Wednesday, June 07, 2006

Wealth of Networks: Diebold Election Systems

I would only recommend Benkler's The Wealth of Networks, which I am now reading, to the real diehards on the topic of new media. This is mostly because he makes it difficult to read with too many fancy words (like desiderata) and sentences that go on and on and on. But there is some really good stuff buried in there too. There are also lucid moments in plain English like the passage below.

To anyone who finds the passage below from Benkler's book interesting, I would highly recommend An Army of Davids and then We the Media.


Starting on page 225 of Benkler's book, (also discussed here and here) is the story below. It is fairly long, but gives some compelling insights and renews optimism.

He begins with the words, "our second story..." His first story is also quite worthwhile and I will post it soon to The Geebus.

From Wealth of Networks:


"Our second story focuses not on the new reactive capacity of the networked public sphere, but on its generative capacity. In this capacity, it begins to outline the qualitative change in the role of individuals as potential investigators and commentators, as active participants in defining the agenda and debating action in the public sphere.

This story is about Diebold Election Systems (one of the leading manufacturers of electronic voting machines and a subsidiary of one of the foremost ATM manufacturers in the world, with more than $2 billion a year in revenue), and the way that public criticism of its voting machines developed. It provides a series of observations about how the networked information economy operates, and how it allows large numbers of people to participate in a peer-production enterprise of news gathering, analysis, and distribution, applied to a quite unsettling set of claims.

While the context of the story is a debate over electronic voting, that is not what makes it pertinent to democracy. The debate could have centered on any corporate and government practice that had highly unsettling implications, was difficult to investigate and parse, and was largely ignored by mainstream media.

The point is that the networked public sphere did engage, and did successfully turn something that was not a matter of serious public discussion to a public discussion that led to public action. Electronic voting machines were first used to a substantial degree in the United States in the November 2002 elections. Prior to, and immediately following that election, there was sparse mass-media coverage of electronic voting machines. The emphasis was mostly on the newness, occasional slips, and the availability of technical support staff to help at polls.

An Atlanta Journal-Constitution story, entitled “Georgia Puts Trust in Electronic Voting, Critics Fret about Absence of Paper Trails,”5 is not atypical of coverage at the time, which generally reported criticism by computer engineers, but conveyed an overall soothing message about the efficacy of the machines and about efforts by officials and companies to make sure that all would be well.

The New York Times report of the Georgia effort did not even mention the critics.6 The Washington Post reported on the fears of failure with the newness of the machines, but emphasized the extensive efforts that the manufacturer, Diebold, was making to train election officials and to have hundreds of technicians available to respond to failure.7

After the election, the Atlanta Journal-Constitution reported that the touch-screen machines were a hit, burying in the text any references to machines that highlighted the wrong candidates or the long lines at the booths, while the Washington Post highlighted long lines in one Maryland county, but smooth operation elsewhere. Later, the Post reported a University of Maryland study that surveyed users and stated that quite a few needed help from election officials, compromising voter privacy.8

Given the centrality of voting mechanisms for democracy, the deep concerns that voting irregularities determined the 2000 presidential elections, and the sense that voting machines would be a solution to the “hanging chads” problem (the imperfectly punctured paper ballots that came to symbolize the Florida fiasco during that election), mass-media reports were remarkably devoid of any serious inquiry into how secure and accurate voting machines were, and included a high quotient of soothing comments from election officials who bought the machines and executives of the manufacturers who sold them.

No mass-media outlet sought to go behind the claims of the manufacturers about their machines, to inquire into their security or the integrity of their tallying and transmission mechanisms against vote tampering. No doubt doing so would have been difficult. These systems were protected as trade secrets. State governments charged with certifying the systems were bound to treat what access they had to the inner workings as confidential. Analyzing these systems requires high degrees of expertise in computer security. Getting around these barriers is difficult.

However, it turned out to be feasible for a collection of volunteers in various settings and contexts on the Net. In late January 2003, Bev Harris, an activist focused on electronic voting machines, was doing research on Diebold, which has provided more than 75,000 voting machines in the United States and produced many of the machines used in Brazil’s purely electronic voting system. Harris had set up a whistle-blower site as part of a Web site she ran at the time, blackboxvoting. com.

Apparently working from a tip, Harris found out about an openly available site where Diebold stored more than forty thousand files about how its system works. These included specifications for, and the actual code of, Diebold’s machines and vote-tallying system.

In early February 2003, Harris published two initial journalistic accounts on an online journal in New Zealand, Scoop.com—whose business model includes providing an unedited platform for commentators who wish to use it as a platform to publish their materials. She also set up a space on her Web site for technically literate users to comment on the files she had retrieved. In early July of that year, she published an analysis of the results of the discussions on her site, which pointed out how access to the Diebold open site could have been used to affect the 2002 election results in Georgia (where there had been a tightly contested Senate race).

In an editorial attached to the publication, entitled “Bigger than Watergate,” the editors of Scoop claimed that what Harris had found was nothing short of a mechanism for capturing the U.S. elections process. They then inserted a number of lines that go to the very heart of how the networked information economy can use peer production to play the role of watchdog:

We can now reveal for the first time the location of a complete online copy of the original data set. As we anticipate attempts to prevent the distribution of this information we encourage supporters of democracy to make copies of these files and to make them available on websites and file sharing networks: http:// users.actrix.co.nz/dolly/. As many of the files are zip password protected you may need some assistance in opening them, we have found that the utility available at the following URL works well: http://www.lostpassword.com. Finally some of the zip files are partially damaged, but these too can be read by using the utility at: http://www.zip-repair.com/. At this stage in this inquiry we do not believe that we have come even remotely close to investigating all aspects of this data; i.e., there is no reason to believe that the security flaws discovered so far are the only ones. Therefore we expect many more discoveries to be made. We want the assistance of the online computing community in this enterprise and we encourage you to file your findings at the forum HERE [providing link to forum].


A number of characteristics of this call to arms would have been simply infeasible in the mass-media environment. They represent a genuinely different mind-set about how news and analysis are produced and how censorship and power are circumvented.

First, the ubiquity of storage and communications capacity means that public discourse can rely on “see for yourself” rather than on “trust me.” The first move, then, is to make the raw materials available for all to see. Second, the editors anticipated that the company would try to suppress the information. Their response was not to use a counterweight of the economic and public muscle of a big media corporation to protect use of the materials. Instead, it was widespread distribution of information—about where the files could be found, and about where tools to crack the passwords and repair bad files could be found— matched with a call for action: get these files, copy them, and store them in many places so they cannot be squelched. Third, the editors did not rely on large sums of money flowing from being a big media organization to hire experts and interns to scour the files. Instead, they posed a challenge to whoever was interested—there are more scoops to be found, this is important for democracy, good hunting!! Finally, they offered a platform for integration of the insights on their own forum. This short paragraph outlines a mechanism for radically distributed storage, distribution, analysis, and reporting on the Diebold files.


As the story unfolded over the next few months, this basic model of peer production of investigation, reportage, analysis, and communication indeed worked. It resulted in the decertification of some of Diebold’s systems in California, and contributed to a shift in the requirements of a number of states, which now require voting machines to produce a paper trail for recount purposes. The first analysis of the Diebold system based on the files Harris originally found was performed by a group of computer scientists at the Information Security Institute at Johns Hopkins University and released as a working paper in late July 2003. The Hopkins Report, or Rubin Report as it was also named after one of its authors, Aviel Rubin, presented deep criticism of the Diebold system and its vulnerabilities on many dimensions.


The academic credibility of its authors required a focused response from Diebold. The company published a line-by-line response. Other computer scientists joined in the debate. They showed the limitations and advantages of the Hopkins Report, but also where the Diebold response was adequate and where it provided implicit admission of the presence of a number of the vulnerabilities identified in the report. The report and comments to it sparked two other major reports, commissioned by Maryland in the fall of 2003 and later in January 2004, as part of that state’s efforts to decide whether to adopt electronic voting machines. Both studies found a wide
range of flaws in the systems they examined and required modifications (see figure 7.2).


Meanwhile, trouble was brewing elsewhere for Diebold. In early August 2003, someone provided Wired magazine with a very large cache containing thousands of internal e-mails of Diebold. Wired reported that the e-mails were obtained by a hacker, emphasizing this as another example of the laxity of Diebold’s security. However, the magazine provided neither an analysis of the e-mails nor access to them. Bev Harris, the activist who had originally found the Diebold materials, on the other hand, received the same cache, and posted the e-mails and memos on her site.

Diebold’s response was to threaten litigation. Claiming copyright in the e-mails, the company demanded from Harris, her Internet service provider, and a number of other sites where the materials had been posted, that the e-mails be removed. The e-mails were removed from these sites, but the strategy of widely distributed replication of data and its storage in many different topological and organizationally diverse settings made Diebold’s efforts ultimately futile.

The protagonists from this point on were college students. First, two students at Swarthmore College in Pennsylvania, and quickly students in a number of other universities in the United States, began storing the e-mails and scouring them for evidence of impropriety. In October 2003, Diebold proceeded to write to the universities whose students were hosting the materials.

The company invoked provisions of the Digital Millennium Copyright Act that require Web-hosting companies to remove infringing materials when copyright owners notify them of the presence of these materials on their sites. The universities obliged, and required the students to remove the materials from their sites.

The students, however, did not disappear quietly into the night. On October 21, 2003, they launched a multipronged campaign of what they described as “electronic civil disobedience.” First, they kept moving the files from one student to another’s machine, encouraging students around the country to resist the efforts to eliminate the material. Second, they injected the materials into FreeNet, the anticensorship peer-to-peer publication network, and into other peer-to-peer file-sharing systems, like eDonkey and BitTorrent. Third, supported by the Electronic Frontier Foundation, one of the primary civil-rights organizations concerned with Internet freedom, the students brought suit against Diebold, seeking a judicial declaration that their posting of the materials was privileged. They won both the insurgent campaign and the formal one. As a practical matter, the materials remained publicly available throughout this period. As a matter of law, the litigation went badly enough for Diebold that the company issued a letter promising not to sue the students. The court nonetheless awarded the students damages and attorneys’ fees because it found that Diebold had “knowingly and materially misrepresented” that the publication of the e-mail archive was a copyright violation in its letters to the Internet service providers.9


Central from the perspective of understanding the dynamics of the networked public sphere is not, however, the court case—it was resolved almost a year later, after most of the important events had already unfolded—but the efficacy of the students’ continued persistent publication in the teeth of the cease-and-desist letters and the willingness of the universities to comply.


The strategy of replicating the files everywhere made it impracticable to keep the documents from the public eye. And the public eye, in turn, scrutinized. Among the things that began to surface as users read the files were internal e-mails recognizing problems with the voting system, with the security of the FTP site from which Harris had originally obtained the specifications of the voting systems, and e-mail that indicated that the machines implemented in California had been “patched” or updated after their certification. That is, the machines actually being deployed in California were at least somewhat different from the machines that had been tested and certified by the state.

This turned out to have been a critical find.


California had a Voting Systems Panel within the office of the secretary of state that reviewed and certified voting machines. On November 3, 2003, two weeks after the students launched their electronic disobedience campaign, the agenda of the panel’s meeting was to include a discussion of proposed modifications to one of Diebold’s voting systems. Instead of discussing the agenda item, however, one of the panel members made a motion to table the item until the secretary of state had an opportunity to investigate, because “It has come to our attention that some very disconcerting information regarding this item [sic] and we are informed that this company, Diebold, may have installed uncertified software in at least one county before it was certified.”10 The source of the information is left unclear in the minutes. A later report in Wired cited an unnamed source in the secretary of state’s office as saying that somebody within the company had provided this information. The timing and context, however, suggest that it was the revelation and discussion of the e-mail memoranda online that played that role.

Two of the members of the public who spoke on the record mention information from within the company. One specifically mentions the information gleaned from company e-mails. In the next committee meeting, on December 16, 2003, one member of the public who was in attendance specifically referred to the e-mails on the Internet, referencing in particular a January e-mail about upgrades and changes to the certified systems. By that December meeting, the independent investigation by the secretary of state had found systematic discrepancies between the systems actually installed and those tested and certified by the state. The following few months saw more studies, answers, debates, and the eventual decertification of many of the Diebold machines installed in California (see figures 7.3a and 7.3b).


The structure of public inquiry, debate, and collective action exemplified by this story is fundamentally different from the structure of public inquiry and debate in the mass-media-dominated public sphere of the twentieth century. The initial investigation and analysis was done by a committed activist, operating on a low budget and with no financing from a media company.

The output of this initial inquiry was not a respectable analysis by a major player in the public debate. It was access to raw materials and initial observations about them, available to start a conversation. Analysis then emerged from a widely distributed process undertaken by Internet users of many different types and abilities. In this case, it included academics studying electronic voting systems, activists, computer systems practitioners, and mobilized students. When the pressure from a well-financed corporation mounted, it was not the prestige and money of a Washington Post or a New York Times that protected the integrity of the information and its availability for public scrutiny. It was the radically distributed cooperative efforts of students and peer-to-peer network users around the Internet. These efforts were, in turn, nested in other communities of cooperative production—like the free software community that developed some of the applications used to disseminate the e-mails after Swarthmore removed them from the students’ own site. There was no single orchestrating power—neither party nor professional commercial media outlet. There was instead a series of uncoordinated but mutually reinforcing actions by individuals in different settings and contexts, operating under diverse organizational restrictions and affordances, to expose, analyze, and distribute criticism and evidence for it.

The networked public sphere here does not rely on advertising or capturing large audiences to focus its efforts. What became salient for the public agenda and shaped public discussion was what intensely engaged active participants, rather than what kept the moderate attention of large groups of passive viewers. Instead of the lowest-common-denominator focus typical of commercial mass media, each individual and group can—and, indeed, most likely will—focus precisely on what is most intensely interesting to its participants. Instead of iconic representation built on the scarcity of time slots and space on the air or on the page, we see the emergence of a “see for yourself” culture. Access to underlying documents and statements, and to the direct expression of the opinions of others, becomes a central part of the medium."

No comments: