A copy of an email I received has been passed around on various mailing lists. Several people, including reporters, have asked me to confirm its authenticity. Since everyone seems to have read it already, I might as well publish it here. Yes, it is genuine.
====
Sender: Smith, Ed [address redacted]@sequoiavote.com
To: felten@cs.princeton.edu, appel@princeton.edu
Subject: Sequoia Advantage voting machines from New Jersey
Date: Fri, Mar 14, 2008 at 6:16 PM
Dear Professors Felten and Appel:
As you have likely read in the news media, certain New Jersey election officials have stated that they plan to send to you one or more Sequoia Advantage voting machines for analysis. I want to make you aware that if the County does so, it violates their established Sequoia licensing Agreement for use of the voting system. Sequoia has also retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis. We will also take appropriate steps to protect against any publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property.
Very truly yours,
Edwin Smith
VP, Compliance/Quality/Certification
Sequoia Voting Systems
[contact information and boilerplate redacted]
Front page posts
So will we get a separate post on a) how you have/will respond and b) the implications of a licensing agreement that prohibits testing.
very interesting email.
I think a policy like that should make the use of said machine a no go in any election at any level.
Ben, it seems that the policy doesn't prohibit testing ... it prohibits independent testing. (Which is a worse prohibition. It means you can get biased testing results out there, but not unbiased results)
Wow, I'm stunned. Somehow, this voting machine thing is all about... intellectual property? Could a company really try to use copyright law as a weapon when it clearly has no place? To quote:
"infringement of our intellectual properties, including any non-compliant analysis"
Oh, brother.
(/sarcasm)
But, Michael, of *course* intellectual property is *much* more important than the integrity of the voting process!
I'm not entirely sure why *anyone* trusts any Sequoia machines *anywhere* near any voting system, or indeed any system for which security is at all important. Emails like this make it plainer than ever that they're part of the problem space, not the solution space...
Why would the election officials agree to no independent testing given the recent voting machine news? Couldn't they simply force the Sequoia and the like to allow this? What are the voting systems companies going to do... find customers outside the government?
Sounds like a desperate attempt to stop an independent evaluation of their system, and this alone tells a lot about how (in)secure their system might be. I wonder whether they can really enforce their "intellectual property" (whatever they mean by that) without totally destroying their credibility.
I don't think this has anything to do with "intellectual property" and rather with contract law. By default, when you buy software you own your copy. This means you can run it however you want, as well as to read your copy of the software (for example via a disassembler). You are free to accept more restrictive licensing terms when buying the software, but it's your fault if you do. If, indeed, the contract says what the laywers say it does, then NJ has a serious problem.
Clever wording, by the way: "publication of Sequoia software" is, indeed, copyright infringement, but there is no hint of any vote-machine reviewer having ever done that. "Publication of ... its behaviour", on the other hand, is perfectcly legal (perhaps Sequoia intends to claim that the bugs in the software constitute trade secrets?).
Problem for Sequoia is that if their contract is with the State of New Jersey, contract law may do them no good. Unless a State lets you sue them, you can't sue a State (with some exceptions stemming from the 14th amendment).
Of course, if they are trying to sue the state under intellectual property laws they may be out of luck as well. A State has immunity from patent and trademark suits filed by anyone but another state or the feds, presumably also from copyright laws.
I don't know whether than immunity extends to independent contractors hired by the state though.
[...] This blog post on freedom-to-tinker came up in my feed reader today: http://www.freedom-to-tinker.com/?p=1265 [...]
Another item for the Gallery Of Legal Threats :-(
The s*** is going to hit the fan. Probably 2 nights from now we'll see this story on Nightline.
Voters are really concerned about the integrity of the process, with so much at stake in November. Even my 70 year old mother (*especially* my 70 year old mother) is concerned & interested in this topic.
Sequoia -- methinks thou doth protest too loud. (Not really used appropriately, but I do think they are protesting too loud (too loud = at all) )
This looks rather sad for the voting machine company. "No! Don't show it to Ed Felten, he'll rip it apart and embarrass us!" Typically when experts review products, the makers usually say something like, "hey, here's a free one, please test it out and let us know what you think." Not sure why this is any different.
Anyway there's a great opportunity for Princeton Undergrads looking for a project in Prof Felten's class (a class I was lucky enough to take while at Princeton). Design a secure voting machine that passes muster. You'll have customers lined up, as they already recognize the Felten lab as an authority on this stuff. Perhaps it would be a semester-long project. Let me know if you actually do it! ;)
I am William Bunker and I am running for House of Representatives in Massachusetts.
Sequoia 'Advantage' voting machines and any electronic voting machine have a Constitutional liability to publish their source code and all software and to print out a paper trail when recording votes.
Failing to do this is grounds for a junk election and interfering in this process is arguably vote fraud. Depending on the circumstances, legal action to attempt to conceal vote machine source code may itself be fraudulent in nature.
We've all seen a wealth of evidence supporting probable and in some cases unmistakable intentional electronic voting fraud. Minimizing this risk is important, and prosecuting suspects of this is important. Due to the free and public nature of elections companies have no right to expect privacy of voting machine source code.
See my page at www.myspace.com/peaceisthesymptom and watch the video of the programmer testifying before congress. He says that he was asked to produce a program to discreetly change vote totals in public elections. This kind of behavior by companies is unacceptable.
I will introduce legislation to investigate and prosecute electronic voting companies and ask our judiciaries to find cases against them if elected.
Although Sequoia's behavior is legally excusable (?), it is a force against fair elections. This is not as much an issue of open-versus-closed-source systems, as an assertion of power by the e-voting industry over the state.
I won't make the leap that Sequoia's reasoning is that the machine is a dump, though. However, I'll remain skeptical of its performance unless trusted third parties give it their approval.
Pure scare tactics. If there is a valid legal issue, it's with the state not with the researcher.
The only way to make voting secure is open is to make it open. The system I'd like to see gives everyone who votes a receipt with a unique code number identifying their vote. The consumer should be able to go to a website after the election and check that their vote was actually counted. If votes go missing, people will find out.
Wow. Our democracy is now the IP of BigCos......
I vouch $100 for the legal defense fund, should one be formed.
What folamir describes would break receipt-freeness, one of the desirable security properties of any election system. With their receipts voters could accurately prove to third third-parties how they voted, and this would make them more susceptible to coercion. Not providing such a receipt for the "right" candidate would be seen as disobedience and could be punished by a coercer. Voters would be also able to sell their votes this way.
Too bizarre. I can't wait until Ford sends a letter like this to Car & Driver, or Maytag sends one to Consumer's Reports.
Basically what they're saying is "Our product is so bad that if you mention it aloud, we'll SUE!!"
disgusting,i hope youre not going to listen to them. that would be a shame
I wish you had left in the contact information.
Out with the Diebold, in with the Diebnew...
I can see where a company wants to protect it's trade secrets from competitors. But voting machine technology must not be transparent to the public if we are to protect the sanctity of democratic processes. A judge may not be able to see this correctly, but if you get enough politicians or government organizations behind you on this, you should be able to get Sequoia to at least back down.
We went through much of the same issue as a prelude to the California Top-to-Bottom Review. There were never any explicit threatening letters like the one sent to Princeton, but we fully expected something like this could well have happened. Consequently, we were all employed by the University of California in order for the State of California to shield us all from any liability if any of the vendors might have decided to try suing us personally. A lot of lawyers spent a lot of time and energy concluding that this was the proper way to do the review.
If/when a review occurs in New Jersey, particularly given this vendor's striking lack of cooperation, I imagine similar advance legal preparations will need to take place.
IANAL, but...
In the initial Supreme Court decision establishing the doctrine of Fair Use, the SC said that Congress is forbidden
to establish a copyright regime so strict as to damage First Amendment Freedom of the Press and Freedom of Speech;
published reviews containing quoted extracts were the specific matter in question.
By 14th Amendment extension, the same applies to the States and their contract laws.
IMNHO, Sequoia's position is Constitutionally unsupportable.
It should be easy enough, by law or regulation, to make availability for testing by whoever the state chooses a prerequisite for continued certification. But it does surprise me a little that Sequoia was stupid enough to send a letter that would reflect so badly on them.
I think I will never understand the irrational fear of socialism that is so prevalent in America that such a fundamental process of government, running an election and counting the votes, is done by private corporations.
In fairness to Sequoia, I can understand them not wanting proprietary technological information reaching the public domain, and you could even argue that it's a technical violation of the warranty. But they don't really think you're foolish enough to publish anything a rival firm could exploit, do they?
[...] embracing this test as an opportunity to prove the exceptional security of their systems, instead sent a threatening email to Felten, saying that election officials who sent a machine to Felten would be breaking the state’s [...]
[...] Take a moment to read the post here, Freedom to Tinker » Blog Archive » Interesting Email from Sequoia. [...]
You could always just get hired as an Employee/Contractor by the State of New Jersey temporarily, which would mean that you're no longer independent and instead working for the government, which would probably neatly work around the licensing agreement.
Or the NJ government could just make independent authorization a criteria for bidding, in which case that would also neatly work around the problem. :)
Are they trying to suggest contractual interference? ie: you are enticing NJ to violate their contract?
One thing for sure is that hackers never violate licensing agreements...
To hell with their license. Crack their code open and show the world all the bugs.
If Sequoia didn't have problems with their voting machines, they would let people inspect them.
Independent research is almost always covered under fair use, as far as I know.
If anyone actually read the CA source code review, they know why Sequoia would send such a letter.
If anyone actually worked with the Sequoia system, they wonder why the ill-guided letter from Sequoia was not stronger!
THEY ARE AF5RAID OF YOU REVEALING THE TRUTH!
If a company wishes to create a system for any mass public use/good then if the taxpayers or those who represent them wish to verify/validate any and all claims by said company about their good/service the company should be fully willing to do so. If they are not then the contract with said entity should be considered Null and Void under the best interest of the PEOPLE. As for IP claims about 3rd party testing this si not common go home and dig out your EULA for any and all Microsoft products, they expressly forbid testing without their consent. Is it right? NO But that's the kind of stuff that is allowed to happen when people care more about the almighty dollar than the good of the people.
Remember for the Dollar and by the Dollar is how this country is run.
Send me one.
Shhhhhh! All this independant thought could rouse the anger of our shadowy overlords whom are wiser than We The People.
Best to just go back to watching American Idol and tabloid news.
If this is really just a contract matter... why can't NJ just breach the contract?
I seem to remember that there is a breach of contract defense available when the contract violates public policy. Does NJ recognize this defense? Do the terms of this license agreement rise to the level of a public policy breach as recognized in the courts?
[...] pas des protections contre les fraudes mais de protections légales qui visent à interdire de vérifier comment fonctionne le dispositif. Pour information, les professeurs Felten et Appel mentionnés dans ce dernier lien sont des [...]
"I don’t think this has anything to do with “intellectual property†and rather with contract law. By default, when you buy software you own your copy. This means you can run it however you want, as well as to read your copy of the software (for example via a disassembler)."
Hi Lior,
This is not strictly true, for example if you disassemble code and print out the disassembly for analysis.
A commonly cited test case is Sega Vs. Accolade, in which Accolade reverse-engineered Sega's code to figure out how to interface with a Sega Genesis.
Accolade's defense argued that (1) the object code was not really copyrightable, (2) transient copies like printouts did not fall under copyright (they weren't publishing or distributing them or such); and (3) it's all fair use anyway. The judge did not buy (1) or (2), concluding that transient copies of disassembled code were subject to copyright restriction. However, he concluded that it clearly fell under fair use.
I think if Sequoia believes copyright restricts analysis of their software, they are uninformed and don't have a case; on the other hand, it doesn't hurt to consult with a lawyer and make sure to reverse-engineer with care.
Just send the machines to Florida, the votes don't count here anyway. Remember hanging chads and early primaries void our votes anyway.
Why is this company asserting that:
1. Professors Felten and Appel are bound by the "Sequoia licensing Agreement" between Sequoia and New Jersey? They are not. Its not possible to violate an agreement that does not exist.
2. They have a right to prevent "non-compliant analysis". Compliant with what, an agreement that Professors Felten and Appel have never been party to and are not bound by? Ridiculous.
Why are so many shady and seemingly criminal acts being perpetrated around voting machines that are going uninvestigated and unprosecuted? Not only Diebold ( or whatever new pseudonym they call themselves these days to try and conceal their identities.. sure seems like something a legit company would do! ), but now Sequoia as well.
@catalin: "paper trail" does not necessarily entail a receipt that you carry off site. What it could mean is this:
1) every voter gets an anonymous printout of their vote, so they can check that their vote has been recorded according to their wish.
2) every printout goes into a ballot box - still anonymously
3) after closing, the voting machine tallies the votes, more quickly than hand counts - that is the one thing voting machines are good for
4) after the election, the results of randomly selected (AFTER the vote) voting districts are compared to the printouts collected, to see if any manipulation happened
So let me understand it - for the computer phobic public:
What the legislators want us to believe:
we have a solid/transparent system that ensures a valid count and security of voting
Reality:
This company is scarred sh*t less of an academic analysis of their system