Diebold

From dKosopedia

Jump to: navigation, search

Diebold, Incorporated [1] is a security systems corporation which is engaged primarily in the sale, manufacture, installation and service of self-service transaction systems (such as ATMs), electronic and physical security products (including vaults and currency processing systems), and software and integrated systems for global financial and commercial markets.

Its primary customers include banks and financial institutions, as well as hospitals, colleges and universities, public libraries, government agencies, utilities and various retail outlets. Sales of systems and equipment are made directly to customers by company sales personnel and by manufacturer's representatives and distributors.

It recently entered the business of developing and marketing electronic voting (e-voting) terminals and solutions for government entities. The company's electronic voting products have been the target of widespread criticism, most notably because of their inability to produce hardcopy paper trails for each voting transaction (for example, as produced by optical scanning machines).

As a result of perceived irregularities in the tabulation of votes in some elections (most recently in the U.S. 2004 presidential election), companies such as Diebold have come under increased scrutiny, particularly by progressives who are more likely to be negatively affected by such irregularities.

This article also addresses issues related to e-voting technology.

Contents

Company history and marketing focus

The company was incorporated in Ohio, in August 1876, as Diebold Safe & Lock Co., successor to the business of Diebold Bahmann & Co. organized in 1859. The present name was adopted in June 1943. After WWII, the company proceeded to acquire a number of safe and lock companies.

In 1990, it acquired some assets of IBM's ATM service business, including existing ATM maintenance agreements. The company has since acquired ATM distribution and maintenance companies worldwide.

In October 1999, Diebold, Inc, acquired 100% of the Brazilian company Procomp, based in São Paulo. Procomp was founded in 1985 and had been the principal provider of ATM machines in Brazil. In 1998 the company had shipped about 7,300 cash dispensers and ATMs. The company was of interest to Diebold, because it had been selected to provide electronic voting equipment to be used throughout Brazil. In June of 2002, Procomp changed its name to Diebold Procomp [2].

One year after the 2000 Florida vote count fiasco, in January of 2002, Diebold acquired Global Election Systems.

Diebold management [3] expects revenue growth of between 11% and 12% for 2004. Management set a revenue growth target for 2005 of between 10% to 12%. In 2003, the company introduced Opteva, a replacement for existing ATMs at banks, which the company is advertising as providing a higher level of security, convenience and reliability. In 2005 it is also looking to enter the network security and firewall markets.

Diebold is now a worldwide provider of e-voting solutions and estimates that the American election market alone could exceed $1 billion over the next several years. Diebold's revenue in 2003 from e-voting products was about $100 million, down 9.7% from its 2002 revenue. The fall in this revenue segment comes from widespread scepticism regarding the reliability and security of its e-voting products. The projected revenue for 2004 from election systems is in the range of $83 to $86 million.

In 2007, the company changed the name of its voting systems division to Premier Election Systems, although it is still owned by Diebold Corp.

Officers and contact information

  • Walden O'Dell - Chairman, C.E.O.
  • Eric Evans - President, C.O.O.
  • Gregory Geswein - Sr. V.P., C.F.O.
  • David Bucci - Sr. V.P., Customer Solutions
  • Thomas Swidarski - Sr. V.P., Strategic Development and Global Marketing


Walden O'Dell was appointed as C.E.O. of Diebold in 1999 and was made Chairman of the company in April of 2000. O'Dell had been an executive of Emerson Electric Co. which makes electronics products, tools, and industrial equipment. O'Dell was hired to help with international expansion of Diebold.

Diebold, Inc.
5995 Mayfair Road
North Canton, OH 44720-8077 U.S.A.
Phone: 330 490-4000
Fax: 330 588-3794

Diebold Election Systems

Diebold Election Systems, Inc. is a wholly owned operating subsidiary of Diebold, Inc. that manufactures and assembles electronic vote tabulating equipment. Its chief officers are

  • Robert Urosevich - President
  • Larry Dix - VP Operations
  • Ian Piper - Manufacturing Manager
  • Mike Rasmussen - Chief Financial Officer


Its president, Robert Urosevich has been working in the election systems industry since 1976. In 1979, Mr. Urosevich founded American Information Systems. He served as the President of AIS from 1979 through 1992, and that company, now known as Election Systems & Software, Inc, counted over 100 million ballots in the U.S. 2000 General Election.

In 1995, Bob Urosevich started I-Mark Systems, whose product was a touch screen voting system utilizing a smart card and biometric encryption authorization technology. Global Election Systems, Inc. (GES) acquired I-Mark in 1997, and on July 31, 2000 Mr. Urosevich was promoted from Vice President of Sales and Marketing and New Business Development to President and Chief Operating Officer.

On January 22, 2002, Diebold announced the acquisition of GES, then a manufacturer and supplier of electronic voting terminals and solutions. The total purchase price, in stock and cash, was $24.7 million. Global Election Systems subsequently changed its name to Diebold Election Systems, Inc.

Diebold political connections

In 2003, Walden ODell, chief executive of Diebold, announced that he had been a top fund-raiser for President George W. Bush. In a letter dated August 14, 2003 in which he invited guests to a $1,000-a-plate fund-raiser at his suburban Columbus mansion, O'Dell stated that he is "committed to helping Ohio deliver its electoral votes to the president next year."

In the invitation, O'Dell also asked guests to consider donating $10,000 each to the Bush reelection campaign. The letter went out the day before Ohio Secretary of State Ken Blackwell, a Cincinnati Republican, was to qualify Diebold, as one of three companies eligible to sell upgraded electronic voting machines to Ohio counties in time for the 2004 election. (The Plain Dealer, August 28, 2003, Voting machine controversy Head of firm seeking Ohio contract committed to Bush victory, Julie Carr Smyth.)

When assailed by critics for the perceived conflict of interest, he pointed out that the company's election machines division is run out of Texas by a registered Democrat. Nonetheless, he vowed to lower his political profile lest his personal actions harm the company.

Analysis of Diebold voting technology

Together Election Systems & Software, Inc. and Diebold Election Systems, Inc. are responsible for tallying around 80% of votes cast in the United States. Though the source code for both these companies is largely a trade secret (though some versions of part of the source code have been obtained in various ways), both are Direct Recording Electronic (DRE) systems which eliminate paper ballots from the election. The most fundamental problem with these architectures is that the reliability of an entire election depends on the security and correctness of the hardware/software in the terminal. This section deals primarily with problems associated to Diebold products, although much of the analysis will apply to those of Election Systems & Software.

Procomp. The first completely computerized national election is believed to be the 2000 Brazilian general election, which required deployment of over 400,000 kiosk-style machines. The voting equipment for this election was supplied by the Brazilian subsidiary of Diebold, called Diebold/Procomp. The source code used by Diebold/Procomp was proprietary, so there was never public analysis of security of the software. However on February 28, 2004 two messages appeared almost simultaneously on the Internet mailing lists UPA-EVOTING and FÓRUM do VOTO-E (e-voting forum), providing a URL which contained what was claimed to be the bootup script SETUP.BAT used by the Brazilian voting equipment.

After analyzing this script, Brazilian computer scientists found numerous security flaws in the software. One fact noted by the Brazilian researchers was the unusual size of this script, consisting of 6200 lines of code. For a startup script, particularly one for security critical software, this is a real security vulnerability. The author of one such critical analsysis, Pedro Antonio Dourado de Rezende of the University of Brasilia notes [4] that most malicious software floating around on the internet consists of scripts written in interpreted languages such as Visual Basic. This means that program is executed line-by-line by an interpeter program, rather than being first translated entirely into machine language by a compiler. These programs are easy to change in minor ways and often fail to perform necessary checks on size or type of data to prevent simple attacks involving buffer overflows.
Image:Picture-of-voting-machine.png
Diebold AccuVote-TS


According to computer security specialist Rebecca Mercuri [5], concerns regarding accuracy of the self-auditing systems led the Brazilian legislature to mandate a retrofit of 3% (some 12,000 machines) to produce a paper ballot that the voter could peruse and deposit in a box for recount.


AccuVote direct recording electronic voting system. On July 24, 2003, Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin and Dan S. Wallach released a highly critical report on the security of the Diebold AccuVote direct recording electronic voting system. The paper appeared as a refereed presentation in the May 2004 IEEE Symposium on Security and Privacy and is available electronically here. The system these researchers analyzed was the direct descendant of the I-Mark Electronic Ballot Station developed around 1996 by I-Mark Systems.

According to the company website [6]

Using an intelligent Voter Card as the voter interface, the AccuVote-TS permits voters to view and cast their votes by touching target areas on an electronically generated ballot. Each unit provides a direct-entry computerized voting application that automatically records and stores appropriate ballot information and results. At the end of the voting period, the system can print precinct totals to be included as part of the permanent record and modem the results to a host computer via TeleResults.

Concerning the software [7]

The goal, with GEMS, is to allow an election administrator to easily and completely control every step of the election process, from ballot layout to election reporting. GEMS software operates on Microsoft's Windows® platform.

The I-Mark Ballot Station had been tested in 1996 by Wyle Laboratories of Huntsville Alabama, against the Federal Election Commission's 1990 Voting System Standards. Though the report issued by Wyle Laboratories is confidential, parts of the report were discussed in a meeting of the Iowa Board of Examiners for Voting Machines and Electronic Voting Systems. In the minutes of these meetings, the comments of Professor Douglas W. Jones (on the faculty of the Computer Science department of the University of Iowa) who was present at the meeting, are noted as folows:

Dr. Jones also expressed concern about data encryption standards used to guarantee the integrity of the data on the machine. DES requires the use of electronic keys to lock and unlock all critical data. Currently all machines use the same key. Dr. Jones stated that this is a security problem. However, the use of a single key for all machines is not a condition that would disqualify the system under Iowa law [8].
Remark: The acronym DES does not refer to Diebold Election Systems, since the company did not exist until 2002 and the minutes of the meeting are dated November 6. 1997. It refers instead to Data Encryption Standard [9].

So basically Prof. Jones is saying that one key can unlock all voting machines! As Jones notes on his webpage, this is analogous to having the the same PIN number for every ATM user.

Though the Kohno, Stubblefield, Rubin and Wallach (KSRW) paper is for the most part accessible to the non-expert, the authors provide a brief summary of their results in the introduction. Some facts of note:

  • Voters can easily program their own smartcards to simulate valid ones. Voters could thus cast multiple ballots or perform actions that normally require administrative privileges, such as terminating the election early!
  • The protocols used by the voting terminals to communicate with a central server (for example to report results or to retrieve election configuration information, i.e. who's running and for what office) do not perform adequate (that is cryptographically based) authentication at either end of the connection. This means that there is no assurance that a terminal is actually communicating with a results-tabulating server or that a results-tabulating server is actually not communicating with a bogus terminal. The protocols moreover do not check that the data has not been fraudulently modified in transit. They note that since these connections are over insecure phone lines or even wireless connections, there is nothing to prevent event relatively unsophisticated attackers from carrying out so-called "man-in-the middle" attacks.

KSRW also confirm the cryptographic weaknesses found by Jones for the data storage mechanisms in the voting terminals. There is one key and the value key is hardwired into the code! This is an extremely serious security vulnerability and basically makes the encryption useless.

Another persistent critic of e-voting is Bev Harris on her website, Blackboxvoting.org, and book by the same name. (Note: Blackboxvoting.com is no longer affiliated with Bev Harris.) Harris and C. D. Sludge, an Internet journalist, both claim there is also evidence that the Diebold systems have been exploited to tamper with American elections —a claim Harris expands in her book Black Box Voting. Sludge further cites Votewatch for evidence that suggests a pattern of compromised voting machine exploits throughout the 1990s, and specifically involving the Diebold machines in the 2002 election.

Diebold continues to assert publicly that its products are secure and meet Federal requirements for voting equipment.

Settlement with the State of California

On November 10, 2004 Diebold announced it had reached a settlement agreement with the State of California in its civil action against Diebold Election Systems.

The original lawsuit had been filed a year earlier by Bev Harris and Sacramento-based activist Jim March, who characterized the $2.6 million settlement as "peanuts." [10]

According to a Diebold news release issued November 10, [11],

Terms of the settlement consist of a total $2.6 million payment to the state, which includes $500,000 to help form a voter education and poll worker training program in California coordinated through the University of California Institute of Governmental Studies. Additionally, Diebold has agreed to certain technology and reporting obligations that will provide election officials with a better understanding of the most effective manner of implementing its elections systems.

According to Jim March, Diebold will not be required to provide any security improvements to its equipment or software. Apparently Diebold has only

agreed to certain technology and reporting obligations that will provide election officials with a better understanding of the most effective manner of implementing its elections system.

This agreement would seem to indicate that Diebold must inform California election officials the high level of insecurity of its e-vote systems.

The non-existent paper audit trail

Computer security professionals have been arguing for several years now that paper audit trails are essential in any e-voting machine. See this discussion by computer security and cryptography experts Bruce Schneier and Paul Kocher on the economics of election fraud.

The reason that is usually given for not providing a receipt that can be used for later verification is that such a receipt would enable voter intimidation or vote selling. The argument goes that if voters could prove with an official receipt that they voted for a particular candidate then it would be practical for that candidate to try to buy votes. Or if a voter could verify how ther family members voted, then one person in the family could conceivably force all others to vote in a particular way.

For this reason a receipt would require some form of encryption to protect voters from intimidation or prevent vote selling. Another solution is given in a 2002 paper by Rebecca Mercuri [12]. Under her solution a voter is able to create a paper ballot that is deposited at the polling place when the vote is cast. There are other more cryptographically sophisticated schemes being proposed, some which would allow verifying to high degrees of probability the accuracy and integrity of the vote count, by checking a small random sample of encrypted ballots. This is the subject of current research.

However, as Francis X. Cringely points out [13], there is a lot of money to be made in installing a network of those machines, and a lot of incentive to cut corners that might save the manufacturer money in research and production or modification of existing equipment.

Leaked internal memos controversy

In September 2003, a large number of internal Diebold memos, dating back to mid-2001, were posted to the Web by the internet-based organizations Why War? and the Swarthmore Coalition for the Digital Commons, a group of student activists at Swarthmore College.

Diebold had sent takedown requests to the sites hosting these documents because they were in violation of the Online Copyright Infringement Liability Limitation Act provisions of the DMCA found in § 512 of the United States Copyright Act. Eventually Diebold backed down.

Congressman Kucinich (D-OH) has placed portions of the files on his websites. Diebold's critics assert that these memos reflect badly on Diebold's voting machines and business practices. For example: "Do not to offer damaging opinions of our systems, even when their failings become obvious." (Election Support Guide; pg. 10 -- [14])

In December 2003, an internal Diebold memo was leaked to the press, sparking controversy in Maryland. Maryland officials requested that Diebold add the functionality of printing voting receipts. The leaked memo said, "As a business, I hope we're smart enough to charge them up the wazoo [for this feature]".

2004 election

According to the website of the Ohio Democratic party [15]

No Ohio County used Diebold Electronic Voting Machines. Ohio did not use modern electronic voting machines in this election. Six counties use an older form of electronic voting, which has a means of verifying the accuracy of the vote. In 69 Ohio Counties, punch card ballots were used.

In fact as reported in Computerworld Magazine on July 19, 2004, the Ohio Secretary of State J. Kenneth Blackwell barred three counties from purchasing electronic voting machines after security testing showed that the systems still have serious security flaws. As of that time, thirty-one counties in Ohio had postponed using e-voting systems until after the November presidential election. Seven counties, however, had already purchased paperless e-voting systems [16].

In the November 2, 2004 the Cleveland Plain Dealer reported that 92,672 votes were discarded, mostly due to now-familiar problems with punch-card ballots used mostly in Democratic urban areas. David Bernstein of The Boston Phoenix [17] writes

Ohio received $133 million from the federal government specifically to replace those old clunkers with new DRE and optical-scan machines ... The $133 million stayed in the bank. "We weren't going to spend it on more punch- card machines," says LoParo. Or on more poll workers, or training, or any of that nonsense.

Georgia 2002

Diebold consultants have admitted that the company installed unvalidated, last-minute software patches just before the 2002 election in Georgia. (See references below.)

Maryland 2006

Diebold has replaced the system boards in 4700 voting machines in Maryland. The chairman of the State Board of Elections claims that he was not informed about these changes. (Source: Voting Machines Had Defective Part, by Cameron W. Barr, Washington Post, Oct. 26, 2006, p.B05.)

Iowa Republican Straw Poll 2007

Malfunctioning Diebold machines delay the poll and force a manual recount. (Source: Republicans Screw Up Another Election)

Princeton Study

A team of computer scientists led by Edward Felten of Princeton University created a malicious program that could change the votes in an election, then cover its own trail. This software could be installed by anyone with access to the machine in one minute. They also created a virus that could spread the program to other machines.

Source Code Revealed

Source code for Diebold machines was delivered to former Maryland state legislator Cheryl C. Kagan. (source: Diebold source code disks delivered to former MD legislator - DailyKos diary).

See Also

External links

Personal tools