Diebold in North Carolina
Diebold is a large manufacturer of ATMs and other (supposedly) secure electronic equipment. In 2002, Diebold acquired a smaller company that manufactured computerized voting machines, and created the Diebold Election Systems subsidiary, which has been mired in scandal ever since. Some reasons include:
- Bob Urosevich, the president of Diebold Election Systems, as well as Walden O’Dell, the CEO of Diebold, Inc., are prominent Republicans. Since Diebold supplies voting machines to some of the most disputed politically disputed areas of the US (e.g. the state of Ohio), many people see this as a conflict of interest — especially in light of Walden O’Dell’s comments promising to help “Ohio deliver its electoral votes to the President” in the 2004 election.
- In 2003, many internal Diebold memos made their way onto the Internet. These memos reflected poorly on the design, reliability, and security of Diebold voting machines. Choice quote:
I need some answers! Our department is being audited by the County. I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16022 when it was uploaded. Will someone please explain this so that I have the information to give the auditor instead of standing here “looking dumb”
Diebold’s response? Attempt to use the DMCA to take down the sites (including Swarthmore University) that hosted the memos. (Diebold’s attempt failed.)
- Officials in Maryland and California found significant problems in Diebold voting machines.
- Diebold voting machines use Microsoft Access as the database backend. Microsoft Access is notoriously unreliable, insecure, and generally just about the worst piece of database software in common use. However, Access does have one major advantage: it is so user-friendly that non-programmers can quicly put together database tables and reports. The result (awful databases designed by awful programmers run on an awful backend) generally horrifies any experienced programmer. The fact that Diebold decided to use Access instead of Microsoft SQL Server, MySQL, Postgresql, Firebird, or hell, even Berkeley DB, makes one doubt the competence of Diebold’s programming team.
- Diebold machines — at least in their 2003 form — were in fact very hackable.
These are more-or-less facts. The opinion, among many of those of the Democratic persuasion, is that Diebold is part of the Vast Right-Wing Corporate Conspiracy (along with Halliburton, Premier Executive Transport Services, etc.), and that Diebold voting machines were made deliberately insecure in order to let evil politicians engage in voting fraud.
Now, my personal theory is that Diebold’s programmers were merely incompetent, and that the management tried to hide the problems in Diebold products because that’s the first instinct of the management team of almost any company. However, there is a significant segment of the US population for whom Diebold is associated with the Antichrist.
In view of this background, consider recent events. North Carolina passed a law requiring all manufacturers of electronic voting machines to place the source code to their products in escrow. The law was designed to prevent problems like in the 2004 election when electronic voting machines lost 4400 votes in one North Carolina county. It is a common practice for state and national governments to require code escrow for crucial electronic equipment; in fact, the odd thing is that North Carolina did not pass the voting machine law until this August.
So, you are the president of a major corporation that is despised by a large part of the US population. Millions of people think that your code is riddled with bugs and secret backdoors. A state law requires you to disclose your codebase. The logical thing to do would be to clean up your code, fix those bugs, disclose your codebase, and demonstrate to all your critics that your product is, in fact, secure. You get positive publicity, your critics are made to look like fools, and you gain marketshare.
Instead, Diebold threatens to withdraw its products from North Carolina. What a brilliant move to demonstrate your confidence in your product’s reliability!
Diebold claimed that it couldn’t meet the requirements of the law because its products were based on Access and Windows, and Diebold didn’t have the source code to them. Which is pretty silly, because no voting machine manufacturer has access to all the source code in its products — even if the company uses an open-source OS, it still won’t have access to the source of the BIOS and firmware in its equipment. It seems to me that the North Carolina law is designed to make voting machine manufacturers to disclose the code that they actually wrote — otherwise, the law would have been pointless.
And some guy on Slashdot is claiming that Diebold’s main problem is that it doesn’t want to reveal the criminal history of some of its employees (as with any slashdot comment, you should take it with a grain of salt — especially considering that the comment doesn’t directly link to any sources).
My take on this is whole situation is that a bad product is being forced out of the marketplace — alas, not through competition with better products, but simply because the product’s manufacturer consistently keeps on shooting itself in the foot.