Re: GNOME Foundation Annual Elections - proposal

From: George <jirka 5z com>
To: Aleksey Sanin <aleksey aleksey com>
Cc: Glynn Foster <Glynn Foster Sun COM>, foundation-list gnome org
Subject: Re: GNOME Foundation Annual Elections - proposal
Date: Fri, 12 Sep 2003 09:45:11 -0700
On Fri, Sep 12, 2003 at 09:26:31AM -0700, Aleksey Sanin wrote:
> 0) Voter responsibility.
> "Open" voting is really open. You have to think about your decisions and 
> take responsibility
> for what you are doing.  Anonymous voting makes the voter less 
> responsible than s/he would be
> in case of "open" voting. In the ideal world, every voter makes an 
> informative and responsible
> decision based on best of her/his knowledge. However, in real life 
> people are lazy. If nobody
> see the results then voter would spend less time thinking about her/his 
> decisions thus adding
> "randomness" to voting results. The best example of this is the issue 
> raised by Glynn's message:
> the "open" voting makes people think about how  their votes would affect 
> their relationship with
> colleges, etc. In anonymous voting one would not think about this and 
> probably about other
> consequences of her/his voting.

But it's bad, your relationship with a collegue has nothing to do with how
that person would do if serving on the board.  I think there is more
"randomness" in open voting really and election will be more based on
personal contants rather then popular opionion.

> 1) Voting results manipulation.
> Anonymous voting is more vulnerable to voting results manipulations 
> because of its closed nature.
> There is a good proposal to allow voter to view his/her results after 
> voting but it's not enough.
> One can still manipulate the votes and nobody would notice it. In order 
> to do this one need to just
> make the code show one results to voter and use another results for 
> counting actual results.
> The "open" voting eliminates this possibility because everyone can look 
> at one big table of votes
> and do results re-calculation by him/herself. I have no doubts that 
> GNOME Foundation board of
> directors is not going to play dirty games. But we don't know what would 
> be the situation in the
> future and who and why would need to win the election. IMHO, the system 
> should be designed to
> prevent an attack of a "bad guy". You know that if something bad can 
> happen then it would happen :)

You can look at all the votes, they will just be indexed by the 'secret'
keys.  So you'll see all the votes, you just won't know who cast what vote.
With Alan's proposal it will even make it hard to do 'ballot stuffing' since
you can check that all the keys are accountable.

The only "cheating" you can do is if you have an electorate that doesn't
care.  That is if you know someone doesn't care about election, then
you could just cast the vote for the person.  But you can do that anyway
if the voting is open or not.

> 2) Voting results un-anonymity.
> In the ideal world, nobody has access to private key used for voting. 
> However, some program
> needs to generate these keys, send out to voters, etc. As in the 
> previous topic, I have no doubts
> that currently nobody would try to get access to this information. But 
> it's technically possible
> and one day one bad guy might decide to do this. S/he would get 
> advantage by knowing more
> than other people and can use this knowledge for doing bad things. In 
> open voting everyone
> has access to the same data. There is no reason to try to break the 
> system because there are no
> secrets.  Anonymous voting creates secrets thus it creates a reason to 
> get these secrets and use
> for profit. One can provide a technical solution that would help with 
> this problem (strong cryptography,
> very strong cryptography, real strong cryptography, etc.) But the truth 
> is that any technical solution
> can be broken (especially by people from inside).

This is not voting for a new government in a country after 15 years of
civil war.  Nobody will go to your house and blow it up and rape your
dog because you didn't vote for him/her.

Plus the script or program used for voting can be set up such that it doesn't
store the info about email <-> key assosiation past the voting period.

But I think that's being overly anal.  I think that the voter info in this
case can be entrusted to the voting comittee without any 'adverse' effects.
I can't quite see how you could turn the fact that Joe Hacker voted for RMS
into profit (perhaps blackmail:).

I don't see where cryptography (of any kind, not sure what difference is of
strong, very strong or real strong) comes in.

> Bottom line:
> "Open" voting is a simple system. It has a disadvantage that voters have 
> to think about what are
> they doing (i.e. think how their voting would affect their relationship 
> with colleagues, etc.) But is it
> a disadvantage at all? Anonymous voting creates secrets and puts some 
> people in the position
> where they have more power to play dirty games. And this *creates the 
> reason* to play dirty games.
> Thus one day one bad guy would do it. Personally I feel more comfortable 
> to stay with current
> "open" voting.

You can't play any more dirty games with annonymous voting if done as
proposed as you can with open.

George

-- 
George <jirka 5z com>
   I finally figured out the only reason to be alive is to enjoy it.
                       -- Rita Mae Brown
References:
- GNOME Foundation Annual Elections - proposal
  - From: Glynn Foster
- Re: GNOME Foundation Annual Elections - proposal
  - From: Aleksey Sanin
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]