RE: Jim March's "need a cluster" thread

The link to the DU discussion prompted me to think a little about the DMCA (http://anti-dmca.org/), specifically its provisions which refer to "...circumventing a technological measure that controls access to a copyrighted work...". (http://www.ala.org/Content/NavigationMenu/Our_Association/Offices/ALA_Washington/Issues2/Copyright1/DMCA__The_Digital_Millenium_Copyright_Act/DMCA_Section_1201_-_the_Anti-Circumvention_Rule.htm).

I'm not a moderator so I've referred the thread to others, but in the mean-time I've moved it off-line. It looks to me like we might be looking at an issue where the provisions of the DMCA will bite us in the butt, regardless of the legitimacy of what we're trying to do. The attempt to reveal the data itself might just be illegal.

Thoughts? (Other than "you damned fascist," I mean? :p )

(I always opposed the DMCA, but never thought it'd really affect me...)

[Speaking as someone that has sat through a few lectures on patent law, intellectual property and the like, and am currently taking a course on it, but I'll defer to any real lawyers that respond]
Is the election data contained within the .zip a copy-righted work? I'd think it was public property. Now, it might classify as a trade secret, because they tried to hide it, but I bet they lost that status due to their incompetence with protecting their website.

According to the US Patent and Trademark Office (http://www.uspto.gov/web/offices/pac/doc/general/whatis.htm):
What Is a Copyright?
Copyright is a form of protection provided to the authors of “original works of authorship” including literary, dramatic, musical, artistic, and certain other intellectual works, both published and unpublished. The 1976 Copyright Act generally gives the owner of copyright the exclusive right to reproduce the copyrighted work, to prepare derivative works, to distribute copies or phonorecords of the copyrighted work, to perform the copyrighted work publicly, or to display the copyrighted work publicly.

The copyright protects the form of expression rather than the subject matter of the writing. For example, a description of a machine could be copyrighted, but this would only prevent others from copying the description; it would not prevent others from writing a description of their own or from making and using the machine. Copyrights are registered by the Copyright Office of the Library of Congress.
You must also register with the USPTO office to obtain a copyright, such status cannot be claimed at whim.

Kharn

Sort of a paradox.
We don't know what is contained inside the file except that we hear it is supposedly public voting data that was taken (again, we are told) from an unsecured FTP server. Unless someone cracks it and takes a look inside, we can't know for certain if this is true, or if instead there copyrighted data in it. In the first case, I don't think there is a problem. In the second, there probably is.

Not a legal expert myself, so I don't know if the act of crunching numbers to get access to it is illegal in and of itself because for it to be illegal the data contained would have to be copyrighted or otherwise regarded "intellectual property", correct?

Let's say I found an unknown archive file on my computer that was password protected. Thinking it is a personal or public file - I let my machine try to crack it.
Am I a criminal?

What if it turns out to be a backup of my firearms records or a copy of the Constitution?

What if it turns out to be someone else's proprietary source-code and I immediately delete it?

Ethically, I think either way (assuming I don't steal any "intellectual property" once I access it) my actions would be justifiable. Legally, I'm not so sure. So many silly things are illegal these days.

1994 US Computer Abuse amendments act is the real biggie, I can send details if you like.

Thinking about it the '96 US Economic and Protection of Proprietary Information Act may be bigger

-DW

Now, my understanding on copyright was all aquired as a photographer, but my understanding was that your work was copyrighted the moment it was created, but you need to register it with the copyright office in order to get the maximum awards allowed by law (including atty's fees).

With regard to "public data," I was under the impression that the presentation can be copyrighted. The phone company has a copyright on their presentation of the data in the phone book, and Westlaw has a copyright on their presentation of court proceedings (and a virtual monopoly because of it), etc.

Regardless, it seems to me that one can view a password as a "technological measure that controls access to a copyrighted work." And as such, discussing the attempt to circumvent said password in a public forum might not be such a good idea. Whether the law is so offensive that you feel it needs to be broken, especially with regard to voting data that appears to be tampered with, is another issue entirely, and is one I have no public opinion on.

Cordex,

1991 Sentencing Guidelines treat the unauthorized possession of information without the intent to profit from the information as a crime. It invokes the "prudent man rule" which basicly says "should you have known better?"

That is why I had said that if we and THR had been told that the file contained personal information, then there would have been no liability, except for the liar. But we were told, and a reasonable man would be expected to know that they were not the intended recipient.

If you just "discovered" a file on your computer, then you have reason to believe you may have created it once, then forgotten about it.

The cat is out of the bag on this one.

There is no turning back at this point as the files are so well distributed any clean up effort or attempt to locate and prossecute each and every person that has a copy and is working with them out of the question. Jim is taking DIRECT and PUBLIC responsability for the distribution of Diebolds files wich also helps to divert attention to him as the source. A BOLD and CLEVER action. The fact is that if they try to drag Jim into court on this, he has enough $hit to throw at the fan.... its gonna break.


From the horses mouth:

Jim March's letter to Diebold


Jim sent this to Diebold's lawyers, my webhost, and myself.

(I'm going to take the opportunity to say, again, that I feel Jim should be allowed back on DU. WE NEED HIM!)


==================================================================================================


Ms. Reeves,

I read with interest your statement of alleged copyright/IP
infringement against the owner of the "smashthetrifecta" site:

http://www.smashthetrifecta.com/

and:

http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=104&topic_id=323463&mesg_id=323463

The purpose of this missive is to inform you of several basic facts:

1) I am the individual who provided that site's owner with the files
in question;

2) The files are up on other sites in addition to that one; I fully
expect you'll try bullying them into submission too;

3) Ultimately, this will not work because I *will* continue to
distribute them under "fair use" principles.

I take this stance after repeated consultation with legal counsel.
Allow me to elaborate:

Copyright law cannot be used to hide evidence of a crime. Diebold has
clearly committed so many legal violations at this point, that
"unclean hands" principles apply in spades.

a) Diebold had, on their website and available for public download, a
copy of an elections data file created at 3:31pm on the day of the
March 5th 2002 primary elections in San Luis Obispo County. There is
no possible reason for that file to have been in Diebold's possession.
Under California law, it is illegal to release elections data before
the close of the election. I suggest consulting with the SLO County
Registrar, Julie Rodewald, to confirm the authenticity of this file
which I provided her.

b) California Elections Code 19205(c) prevents the Calif Secretary of
State from certifying electronic voting systems which are subject to
tampering. There is ZERO practical security at all on the GEMS data
management system. Anybody with a copy of MS-Access can alter voting
data, passwords and audit trails at will, without leaving any trace.
Worse, there is a runtime edition of MS-Access shipped on every GEMS
box (central vote-count computer system as used with all Diebold
Elections Systems products), which would allow exactly the same
alterations from a script executed via a dial-in connection through
the RAS server and Digiboard from a Touchscreen terminal, Optical Scan
terminal or standard PC/Laptop. We can prove that Diebold would have
enough access to the GEMS box in mid-election to "booger the vote" by
their possession of the SLO county data file referred to above.

c) Internal memos slipped to activists BY DIEBOLD INSIDERS (the
"1.8gigs of data" first referred to in Wired magazine) and in my
possession show that Diebold field tech support staffs noticed teh
"zero security under MS-Access" issue literally years ago, and
deliberately kept it quiet from county elections officials and state
certification boards. This constitutes pure criminal conspiracy.

d) The same internal memos reveal a widespread pattern of installing
and using UNcertified versions of the various programs, both at the
terminals and central vote-count box (running the "GEMS" app and
related components).

e) While purporting to sell an application that operates under high
security standards, your clients have displayed technical incompetence
in security matters at a level seldom seen outside of a "Dilbert"
comic strip.

To recap: your clients have set out to secretly rig elections. They
have installed features into their software making it deliberately
open to tampering in ways that defeat the usual "spot recount of
random precincts" procedures of honest local elections officials rely
on.

Your clients actions are literally horrifying, evidence of nothing
less than a coup attempt in progress. You will be hearing from me
tomorrow by phone; if it is your client's intent to sue me, I will
facilitate that at the earliest possible convenience, in order to rape
them in discovery and depositions and annihilate them in court.

You see, Ms. Reeves, sometimes when you push people around, you run
into somebody who's had about enough and isn't going to back down.

I hate bullies. With a passion. I am going to *enjoy* our future
interactions.

I guarantee you your clients won't.

Jim March

Blind Carbon Copy to: a *whole* lotta people .

Not a legal expert myself, so I don't know if the act of crunching numbers to get access to it is illegal in and of itself because for it to be illegal the data contained would have to be copyrighted or otherwise regarded "intellectual property", correct?

__________________________________________________________


That is exactly why the DMCA is a dangous piece of crap. It makes the PROCESS OF TESTING the integrity of copywritted materials illegal.


What I think is most interesting and a great irony of this whole mess and really the bottem line is that NO electronic voting system could ever be acceptable. Voting MUST remain a manual and anoloug process. Computers could only server to speed EARLY results out.


Diesle

Dear God, I will pray for you Jim. Get a lawyer now! A real one that specializes in defending accused violators of IP. Talk to the EFF.

1. You admitted to distributing the files.

2. They are in other places that you will not disclose.

3. The "Unclean Hands" principle has nothing to do with this, and whoever told you that it does is a BAD lawyer. I can't imagine what made them think that.

When some 16 year old punk being questioned starts jumping up and down yelling "hack the planet!", I just laugh and laugh and laugh. Then I buy a Jag.

We now have a whole archive of internal Diebold memos showing just unbelievable fraud.

Direct attempts to misdirect Federal elections testers, for starters. Folks, we've got about 6gigs of this stuff (uncompressed) and we haven't even gotten halfway through digging. But a "best of" collection is up at:

http://www.blackboxvoting.org/diebold-memos-1.htm

At one point, the Federal test lab realized that the files were dickable under MS-Access; note what a Diebold tech said about this flaw:

-----------------
Subject: RE: alteration of Audit Log in Access
From: "Ken Clark"
Date: Thu, 18 Oct 2001 09:55:02 -0700
Importance: Normal
In-reply-to:


Its a tough question, and it has a lot to do with perception. Of course everyone knows perception is reality.

Right now you can open GEMS' .mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. In VTS, you can open the database with progress and do the same. The same would go for anyone else's system using whatever database they are using. Hard drives are read-write entities. You can change their contents.

Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the .mdb file. Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out.

It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor [ed: the Federal test lab, now known as Ciber].

There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever.

By the way, all of this is why Texas gets its sh*t in a knot over the log printer. Log printers are not read-write, so you don't have the problem. Of course if I were Texas I would be more worried about modifications to our electronic ballots than to our electron logs, but that is another story I guess.

Bottom line on Metamor is to find out what it is going to take to make them happy. You can try the old standard of the NT password gains access to the operating system, and that after that point all bets are off. You have to trust the person with the NT password at least. This is all about Florida, and we have had VTS certified in Florida under the status quo for nearly ten years.

I sense a loosing battle here though. The changes to put a password on the .mdb file are not trivial and probably not even backward compatible, but we'll do it if that is what it is going to take.

Ken
-----------------

Jim again.

Ken was wrong - the test lab BOUGHT IT even though he himself didn't expect them to!

Here's the lie: there's an MS-Access *runtime* library on every GEMS box. And in order to dial in, the touchscreen or optical scan station has to come in in such a direct fashion, the PC itself can run a script. Including a script controlling the Access runtime. And the runtime can booger the vote six ways from Sunday just like a full-on Access copy can.

It gets worse - here's another memo that already surfaced:

-----------------
----- Original Message ----- From: "Robert Chen" <robertc@dieboldes.com> To: <support@gesn.com> Sent: Monday, October 28, 2002 1:30 PM Subject: AVTS modem upload BS 4.3.11

Hi,

Found something interesting here in Alameda County, and want to see if anyone has found this in the field. Especially those of you who are doing AVTS (we don't do AVOS) modem upload from the precincts.

Running: BS 4.3.11 GEMS 1.18.14 NT 4.0 6a

I am dialing the central computer's bank of modems (connected via Digi PCI X/em) and connecting to NT's Remote Access Server. I have assigned a ip pool (166.107.248.210 to 220) and the AVTS with PCMCIA card modems dial in okay, and make a connection with the RAS server. I can see the assigned ip address to the incoming AVTS unit. However, when I try uploading, it gives and error: "no connection to host". Yes, I have confirmed the HOST name and tried the IP address.

I tried pinging the AVTS unit and only get timeouts. I then tried simulating the connection with my laptop and was able to successfully upload. I was also able to ping my laptop from the server and vice versa.

At this point, I do not think, despite the port information displayed by RAS Server, that the AVTS was taking the ip address.

I am sure I am probably doing something wrong and would appreciate some enlightenment.

rob chen
-----------------

Jim again. Let me try translating:

"Digi PCI X/em" is the 16-port Digiboard - see also "products" at http://www.digi.com

"AVTS" means touchscreen terminals, while "AVOS" is optical scan. Other than the terminal type, the equipment is otherwise the same between a TS system such as Alameda and OS as bought by San Luis Obispo.

They're running GEMS 1.18.14, which is an uncertified version (ask Kevin Shelley's office if you don't believe me) on Windows NT 4.0 (bugpatch set 6A).

"RAS" is "Remote Access Server" - a set of communications software that gives external PCs VERY complete access to the central box running it. Files can be accessed and manipulated over it.

Mr. Chen was able to access the central box over one of these modems, or at least he expected to be able to do so, from an ordinary laptop.

Diebold knows the RAS password to get in. Diebold knows the phone numbers.

Therefore, during that "window" of a couple hours after polls close when the modems are turned on (per SLO county elections officials), an ordinary PC in a Diebold basement somewhere could dial in, run a script, change votes specific to that county and get out again. In about 5 to 10 minutes tops, per county.

Are you guys starting to see why being afraid of Diebold legal actions is 100% pure cowardice?

Digital Warrior: here we go again.

1) I am repeatedly stating that the distribution is under "fair use", why I feel that way, and I'm not hiding what I'm doing. Let's see any prosecutor try and drag "intent" out of that.

2) If they DO drag me into court, I'll shred their arses. See previous post.

Derek: show all this to Oleg. This thread, and the yanked one. Let him decide.

Derek: show all this to Oleg. This thread, and the yanked one. Let him decide.It's under consideration as we speak. (You forget though, THR is running on my box in my house via my internet connection. Any ugly letters will be directed at me...)

OH. Hmmm...I actually didn't know that. Sorry.

Sic 'em Jim :)

btw - if they go after you in civil court, what are they going to take?

Your Jag? The Malibu beach house? Your extensive Biotech investment portfolio?

Or maybe your motorcycle, your PC and your Kydex holster kit?

LOL.

Even if they win, make them run up the tab and then file BR.

Civil threats work best on people with a lot of assets.

Jim-

I'm somewhat surprised that our original thread has been yanked, even though I think that the sys admin had every right to do so. Do we need our own forum ? I adminster several websites (commercial and private) and I have plenty of webspace and bandwidth available, I could put up a forum in less than 24 hours. In this manner we could continue our effort(s) undisturbed...

Hold off until Derek and the rest decide. The most recent memos popping up are so damning, I think they'll come around.

If not, even running your own server really doesn't help. Diebold's lawyers will send another bluff nastygram to whoever your upstream provider is. It's a bluff, because NO WAY in hell do they want real legal action.

But most people are cowards who cave in at the first bluff, or even hint a bluff might be coming.

That's why it works.

If not, even running your own server really doesn't help. Diebold's lawyers will send another bluff nastygram to whoever your upstream provider is. It's a bluff, because NO WAY in hell do they want real legal action.

It wouldn't be a problem, I own part of the hosting company and have vast experience hosting sites with problematic content. A diebold 'nastygram' would be a welcome addition to my already sizeable collection of threat-letters. The offer still stands, let me know what has been decided.

OK, I gotta get some actual work done, be back this evening.

I'm somewhat surprised that our original thread has been yanked, even though I think that the sys admin had every right to do so. This looks like one of those issues where every appearance is that laws are being broken, even though the cause is righteous. As I said before, your cause looks to be just, but I don't believe it's appropriate to discuss it on a public forum like this.

To do so seems to be tempting fate, especially if Jim's claims have any merit. Question: how much would it cost to prove the righteousness of your actions in federal court? How much would it cost to lose? Remember the penalties are both civil and criminal.

Now, assume you've got a ton of debt from putting your wife through medical school, and that you're running this board as a service to the shooting community. Out of your house. On your hardware. Which will all disappear if someone gets convinced that it needs to be held as "evidence."

Now, how much legally questionable behavior are you willing to publicly engage in to further someone else's cause? I think I believe in what Jim's doing, but I'm not interested in taking a whole lot of heat for it. If I'm gonna play martyr, I'm gonna do it for my own cause and with my wife's prior permission (or after insulating her from the consequences of my actions). The odds may be slim (or may not -- I'm not a lawyer), but one chance in 20 is too much for me on this one, so for now, I'm out.

[edited to add:] I guess that on this issue, I'm one of those "...cowards who cave in at the first bluff, or even hint a bluff might be coming" that Jim was talking about. :o

Do we need our own forum? Probably. If someone reading this has a Linux/*BSD box lying around and has an internet connection that doesn't block incoming ports, I'll be happy to teach you how to set up your own thr-workalike on your own box. You won't even need a static IP.

Hell, I'll be happy to set it up for you via SSH -- it'll probably take less than 2 hours (planning for unforseen faliures).

:)

I adminster several websites (commercial and private) and I have plenty of webspace and bandwidth available, I could put up a forum in less than 24 hours. In this manner we could continue our effort(s) undisturbed...Or, you could take it to e-mail. If it was me, I'd start a mailing list where all members used Hushmail or PGP-encrypted their communications. Makes it harder to be harrassed, IMHO. Of course, I'd stick with people who had a presence here before Jim's original post on this topic (wanna be paranoid?)

Derek-


No need to justify your decision mate; I fully understand and appreciate you taking time to explain it.

Cheers,

Christian.

Interestingly, close to the same thing happened on the politech mailing list, run by Declan McCullagh, when he got encrypted files (I think they were zips) from the TSA website. The line he didn't cross was posting/forwarding messages with the correct password, but he forwarded messages dealing with the progress of a password cracking attempt.

http://www.politechbot.com/cgi-bin/politech.cgi?name=tsa
Look at the posts from December 2002 and January 2003

I don't have anything to add to this, but a quote:

"In Germany they came first for the Communists, and I didn't
speak up because I wasn't a Communist. Then they came for the
Jews, and I didn't speak up because I wasn't a Jew. Then they
came for the trade unionists, and I didn't speak up because I
wasn't a trade unionist. Then they came for the Catholics,
and I didn't speak up because I was a Protestant. Then they
came for me, and by that time no one was left to speak up."

Martin Niemoeller, German Lutheran Pastor

Diebold's days are now seriously numbered. A whole series of internal technical memos have been leaked by an insider that show a deliberate pattern of fraud and deception of, among others, the Federal testing laboratory (Metamor, now Ciber).

http://www.blackboxvoting.org/diebold-memos-1.htm

Basically, there is just NO WAY Diebold can claim that their "intellectual property" (GEMS) was in any way harmed, because it is 100% illegal to run an election with it!

The single worst item is the letter from Clark (Sr. Diebold techie) talking about how multiple counties are hand-altering GEMS data with MS-Access because it's easier than using GEMS itself!

:what:

Folks, MS-Access was never certified as an election product. And Clark's memos show that he *knows* MS-Access bypasses all possible security measures, including the audit trail. Since Diebold didn't bother to put simple line numbers in said audit trail, you can't tell if it has been dicked with later.

As to "reliance on NT security": Clark KNEW that was horsecrap, he strongly suspected the Federal test lab wouldn't buy it (although they DID) and mentions that he himself, along with all the other Diebold field staff who *know* the standardized NT passwords THAT ARE PRINTED IN THE GEMS USER MANUAL can thus "hack the vote" any time they want to.

Christ, folks, they hid all this from the Federal testing lab and their customer base.

GEMS is worse than "worthless", it has NEGATIVE value!!! It is as illegal to run a US vote with it as it is to have child porn on your hard disk.

:cuss: :cuss: :cuss: :cuss: :cuss: :cuss: :cuss:

We're supposed to be scared of THEM!?

Oh hell no. I don't think so.

You must also register with the USPTO office to obtain a copyright, such status cannot be claimed at whim.

Not true. The author of a work holds the copyright on it as soon as it is created. The reason you would want to register a copyright is that doing so is prima facie evidence that you hold the copyright, not somebody else. That makes enforcement of the copyright A LOT easier.

(Yes, I am a lawyer although I'm not currently practicing.)

Agree with Dave.
The copyright laws were revised several years ago.
Now not necessary to register.
registration does make easier to prove prior tho.

Sam

A link has bee added here:

http://www.freerepublic.com/focus/f-news/772470/posts
The Vote Fraud Archives
various links | 10-20-02 | The Heavy Equipment Guy