Posted on 5-11-2003
Copyright
Law Used To Silence Critics
By John Schwartz, The New York Times, 3 November 2003
Forbidden files are circulating on the Internet and threats
of lawsuits
are in the air. Music trading? No, it is the growing controversy
over one
company’s electronic voting systems, and the issues being raised,
some
legal scholars say, are as fundamental as the sanctity of elections
and
the right to free speech.
Diebold Election Systems, which makes voting machines, is waging
legal war
against grass-roots advocates, including dozens of college students,
who
are posting on the Internet copies of the company’s internal
communications about its electronic voting machines.
The students say that, by trying to spread the word about problems
with
the company’s software, they are performing a valuable form
of electronic
civil disobedience, one that has broad implications for American
society.
They also contend that they are protected by fair use exceptions
in
copyright law.
Diebold, however, says it is a case of copyright infringement,
and has
sent cease-and-desist orders to the students and, in many cases,
their
colleges, demanding that the 15,000 e-mail messages and memorandums
be
removed from each Web site. “We reserve the right to protect
that which we
feel is proprietary,” a spokesman for Diebold, David Bear, said.
The files circulating online include thousands of e-mail messages
and
memorandums dating to March 2003 from January 1999 that include
discussions of bugs in Diebold’s software and warnings that
its computer
network are poorly protected against hackers. Diebold has sold
more than
33,000 machines, many of which have been used in elections.
Advocates and journalists have mined the trove of corporate
messages to
find statements that appear to suggest many continuing security
problems
with the software that runs the system, and last-minute software
changes
that, by law, are generally not allowed after election authorities
have
certified the software for an election.
Some colleges, like Swarthmore, have bowed to the pressure and
removed the
x documents from their networks. But in doing so last month,
the dean,
Robert Gross, maintained that Swarthmore supported the students
in spirit.
“We believe their actions express the values of the college,
including its
commitment to prepare students to be engaged, socially responsible
citizens,” he said in a statement. Swarthmore has encouraged
the students
to keep up the debate and is providing legal advice about how
to respond
to the Diebold letters, a Swarthmore spokesman, Tom Krattenmaker,
said.
Last week the advocates’ efforts to keep the documents online
took another
step as Freenet, an international anticensorship organization
that
promotes the anonymous distribution of files, obtained copies
of the
Diebold documents. The technology that the network uses is a
peer-to-peer
service, and is similar in many ways to the software behind
file-trading
companies like Kazaa and the original Napster.
Legal scholars say that the online protest and the use of copyright
law by
Diebold have broad implications and show that the copyright
wars are about
more than whether Britney Spears gets royalties from downloaded
songs.
“We’re so focused on the microview — whether EMI is going to
make a buck
next year — but there is so much more at stake in our battle
to control
the flows of information,” including issues at the core of free
speech and
democracy itself, said Siva Vaidhyanathan, a professor in the
department
of culture and communication at New York University.
Nelson Pavlosky, a sophomore at Swarthmore from Morristown,
N.J., who put
documents online through the campus organization Swarthmore
Coalition for
the Digital Commons said the cease-and-desist letters were “a
perfect
example of how copyright law can be and is abused by corporations
like
Diebold” to stifle freedom of speech. He said that he and other
advocates
wished the college had decided to fight instead of take down
the files.
“We feel like they wimped out,” Mr. Pavlosky said.
But with each takedown, the publicity grows through online discussion
and
media coverage, and more and more people join the fray, giving
Diebold’s
efforts a Sorcerer’s Apprentice feel. The advocates, meanwhile,
are
finding that civil disobedience carries risks. One student who
posted the
documents and has received a letter, Zac Elliott of Indiana
University,
said, “I’m starting to worry about the ramifications for my
entire family
if I end up in some sort of legal action.”
Copyright law, and specifically the Digital Millennium Copyright
Act, are
being abused by Diebold, said Wendy Seltzer, a lawyer for the
Electronic
Frontier Foundation, a civil liberties group. Copyright is supposed
to
protect creative expression, Ms. Seltzer said, but in this case
the law is
being evoked “because they don’t want the facts out there.”
The foundation is advising many students informally and helping
them to
find legal aid, and it is representing the Online Policy Group,
a
nonprofit Internet service provider that got a cease-and-desist
letter
from Diebold after links to the documents were published on
a news Web
site that the group posts.
Diebold has become a favorite target of advocates who accuse
it of
partisanship: company executives have made large contributions
to the
Republican Party and the chief executive, Walden W. O’Dell,
said in an
invitation to a fund-raiser that he was “committed to helping
Ohio deliver
its electoral votes to the president next year.’’ He has since
said that
he will keep a lower political profile. Diebold has been trying
to stop
the dissemination of the files for months with cease and desist
letters,
but the number of sources for the documents continues to proliferate.
Then
in July, the first evaluation of the purloined software from
recognized
authorities in the field — a team involving experts and Johns
Hopkins
University and Rice University — found several serious holes
in the
software’s computer security which, if exploited, could allow
someone to
vote repeatedly, or to change the votes of others. A later review
of the
software for the State of Maryland agreed that the software
flaws did
exist, but that in the practice of real elections, other safety
nets of
security would keep the vulnerabilities in the code from being
exploited.
Diebold has said it has been working to fix problems.
As Diebold continued to deal with the headache resulting from
its leaked
code last week, hackers released software from another of the
three major
high-tech election companies, Sequoia Voting Systems. Reports
of that leak
first appeared in the online news service of Wired magazine,
which
suggested that the company’s software also suffered from poor
security
design.
A spokesman for Sequoia, Alfie Charles, said that the software
that had
been taken was an older version that had been substantially
modified.
Possible security flaws in that software, which were discussed
in the
Wired account do not constitute an actual threat to security,
he said.
Mr. Charles also emphasized that his company’s leak was unlike
that of
Diebold, which had left much of the purloined data unprotected
on its own
site. The Sequoia software was taken from the servers of a “grossly
negligent” contractor to Sequoia, and not from the company itself,
he
said.
That defense does not sway Prof. Rebecca Mercuri, an specialist
in
election technology who teaches computer science at Bryn Mawr
College. The
fact that the software of both companies was not protected raises
questions about their security, she said. “Are these companies
staffed by
folks completely ignorant of computer security,” she said, “or
are they
just blatantly flaunting that they can breach every possible
rule of
protocol and still sell voting machines everywhere with impunity?”
Mr. Bear of Diebold said the election security and the virtual
walls
around his company’s computer network are different; “You’re
looking at
apples and oranges,” he said. Of the security breach, he said,
“We
acknowledge that was unfortunate that that occurred.” But the
“security
and sanctity of the election process,” he said, has been proved
by the
Science Applications International Corporation report.
Mr. Bear said that Sequoia planned to submit its software to
Aviel D.
Rubin, a computer security researcher at Johns Hopkins and the
leader of
the team that analyzed the Diebold code. Mr. Rubin said he was
optimistic
that the relationship with Sequoia would be less adversarial.
“It’s very different from the way that Diebold has been doing
things.” Mr.
Rubin, who has received a cease-and-desist notice from Diebold
because of
his research, said, “The solution is to stop selling insecure
voting
machines and not to continue threatening students who are only
trying to
protect our democracy.”
Voting companies emphasize that their products undergo rigorous
testing
and independent review required by federal laws for certification.
“Judging from the majority of news coverage, one might think
that
companies just throw software together and start selling equipment
and
running elections, when the reality is just the opposite,” Mr.
Charles of
Sequoia said.
Some observers of the fight say it is having an effect beyond
ones and
zeroes and virtual forms of hanging chad. Bev Harris, who is
writing a
book on the electronic voting industry, was among the first
people to
place the Diebold files online.
She said that when she began her research, young people tended
to tell her
that voting was irrelevant to their lives. That is changing,
she said;
“What more important thing can we do so that we can get them
involved, and
see how important voting is?”
|