With Nowhere Left to Hide, Diebold Pulls Out of North Carolina
Following a flurry of litigation that found EFF fighting both alongside and against the state Board of Elections, Diebold on Thursday withdrew from the North Carolina procurement process, ceding the state's voting machine business to rival ES&S.
In November, Diebold filed suit against the North Carolina Board of Elections in an effort to be exempted from a state requirement that vendors place into escrow (among other things) all source code "that is relevant to functionality, setup, configuration, and operation of the voting system." The code would be available to the Board of Elections and the chairs of the state political parties for review so that they could look for security vulnerabilities, to the extent they wanted to make such an effort. Diebold argued to the Superior Court that it simply couldn't meet that requirement, at least in part because they relied so extensively on third party software for critical system functions. EFF intervened in the case on behalf of local voter integrity advocate Joyce McCloy and succeeded in convincing the judge to dismiss the case, leaving Diebold on the hook for criminal and civil penalties if they failed to comply.
Undaunted, and despite Diebold's admission that it could not meet these requirements, the Board of Elections agreed three days later to certify Diebold.
EFF filed suit against the Board of Elections the next week, arguing that the Board had violated its own obligations to perform extensive security-related tests of all of the code on all certified systems prior to certification. The Board of Elections argued that even though the statute refers to a mandatory pre-certification review of "all" source code, third party software should for some reason be exempted from this process. The court, faced with conceding that the Board of Elections had bungled their certification obligations from the start of the process, denied EFF's motion. But for Diebold, the damage was already done.
Having lost its effort to carve out its own new set of rules, Diebold was forced to withdraw from the North Carolina procurement process because it could not meet the December 22nd escrow deadline. In a letter to the Board of Elections today, Diebold offered to help the state "revise" the law so that "all vendors will be able to comply with the state election law."
Funny. I didn?t realize that the purpose of election integrity laws was to ensure that an equipment vendor could do business with the state.
The Board of Elections, to its credit, gave indications today that it won't try to rewrite the escrow requirement as it did its own pre-certification obligations. But the North Carolina experience demonstrates a shocking obtuseness on the part of vendors and election officials alike. At various stages of this fight, both Diebold (see e.g, page 14 here) and the Board of Elections (see, e.g., pages 26-27 here) forcefully and repeatedly argued that voters have no direct interest in election integrity. Instead, the voting equipment certification process -- one that merely selects the equipment on which voters will be forced to cast their vote -- should be left to the "real" interested parties.
Such myopic sensibilities are not only absurd but dangerous. Too many (though certainly not all) election officials across the country treat the certification process as if the vendors were their clients, deserving of favors and rule bending. Voters -- the only constituency that matters in this process -- are too often treated like ill-mannered party-crashers when they try to ensure that their interests are being protected.
These attitudes have to change, and soon. The sooner everyone recognizes that transparency is the only option, that vendors must be held to the highest possible standards, and that the interests of voters are paramount, the better off we'll all be.