|Security of Electronic Voting Machines
7/23. Four computer scientists released a
paper [PDF] titled
"Analysis of an Electronic Voting System". They analyzed the source
code for a version of the software used in
Diebold Inc.'s AccuVote-TS voting terminal. The four concluded that "we
discovered significant and wide-reaching
security vulnerabilities". More generally, the paper is a criticism of
software based voting systems, as opposed to paper ballot systems.
Diebold released a statement
in which it said that "We respectfully disagree with the researchers'
It also stated that "We currently have more than 50,000 electronic voting units
installed throughout the United States". See also, Diebold's
Technical Response To The Johns Hopkins
Study On Voting Systems.
The four computer scientists found that "voters can easily
program their own smartcards to simulate the behavior of valid smartcards used
in the election. With such homebrew cards, a voter can cast multiple ballots
without leaving any trace. A voter can also perform actions that normally
require administrative privileges, including viewing partial results and
terminating the election early. Similar undesirable modifications could be made
by malevolent poll workers (or even maintenance staff) with access to the voting
terminals before the start of an election."
They also found that "the protocols used when
the voting terminals communicate with their home base, both to fetch election
configuration information and to report final election results, do not use
cryptographic techniques to authenticate the remote end of the connection nor do
they check the integrity of the data in transit. Given that these voting
terminals could communicate over insecure phone lines or even wireless Internet
connections, even unsophisticated attackers can perform untraceable
They also found that "Cryptography, when used at all, is used
incorrectly. In many places where cryptography would seem obvious and necessary,
none is used. More generally, we see no evidence of rigorous software
engineering discipline." They added that "We also saw no evidence of any
change-control process that might restrict a developer’s ability to insert
arbitrary patches to the code. Absent such processes, a malevolent developer
could easily make changes to the code that would create vulnerabilities to be
later exploited on Election Day. We also note that the software is written
entirely in C++. When programming in an unsafe language like C++, programmers
must exercise tight discipline to prevent their programs from being vulnerable
to buffer overflow attacks and other weaknesses. Indeed, buffer overflows caused
real problems for AccuVote-TS systems in real elections."
Diebold offered several criticisms of the report. It stated that "the
study did not use our current software code".
It stated that "The code was also analyzed without knowledge of the voting machine hardware
in which it is used in actual elections, which caused them to draw many
Diebold also wrote that "It is also important to note that the clinical
research focused almost solely
on software code, and overlooked the total system of software, hardware,
services and election processes that have made Diebold electronic voting systems
so effective in real-world implementations. For example, the study cites
Microsoft Windows communications weaknesses which have been widely publicized
over the past several years. These weaknesses only apply if the voting
terminals are connected to the Internet or some other public network. This is
NEVER the case. As the terminals are not connected to such a network, there are
no opportunities to exploit these weaknesses even if they exist. In addition,
many of the published weaknesses have to do with Internet browsers, e-mail
programs and other Internet related applications. No Diebold elections
terminals use any of these applications."
The paper was written by Aviel Rubin (professor in the
Department of Computer Science at
Johns Hopkins University), Tadayoshi Kohno (Johns Hopkins University Information Security
Institute), Adam Stubblefield (Johns Hopkins University Information Security
Institute), and Dan Wallach (professor
in the Department of Computer Science at Rice University).
Diebold is based in North Canton, Ohio. It provides ATMs and other self
service solutions, physical and electronic security, electronic voting
technologies, essential services and support, and card based systems.
|SDNY Rules on Cost Shifting in Electronic
7/24. The U.S. District Court (SDNY)
Opinion and Order [30 pages in PDF] Zubulake v. UBS Warburg, regarding
which party should bear the costs of restoration and production of e-mail
from backup tapes during pretrial discovery in civil litigation.
Laura Zubulake, who is now an unemployed equities
trader, filed a complaint in U.S. District
Court (SDNY) against UBS Warburg, her
former employer, alleging gender discrimination in violation of federal, state
and local law. In pre-trial discovery, Zubulake seeks from UBS e-mails that
The District Court previously ordered UBS to
restore and produce certain e-mails from 5 of its 94 backup tapes. UBS had the
restoration performed by an outside vendor at a price of over $11,000. The
Court's earlier opinion articulated a seven part test for applying the
proportionality test Rule 26(b)(2) in the context of inaccessible electronic
Zubulake then moved for an order compelling UBS to
produce e-mails from all remaining backup tapes at its expense. UBS argued that the cost,
which it asserts will be about $273,000, should be shifted to Zubulake.
Federal Rules of Civil Procedure, provides, in part, that "Parties may
obtain discovery regarding any matter, not privileged, that is relevant to the
claim or defense of any party, including the existence, description, nature,
custody, condition, and location of any books, documents, or other tangible
things and the identity and location of persons having knowledge of any
However, Rule 26(b) further provides that "The frequency or extent of use of
the discovery methods otherwise permitted under these rules and by any local
rule shall be limited by the court if it determines that: (i) the discovery
sought is unreasonably cumulative or duplicative, or is obtainable from some
other source that is more convenient, less burdensome, or less expensive; (ii)
the party seeking discovery has had ample opportunity by discovery in the action
to obtain the information sought; or (iii) the burden or expense of the proposed
discovery outweighs its likely benefit, taking into account the needs of the
case, the amount in controversy, the parties' resources, the importance of the
issues at stake in the litigation, and the importance of the proposed discovery
in resolving the issues."
The Court wrote that "the presumption is that the responding party must bear
the expense of complying with discovery requests", but that "requests that run afoul of
the Rule 26(b)(2) proportionality test may subject the requesting party to
protective orders under Rule 26(c)", including shifting the costs of discovery.
The Court issued an
Order [39 pages in PDF] on May 13, 2003, that listed seven factors to be
considered by the Court:
"1. The extent to which the request is specifically tailored to discover
2. The availability of such information from other sources;
3. The total cost of production, compared to the amount in controversy;
4. The total cost of production, compared to the resources available to each
5. The relative ability of each party to control costs and its incentive to do
6. The importance of the issues at stake in the litigation; and
7. The relative benefits to the parties obtaining the information."
In the present order, the Court applied this seven part test, and concluded
that UBS should bear 75% of the cost of restoration, and all of the other costs,
such as searching and reviewing the restored e-mails.
This is D.C. No. 02 Civ. 1243 (SAS), Judge Shira Scheindlin
|DC Circuit Affirms in
TransIntel v. FCC
U.S. Court of Appeals (DCCir) issued its
opinion [15 pages in PDF] in Transportation
Intelligence v. FCC, affirming the FCC.
Petitioner, Transportation Intelligence
(TransIntel), and intervenor, Highway
Information Systems (Highway), both make and sell highway advisory radio
systems, which use low power AM radio transmitters to broadcast traffic,
emergency, and other information to drivers. Respondent,
Federal Communications Commission (FCC),
regulates radio frequency devices.
TransIntel filed a complaint with the FCC alleging that Highway
made substantial modifications to a low power AM transmitter that the FCC had
originally authorized in 1979, without seeking a new equipment certification.
TransIntel further alleged that Highway's transmitter caused interference.
Highway then modified its transmitter, and submitted an
application to the FCC for a new certification. The FCC's
Office of Engineering and Technology (OET)
granted the application. TransIntel filed a petition for reconsideration with
the OET in which it also asked that Highway's new certification be rescinded.
The OET denied this petition. Then, TransIntel petitioned the full FCC for
review of the OET's denial. The FCC issued the order, which is the subject of
the present Appeals Court opinion, upholding the OET's denial.
The Appeals Court affirmed, "because the FCC's order rested not
on a factual dispute but rather on the Commission’s estimation of the relative
insignificance of Highway’s infraction, and because that policy judgment was
neither arbitrary nor capricious, we have no basis for overturning the decision
of the Commission."
7/24. MCI WorldCom filed a motion
with the U.S. Bankruptcy Court (SDNY)
regarding its acquisition of Digex. It stated
release that it is "seeking authorization to purchase all outstanding
publicly traded common stock of Digex, Incorporated for a total of approximately
$18 million dollars." Digex, which is based in Laurel, Maryland, is a provider
of enterprise hosting services.
7/24. The Department of Commerce's (DOC)
Bureau of Industry and Security (BIS), which is also still known as the
Bureau of Export Administration (BXA), updated its
"Commercial Encryption Export Controls" to reflect recent changes to its
regulations. See also, story titled "BIS Amends EAR Regarding Encryption
Products" in TLJ
Daily E-Mail Alert No. 683, June 18, 2003, and
notice in the Federal Register, June 17, 2003, Vol. 68, No. 116, at Pages
35783 - 35787.
7/24. The Department of Commerce's (DOC)
Bureau of Industry and Security (BIS), which is also still known as the
Bureau of Export Administration (BXA), published in its website an updated
version of its Denied
7/26. President Bush used his Saturday
address to discuss the 13th anniversary of the passage of the Americans with
Disabilities Act (ADA). He stated that "we are making government websites more
accessible to people with disabilities so that they can more easily find
information about services and programs of the federal government."
7/24. The Department of
Commerce (DOC) held a technology exhibition titled "Technology for all
Bond, Under Secretary for Technology, gave a
which he announced Secretary of Commerce Donald Evans' new departmental
initiatives to support the development of assistive technologies. He also
addressed the National Medal of Technology, which is administered by the DOC. He
stated that "IBM, also a National Medal company winner, is here today with their
web browser for the blind. Medallist Ray Kurzweil's software is also on display.
It is designed to help individuals with learning disabilities read. One last
note of pride, in my own Technology Administration, at the National Institute of
Standards, NIST has brought their amazing Braille reader, which is actually a
tactile display that allows the blind to ``feel´´ electronic images."
7/23. Federal Reserve Board
(FRB) Governor Ben
Bernanke gave a
speech titled "An Unwelcome Fall in Inflation?" at the University of
California at San Diego. He stated, among other things, that "during the late
1990s, economists worked hard to explain the combination of an unusually low
unemployment rate and stable inflation". He cited as one of several possible
contributing factors the "improved matching between workers and jobs,
facilitated by increased access to the Internet". He added that "Many of these
forces continue to operate in today's economy, conceivably with greater force
than in the late 1990s. In addition, measured labor productivity has continued
to increase rapidly since early 2001 -- remarkably so, considering that
productivity tends to be strongly procyclical -- raising the possibility that we
have underestimated the degree to which innovation and better use of existing
resources have increased potential output."
7/15. The Securities and Exchange Commission
(SEC) filed a complaint in U.S. District
Court (DNev) against Investment
Technology, Inc. and others alleging an fraudulent scheme involving the
company's stock and its purported online gambling casino. The complaint names
Investment Technology, Thomas D. Vidmar (its Chairman and CEO), Ulysses "Thomas"
Ware (securities counsel), the law firm of Rosenfeld Goldman & Ware, and Small
Cap Research Group, Inc. and Centennial Advisors (both of which touted the stock
in "analyst reports"). See,
|The TLJ Daily E-Mail Alert was not published on Thursday, July 24, or Friday,
|House Passes CJS Bill With Media Ownership
7/23. The House passed
the "Departments of Commerce, Justice, and State, the Judiciary, and Related
Agencies Appropriations Act for Fiscal Year 2004", by a vote of 400-21. See,
Roll Call No.
This bill contains appropriations for many of the technology related executive branch
entities, including the Federal Communications
Commission (FCC), Federal Trade Commission
(FTC), U.S. Patent and Trademark Office (USPTO),
Office of the U.S. Trade Representative (USTR),
National Telecommunications and Information
Administration (NTIA), and National Institute of
Standards and Technology (NIST). See, story titled "House to Consider CJS
Appropriation Bill" in TLJ Daily E-Mail Alert No. 703, July 22, 2003, for a
summary of the funding levels of the various technology related entities covered by
the bill. See also, story titled "House Begins Consideration of CJS Bill"
in TLJ Daily E-Mail Alert No. 704, July 23, 2003.
The bill also provides, at Section 624, that "None of the funds in this Act may be
used to grant, transfer or assign a license for a commercial TV broadcast
station to any party (including all parties under common control) if the grant,
transfer or assignment of such license would result in such party or any of its
stockholders, partners, members, officers or directors, directly or indirectly,
owning, operating or controlling, or having a cognizable interest in TV stations
which have an aggregate national audience reach, as defined in 47 C.F.R.
73.3555, exceeding thirty-five (35) percent." (Parentheses in original.)
This section has the effect of preventing
the FCC from fully implementing, during FY 2004, the national TV ownership
provisions of its June 2, 2003
Report and Order and Notice of Proposed Rulemaking [257 pages in PDF]
amending its media ownership rules. See, story titled "FCC Announces Revisions
to Media Ownership Rules" in
TLJ Daily E-Mail
Alert No. 672, June 3, 2003.
On July 23, FCC Chairman Michael
Powell released a
statement [PDF] in which he advocated the merits of the FCC's
Report and Order. He stated that "We created
enforceable rules that reflect the realities of today’s media marketplace. The
rules will benefit Americans by protecting localism, competition and diversity."
He added that "It would be irresponsible to ignore the diversity of viewpoints
provided by cable, satellite and the Internet."
On July 23 the Senate Commerce
Committee held a hearing to examine the "public interest and localism".
opening statement of Sen. John McCain
prepared testimony of FCC Commissioner
prepared testimony of
Robert Corn-Revere (Davis Wright Tremaine),
[PDF] of Barry Faber
(Sinclair Broadcasting Group),
prepared testimony of Dave Davis (WPVI-DT),
prepared testimony of
Martin Kaplan (Annenberg School for Communication), and
prepared testimony of
(Media Research Center).
On July 22, FCC Commissioner
Jonathan Adelstein gave a
titled "The Impact of Media Ownership Rules on Minority Broadcasting".
He stated that "I believe the recent changes to the
FCC’s media ownership rules are a disaster for smaller and new entrants. Small
and start-up broadcasters are the big losers -- and that spells trouble for
minority ownership. It is no exaggeration to say that the ruling reduces the
free and full exchange of diverse ideas and opinions on which a healthy
|House Approves Singapore and Chile FTAs
7/23. The House passed
the "United States Singapore Free Trade Agreement Implementation Act",
by a vote of 272-155. See,
Roll Call No.
432. The House also passed
the "United States Chile Free Trade Agreement Implementation Act", by a
vote of 270-156. See,
Roll Call No.
Rep. Jim Moran (D-VA) stated that "In
my congressional district, for example, and there are many such suburban
technology oriented districts like mine across the country, it is going to have
a very significant positive impact for the high-tech community. High technology
trade between the United States and Singapore represents about half of the total
two-way trade. In 2002, the U.S. exported nearly $6 billion in high-tech goods
to Singapore. The technology sector is the largest merchandise exporter in the
United States, and that is the sector that is going to benefit most from the
free trade agreement with Singapore."
Rep. Moran continued that "With respect to intellectual property rights, the
U.S.-Singapore Free Trade Agreement contains protections to ensure that a rich,
diverse, and competitive marketplace will be maintained throughout Asia.
Singapore is our key gateway to the rest of Asia; so it is very important that
they are going to grant our inventors, our writers, our artists, our business
people strong enforceable property rights over the fruits of their creations."
See, Congressional Record, July 23, 2003, at H7497-8.
Rep. Jennifer Dunn (R-WA) stated
that "For our high tech firms, this FTA means strengthening intellectual
property standards. I represent Microsoft's corporate campus and the software
industry loses $12 billion annually due to counterfeiting and piracy. In this
FTA, the Singaporean government will implement tough penalties against piracy
and counterfeiting." See, Congressional Record, July 23, 2003, at H7508.
U.S. Trade Representative (USTR) Robert Zoellick
stated in a
release that "The Trade
Act of 2002 renewed presidential Trade Promotion Authority after an eight-year
lapse, and today's vote demonstrates that President Bush and Congress will work
together to make good use of TPA to open markets around the world for American
businesses, workers, and farmers."
Zoellick added that "These cutting-edge
agreements eliminate tariffs, tackle non-tariff barriers, open services markets,
strengthen the intellectual property protections for our knowledge industries,
and enhance labor and environmental protections".
On July 17, the Senate Finance
Committee unanimously approved legislation implementing the Chile FTA (S 1416) and the
Singapore FTA (S 1417). The
Senate Judiciary Committee,
which has jurisdiction over the visa provisions, also approved the bills on July
17. These bills still require approval by the full Senate.
See also, texts of the
U.S. Singapore Free
Trade Agreement and the
U.S. Chile Free
|More Trade News
7/24. Rep. Michael Michaud (D-ME) and
others introduced HR 2879, a bill to repeal the Bipartisan Trade Promotion
Authority Act of 2002. It was referred to the
House Ways and Means Committee, where
it is not likely to see any action.
7/23. The U.S. International Trade Commission
(ITC) determined that "a U.S. industry is materially injured or threatened with
material injury by reason of imports of DRAMs and DRAM Modules from Korea that
the U.S. Department of Commerce has determined are subsidized. ... As a result
of the Commission's affirmative determination, the U.S. Department of Commerce
will issue a countervailing duty order on imports of DRAMs and DRAM Modules from
Korea." See, USITC
|More Capitol Hill News
7/25. The House adjourned until September. The Senate remains in session.
7/24. The House Armed Services
Committee's (HASC) Subcommittee on Terrorism, Unconventional Threats and
Capabilities Subcommittee held a hearing titled "Cyber Terrorism: The New
Asymmetric Threat". See, prepared
testimony [36 pages in PDF] of the General
prepared testimony of Robert Lentz (Information Assurance, Department of
prepared testimony of Scott Charney (Microsoft), and
prepared testimony [PDF] of Eugene Spafford (Purdue University).
7/24. The House Judiciary
Committee's Subcommittee on Courts the Internet and Intellectual Property
(CIIP) held a hearing titled "Patent Quality Improvement".
testimony of Charles Van Horn (Finnegan Henderson, on behalf of the
American Intellectual Property Law Association),
of Mark Kesslen (J.P. Morgan Chase, on behalf of the Financial Services
testimony [PDF] of David Simon (Intel),
and prepared testimony of
John Thomas (Georgetown University).
7/22. The House Judiciary Committee's
Subcommittee on Courts the Internet and Intellectual Property (CIIP) amended and approved
the "Cooperative Research and Technology Enhancement (CREATE) Act of 2003".
Rep. Lamar Smith (R-TX) and
others introduced the bill on June 9. The CIIP Subcommittee held a hearing on
June 10. See, story titled "Representatives Introduce Patent Bill to
Encourage Collaborative Research" in
TLJ Daily E-Mail
Alert No. 680, June 13, 2003.
7/24. The The House Judiciary
Committee held a hearing titled "Antitrust Enforcement Agencies: The
Antitrust Division of the Department of Justice and the Bureau of Competition
of the Federal Trade Commission". See,
statement of the Federal Trade Commission
(FTC), and prepared
testimony of Hewitt Pate,
Assistant Attorney General in charge of the Department of Justice's
7/22. The House Judiciary
Committee's Subcommittee on Commercial and Administrative Law, and
Subcommittee on the Constitution, held a hearing on
the "Defense of Privacy Act". This bill would amend Title 5 to require that when
federal agencies promulgate rules, that they take into consideration the impact
of such rules on the privacy of individuals. See,
of Rep. Chris Cannon (R-UT),
of Rep. Steve Chabot (R-OH), and
of Sen. Charles Grassley (R-IA). See
also, prepared testimony
of Bob Barr (American Conservative Union),
prepared testimony of
Jim Dempsey (Center for Democracy & Technology),
and prepared testimony
of Laura Murphy (American Civil Liberties Union).
7/24. The House Committee on
Financial Services (HFSC) amended and approved
the "Fair and Accurate Credit Transactions Act", or FACT Act. The
bill addresses identity theft protections and establishes permanent national credit
reporting standards. See, HFSC
release. Wayne Abernathy, Assistant Secretary of the Treasury for Financial
Institutions, stated in a
release that "This
legislation is timely. Virtually every day brings news of the growing scope of
identity theft. New estimates suggest that as many as 7 million Americans may
have become victims of this crime in the last year. But the real tragedy is the
way this crime disrupts the life of each one of its victims. The tools in this
legislation will strengthen the fight against identity theft." He added that "We
look forward to continuing to work with the Congress in the legislative
refinement process as the bill moves on to consideration by the full House of
Representatives and by the Senate."
|Monday, July 28
The House is in recess until September.
The Senate will meet at 11:00 AM. It will resume consideration of
S 14, the
"Energy Policy Act of 2003".
|Tuesday, July 29
9:30 AM. The Senate
Committee will hold a hearing on several nominations, including
Penrose Albright to be Assistant Secretary of Homeland
Security for Plans, Programs and Budgets, and Joel Kaplan to be Deputy
Director of the Office of Management
and Budget (OMB). Location: Room 342,
? 9:30 AM. The Senate Judiciary
Committee might hold an executive business meeting.
The agenda includes consideration of several
judicial nominations, including Henry Saad (U.S. Court of Appeals for
the 6th Circuit), Larry Alan Burns (Southern District of California), Glen
Conrad (Western District of Virginia), Henry Floyd (District of South
Carolina), Kim Gibson (Western District of Pennsylvania), Michael Mosman
(District of Oregon), and Dana Sabraw (Southern District of California).
Press contact: Margarita Tapia at 202 224-5225 or David Carle (Leahy) at 202 224-4242.
This Committee frequently changes the time
and agenda of its meetings without notice. Location: Room 226, Dirksen Building.
2:30 PM. The Senate Judiciary
Committee's Subcommittee on Immigration, Border Security and Citizenship
will hold a hearing on the L1 visa program, under which an alien who
has specialized knowledge or holds a managerial or executive position in a
business may obtain a visa to work temporarily in the U.S. to work for an
affiliate or subsidiary business. Press contact: Margarita Tapia at 202
224-5225. Location: Room 226, Dirksen Building.
|Thursday, July 31
9:30 AM. The Senate Commerce
Committee will hold a business meeting. See,
notice. Press contact: Rebecca Hanks (McCain)
202 224-2670 or Andy Davis (Hollings) at 202 224-6654. Location: Room 253,
10:00 AM. The President's Export Council subcommittee on Export
Administration (PECSEA) will hold a meeting. See,
notice in the Federal Register: July 15, 2003, Vol. 68, No. 135, at Page
41782. Location: Room 3884, Department of Commerce, 14th Street between
Pennsylvania and Constitution Avenues, NW.
Deadline to submit applications for loans or combination loans and grants
to the Rural Utilities Service (RUS)
under its FY2003 Distance Learning and Telemedicine Program. See,
notice in Federal Register, March 3, 2003, Vol. 68, No. 41, at Page 9973.
2:30 PM. The Senate Commerce
Committee's Communications Subcommittee will hold a hearing on the
Internet Corporation for Assigned Names and Numbers (ICANN).
The witnesses will be
Nancy Victory (National
Telecommunications and Information Administration), Paul Twomey (P/CEO of
ICANN), Ari Balough (SVP of VeriSign), Alan Davidson (Center for Democracy and Technology), and Paul
Stahura (CEO of eNom). Sen. Conrad Burns
(R-MT) will preside. See,
notice. Press contact:
Rebecca Hanks (McCain) 202 224-2670 or Andy Davis
(Hollings) at 202 224-6654. Location: Room 253,
|About Tech Law Journal
|Tech Law Journal publishes a free access web site and
subscription e-mail alert. The basic rate for a subscription
to the TLJ Daily E-Mail Alert is $250 per year. However, there
are discounts for subscribers with multiple recipients. Free one
month trial subscriptions are available. Also, free
subscriptions are available for journalists,
federal elected officials, and employees of the Congress, courts, and
executive branch. The TLJ web site is
free access. However, copies of the TLJ Daily E-Mail Alert are not
published in the web site until one month after writing. See, subscription
Contact: 202-364-8882; E-mail.
P.O. Box 4851, Washington DC, 20008.
Copyright 1998 - 2003 David Carney, dba Tech Law Journal. All