Over the last couple of weeks, the GNOME Foundation board of directors
have been discussing the annual elections, and in particular the
'openness' of the results. We would like to put forward a proposal for
anonymous voting, to be in effect for the annual elections in November
2003.
While I understand the issues with
"open" voting raised in Glynn's message, I would like to
point
out that anonymous voting has its own problems which should
not be overlooked. I would
appreciate if the GNOME Foundation
board of directors can share their thoughts
about these
problems (if it is possible).
0) Voter
responsibility.
"Open" voting is really open. You have
to think about your decisions and take
responsibility
for what you are doing. Anonymous voting
makes the voter less responsible than s/he would be
in case of
"open" voting. In the ideal world, every voter makes an
informative and responsible
decision
based on best of her/his knowledge. However, in real life people are
lazy. If nobody
see the results then voter would spend less time
thinking about her/his decisions thus
adding
"randomness" to voting results. The best example
of this is the issue raised by Glynn's message:
the "open"
voting makes people think about how their votes would affect
their relationship with
colleges, etc. In anonymous voting one
would not think about this and probably about other
consequences
of her/his voting.
1) Voting results manipulation.
Anonymous
voting is more vulnerable to voting results manipulations because of
its closed nature.
There is a good proposal to allow voter to view
his/her results after voting but it's not enough.
One can still
manipulate the votes and nobody would notice it. In order to do this
one need to just
make the code show one results to voter and use
another results for counting actual results.
The "open"
voting eliminates this possibility because everyone can look at one
big table of votes
and do results re-calculation
by him/herself. I have no doubts that GNOME Foundation board of
directors is not going to play dirty games. But we don't know
what would be the situation in the
future and who and why would
need to win the election. IMHO, the system should be designed to
prevent an attack of a "bad guy". You know that if
something bad can happen then it would happen :)
2) Voting
results un-anonymity.
In the ideal
world, nobody has access to private key used for voting. However,
some program
needs to generate these keys, send out to voters,
etc. As in the previous topic, I have no doubts
that currently
nobody would try to get access to this information. But it's
technically possible
and one day one bad guy might decide to do
this. S/he would get advantage by knowing more
than other people
and can use this knowledge for doing bad things. In open voting
everyone
has access to the same data. There is no reason to try to
break the system because there are no
secrets. Anonymous
voting creates secrets thus it creates a reason to get these secrets
and use
for profit. One can provide a technical solution that would help with
this problem (strong cryptography,
very strong cryptography, real strong cryptography, etc.) But the truth
is that any technical solution
can be broken (especially by people from inside).
Bottom line:
"Open" voting is a simple system. It has a disadvantage that voters
have to think about what are
they doing (i.e. think how their voting would affect their relationship
with colleagues, etc.) But is it
a disadvantage at all? Anonymous voting creates secrets and puts some
people in the position
where they have more power to play dirty games. And this *creates the
reason* to play dirty games.
Thus one day one bad guy would do it. Personally I feel more
comfortable to stay with current
"open" voting.
Thank you in advance,
Aleksey Sanin
