[gs-devel] Urgent Ghostscript query involving election software!

[Ralph Giles]

On Wed, Nov 07, 2007 at 11:51:07PM -0700, Jim March wrote:

> Ghostscript is used by the Diebold Election Systems central tabulator
> software to control ballot layouts for elections in many US
> jurisdictions.  (Sidenote: is that a GPL problem?)

Seems likely that they are not respecting our software license in this 
case. We do not consider bundling as an integrated component intended
to work with other software as "mere aggregation" under the GPL.

I've passed your message on to our business staff, who will pursue 
the issue.

Ghostscript 8.54 was released under two different licenses. The GNU GPL 
and our own "AFPL" license which explictly disallows commercial 
distribution. It would assist our investigation if you could relate 
which license the copy in question reports itself as under. For example,
the output it prints when running 'gswin32c.exe -h' from the Command 
Prompt.

Technical staff can obtain the same information by looking for the 
product name and copyright strings within the executable and 
associated dll.

Ghostscript 8.54 was first released under the AFPL on May 17, 2006, and 
first placed under the GPL May 30, 2006. So it seems likely that this
was a pre-release AFPL version build from our public development tree.

> The OS is Windows 2000.  Here are the directory listing entries we're
> concerned with:
> 
> C:\Program Files\gs\gs8.54\Resource\CMap
> 5/11/2006 7:23a 199,837 UniJIS-UTF16-H
> 5/11/2006 7:23a 256,831 UniJIS-UTF32-H
> 5/11/2006 7:23a 227,921 UniJIS-UTF8-H
> 5/11/2006 7:23a 256,815 UniJISX0213-UTF32-H

Ken already addressed this, but aside from the possibility of clock 
skew, this change would have to have been made by someone with access to 
the machine. Either physically, or through a network connection.

We do not provide an automatic upgrade feature as part of our software, 
and I have never heard of Microsoft doing so for any of their operating 
systems. It is possible of course, than the vendor has added such a
feature.

I would recommend that the agency who purchased the machine immediately 
request a copy of the source code Diebold used to compile their version
of Ghostscript under the terms of the GNU General Public License[1]. (Or 
the AFPL[2] if that is what they appear to have used.) That should 
reveal whether they have modified the program.

So our software, unmodified, would not have changed those files. Such a 
modification must have been initiated either by a user directly, or by 
some software agent acting on behalf of some person. The four files you 
found could have just been changed, or the entire Ghostscript package 
could have been changed and then these four files were missed if the 
modification times were backdated to hide the event.

> Yet here we have changes to GS on 5/11/07.  Worse, the official day's
> proceedings didn't get started until 9:56am according to the audit
> logs.

Perhaps a coincidence, but these same files were modified in our 
development version control system the day before, May 10, 2007,
as revision 6730.[3] This supports the suggestion that they were
tracking our development work and building out of the public
source repository, rather than using a released version. If there
was no requirement for Japanese text in the machine, I find it
unlikely under the circumstances that they would upgrade the
character maps but not the rest of the package.

> * What action on the part of the user would trigger these font installs?

The install would have to instigated explicitly.

> * Would the fonts have come in over an Internet connection, in which
> case what the hell was this thing doing being so connected at all?
> Trust me: it's supposed to be standalone.

New files could have come over an internet connection, or through 
some other connection, such as a USB flash disk.

> *  Is it possible that somebody brought data in from home (or some
> other system) to be loaded into or touched by Ghostscript, and the
> "alien system" had Japanese fonts in it, which triggered loading
> Japanese fonts on the official ballot tabulator station on 5/11/06?

No. There is no such propagation mechanism in Ghostscript.

> What I'm getting at is, where could these files have come from, what
> could have triggered their installation, and is this a trace evidence
> of election tampering?

You may wish to have a technical staff person or consultant attempt to 
compile Ghostscript out of our source repository[4] around revision 
6730 and compare the binaries. This is difficult, but can yield some 
information about the source version used and whether there were 
additional modifications.

I hope that was of some help. Please let us know if you have any 
additional questions.

Sincerely,
Ralph Giles

[1] Specific license information for the GPL release:
    http://svn.ghostscript.com/ghostscript/tags/ghostscript-8.54-gpl/LICENSE
    http://svn.ghostscript.com/ghostscript/tags/ghostscript-8.54-gpl/doc/COPYING
[2] Specific license information for the AFPL release:
    http://svn.ghostscript.com/ghostscript/tags/ghostscript-8.54/LICENSE
    http://svn.ghostscript.com/ghostscript/tags/ghostscript-8.54/doc/Public.htm
[3] The modifications to our development tree can be verified by examing 
    this listing: http://svn.ghostscript.com/cgi-bin/viewcvs.cgi/ghostscript/trunk/gs/Resource/CMap/?rev=6730
    The change is also described in this entry in our issue tracker:
    http://bugs.ghostscript.com/show_bug.cgi?id=688685
[4] Subversion checkout from http://svn.ghostscript.com/ghostscript/trunk/gs/