Re: anonymous vote security ...

From: George <jirka 5z com>
To: Michael Meeks <michael ximian com>
Cc: foundation-list gnome org
Subject: Re: anonymous vote security ...
Date: Thu, 18 Sep 2003 09:28:59 -0700

On Thu, Sep 18, 2003 at 03:49:15PM +0100, Michael Meeks wrote:
> 
> 	Since I'm feeling left out of this thread, I thought I'd fit some
> electioneering in; I was just thinking:
> 
> 	The suggested magic-key -> vote mapping seems entirely sensible and
> reasonably non-susceptible to fixing; however - there remains the
> possibility that multiple people with identical votes could be covertly
> issued the same cookie, and thus shrink a selected candidates vote count
> without being detected.

You'd need to know that the people are going to vote the same.  They can't
know because then you wouldn't need to do it (you're doing it so that they
don't suspect).  Supposing there are 20 candidates then by random choice
the chances are 1/167960 that two particular people will vote the same.
If there are 15 candidates this is 1/1365.  Now even there if you actually
as a fraud person to beat these odds and managed to 'fix' this result and
make it possible to insert one more vote, you'd still insert only one vote.
Not to mention that since there are 15 candidates there's little chance
of 'overcrowding the board' with 'evil and unpopular' candidates.  Also note
that I'm not counting the possibility that people can vote for less then 11
people.

So with those odds, such a 'fix' would occur once in a millenium if it was
tried every year (given 15 candidates).  And even then your efforts would get
you one extra vote.

Though obviously this method would work almost perfectly if there are only 11
candidates, but then who needs to fix elections :)

Also note that this is easily prevented if piece of the 'voter-id' is
supplied by the voter himself.  For example you could have a field on the
ballot with:

Pick a random number or string (up to reasonable size):

Then you are out of luck as a 'would be fixer'.  I suppose it's not hard
to add and could be optional, and if it addresses any 'cheating fears'.
You could have people run 'mcookie' and put the result there (and obviously
keep it for your records).

But I have to say: WOW, the first actual technical 'issue' suggested, though
due to the odds of success it's not actually much of a real problem.  But
the above fix could make people trust it more.

> 	Thus I believe it should be mandatory for a large number of comedy
> candidates - who should never be elected to stand - such that a
> sufficiently random vote distribution occurs that this is not possible;

Sure if there are 30 candidates then if voting is random then the probability
is 1/54627300.  So the last time it was possible to do this cheat was when
the dinosaurs were still around.

> 	Or in other words "vote for me" ! ;-)

Sneaky bastard :)

George

-- 
George <jirka 5z com>
   You can't say civilization isn't advancing: in every war they kill you
   in a new way.
                       -- Will Rogers

Follow-Ups:
- Re: anonymous vote security ...
  - From: Michael Meeks

References:
- anonymous vote security ...
  - From: Michael Meeks

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]