that Diebold sure as hell doesn't want us finding out.

Footnote 1 - see also "Black Box Voting: Ballot Tampering In The 21st Century" by Bev Harris, esp. the "Diebold" section at the end of Chapter 8. Free PDF downloads can be found at: http://blackboxvoting.org/

This guy is hilarious in person. Not in the intentional way. :)

He's a self-professed right-wing gun nut, and he's happy to tell you all about it. He and Bev Harris are a couple of old-time grifters looking for another easy score, and they damage the credibility of the election reform movement every time they open their mouths. But at least he's funny.

Here's a little-known fact about Jim I found out from a well-placed source close to Black Box Voting. Jim used to be a member of the mysterious (and unpaid) board of directors at BBV. Several weeks ago he very quietly resigned from the board and moved from California to the Seattle area to take a paid position as a BBV employee -- basically he took over the position as Bev Harris' right-hand man, a position formerly held by no less than our own esteemed Andy Stephenson until she fired him right around the time he got sick. You won't find a story, announcement, or even an offhand mention of Jim's new role anywhere at BBV. (Of course you won't find any information about their secretive board of directors, financial statements, or anything else there either, so maybe they're just generally shady and not merely specifically shady about the Jim March thing.)

The kicker? Most of BBV's funding came from donations solicited from progressive activists, many right here on DU, in the aftermath of the 2004 election... donations that were supposed to be used to issue FOIA requests, audit election results and demonstrate the election fraud that BBV claimed they had knowledge of. Now, a year later, they've produced no audits of election results and demonstrated no actual election fraud (although Bev Harris did eventually insinuate that the Democrats stole the election in some Florida counties and the governor's race in Washington). Instead of the stuff Bev Harris promised, they're mostly using the funds they've accumulated to pay their own fat salaries.

And that'd be fine, if they were honest about it. But they're not, so it's an issue.

Basically, a bunch of DU posters are inadvertently financing the activities of a crazy, right-wing, knife-wielding Republican gun nut. The election audits and proof of fraud in 2004 that they originally thought they'd paid for are never going to happen. It's like a personal slap in the face to almost everyone at DU. Amazing.

But at least it's gratifying that ol' Jim has time to post funny stuff on Slashdot all day. There's another post by him in that same story where he claims that the head programmer for Diebold is a murderer. He's awesome. Apparently just making sh*t up on the internet is supposed to actually help the cause now. You'd think he'd be, say, helping to prepare for the big BBV hacking demo in California. But my inside source at BBV reports that the secretary of state has now rescinded their invitation on the grounds that Bev Harris is more interested in a publicity stunt featuring Bev Harris than a serious test, and plans to proceed with the test with Harri Hursti directly and without BBV. Ouch. So I guess Jim's got time to just post on Slashdot all day after all. Or to help Bev Harris craft some story to explain how they didn't really blow the big California opportunity.

Neil