ES&S Sues Former Workers Over Taking Buggy, Vulnerability-Filled Code
from the why-would-they-bother? dept
Michael Scott alerts us to the news that e-voting firm ES&S has sued two former employees, claiming copyright infringement over code they took with them from ES&S, along with additional trade secrets. I have no idea whether or not this is true, but all I can ask is “why?” As has been documented time and time again, ES&S’s e-voting code has a ton of problems. Remember, these are the machines that have been found to have serious security vulnerabilities, with some serious bugs, such as adding votes to the wrong election, calibration problems that lead to people voting for the wrong candidate, and bugs that resulted in phantom votes. And ES&S is the company that knew about some of these bugs, and let them be used in elections anyway. So if you were going to go off and start your own e-voting company (and it’s not clear these individuals did that), wouldn’t you be better off starting from scratch?
Filed Under: copyright, e-voting, software, trade secrets
Companies: es&s
Comments on “ES&S Sues Former Workers Over Taking Buggy, Vulnerability-Filled Code”
Why would you want to start from scratch when the entire point is to sell elections to the highest bidder? Bugs are the perfect scapegoat to avoid going to jail!
Good Point!
AC makes a good point. Elections can be sold, stolen and rigged. There is no better culprit than the computer. Since day one, workers, world over, have used “the computer did it” as an excuse for whatever.
Re: Good Point!
As someone in IT, I refuse to accept that as an excuse.
I think the main thing to realize is that whether it’s buggy code or not, it’s still complete code and it just can’t be all bad. I’m sure there are pieces of it that work well and are quite valuable, so why not use it and build on top of it?
However, even if they consider it “complete” and use it as is, then why shouldn’t they? If ES&S can use it as is, why couldn’t a competitor? More importantly, if these guys are taking code and trade secrets from their former employee, do you really think they would let integrity stand in the way of profit? Keep in mind that they did come from this shady company in the first place.
Re: Re:
You are obviously not a programmer. Debugging bad code is much harder than writing good code the first time. A simple flow chart or UML diagram would be more helpful than the code, either of which can be easily memorized and are generic enough that a claim would be next to impossible.
Re: Re: Re:
You are obviously not a programmer. Debugging bad code is much harder than writing good code the first time.
sure if you intend to use the code to build products from.
if you just want to sell it to competitors or to people interested in rigging elections, then the bugs (0dayz) contained in the code are worth more than the completed code.
Not Surprised
I think the main thing to realize is that whether it’s buggy code or not, it’s still complete code and it just can’t be all bad. I’m sure there are pieces of it that work well and are quite valuable, so why not use it and build on top of it?
However, even if they consider it “complete” and use it as is, then why shouldn’t they? If ES&S can use it as is, why couldn’t a competitor? More importantly, if these guys are taking code and trade secrets from their former employee, do you really think they would let integrity stand in the way of profit? Keep in mind that they did come from this shady company in the first place.
Question:
What reasonable person can take a machine that “have serious security vulnerabilities, with some serious bugs, such as adding votes to the wrong election, calibration problems that lead to people voting for the wrong candidate, and bugs that resulted in phantom votes” and NOT realize that this is a purposefu endeavor?
Are we so far gone as a “free” nation that we are no longer all that concerned when the machinations of VOTING are so flawed as to render the whole process meaningless?
When i installed word, I didn’t have to “calibrate” the software so it knew when i pressed A that I wanted the letter A on screen, I didn’t have to worry that if I clicked File/Save that it would (without telling me) decide to change the font size.
All this stuff about “calibrating” votes is 100% bullshit. Its a simple matter of “if button A is pressed then candidate A’s votes=candidate A’s votes+1.
I’ve never been sure why these companies claim that their software is so difficult to fix and make sure votes are correct. the only “difficulty” involved is making sure the software has a reasonable level of security (a basic web-connected interface with 2 buttons that sends info on the button pressed (encrypted) would be sufficient…and virtually hack-proof as theres nothing to actually exploit in there.
Re: Re:
“When i installed word, I didn’t have to “calibrate” the software so it knew when i pressed A that I wanted the letter A on screen”
No, but if you have a touch screen display (like most voting machines), you have to calibrate it to make sure that when you hit the A on the screen it types A instead of the S beside it. That’s still something that should be insanely easy and should be a one time thing.
Re: Re: Re:
but if it is a problem … USE AN F*ING MOUSE AND KEYBOARD
everybody i know has used a mouse before and even if you haven’t it is pretty intuitive, and even if you still have problems poll workers can help you out.
Not the point
Your attempt to excuse employee theft of code is quite flawed. Simply put, sloppy code or not, it belongs to the company, NOT the programmer. Something you fail to mention.
Now if they want to start from scratch and write their own evoting code, they are free to do so.
The problem is not
The problem is not that ES&S thinks that the two employees will start a competing company with the crappy software. The problem is that they do not want the crappy code released showing how bad it is.
Start from scratch? This isn't the 70s, Mike.
So if you were going to go off and start your own e-voting company (and it’s not clear these individuals did that), wouldn’t you be better off starting from scratch?
Better yet, why not take what’s broken and fix it, as this would be faster than starting from scratch and get the business up and running much faster.
I would speculate these employees may know exactly what’s wrong with the code in order to take it to begin with.
That alone should make one wonder about it. But hell, what do I care.
Corporate America owns every damn politician anyway, so it doesn’t matter who gets “voted” in.
If those guys had access to the code they probably worked on it. They got paid to write the code so the company ‘owns’ it but can you really steal your own work?
I'm with Miles
“I would speculate these employees may know exactly what’s wrong with the code in order to take it to begin with.”
I would go a step farther and say that perhaps these two are the ones who were ‘encouraged’ to break the code in the specified manner in order to get it to do what ES&S wanted it to do (Dropped votes, misplaced votes, phantom votes…. these sound like designed ‘features’ to me). Nothing pisses off a programmer more than taking the excellent work they did and asking them to ‘break’ it in specific ways. Perhaps these two got tired of all the crap and decided to take their code so they could clean it up to do what it was intended to do, not what ES&S Twisted it into.
What better way to shut them up then to drop them and file suit against them. If they did stand up and say ES&S made us write ‘buggy’ code on purpose, who would believe them now?
Or perhaps my tinfoil hat is just a little tight today….
OK so these things need “calibrating”..change them..have a big RED button for candidate 1…big blue button for candidate 2….etc etc…no calibration..no touch screen, just an on-screen picture of the person you voted for with “you have voted for “…please press the button again to confirm
final note…i assume there aren’t 26 buttons on a voting screen…”please type the name of your candidate here..spelling errors invalidate your vote”…
so why isnt the screen simply split into large chunks, where calibration wouldn’t be needed.
You press for your candidate..it comes up with “you have chosen….NAME…..are you sure?” with big yes/no buttons underneath.
Then shows a final third screen “you voted for NAME…vote recorded”…no fancy interface just plain text…
That way if the vote suddenly “accidentally” goes to the wrong candidate we’d have 100% proof that the election was rigged and whoever created the voting machine could be charged with treason.