Re: anonymous vote security ...

[George <jirka 5z com>]

On Fri, Sep 19, 2003 at 06:42:07AM +0100, Michael Meeks wrote:
> On Thu, 2003-09-18 at 17:28, George wrote:
> > Supposing there are 20 candidates then by random choice
> > the chances are 1/167960 that two particular people will vote the same.
> 
> 	Right; however emperically this is not so; hence the call for lots of
> random candidates; as a matter of interest I just grokked the 2001
> election results with my rough hash thing and found:
> 
> 	ole gnu org == jsk29 cornell edi
> 	bruce perens com == garrison users sourceforge net [RMS only;-]
> 	bganslan gmx net == pat gnu org == itp ximian com
> 
> 	Which I guess is pretty good, a risk of only 3 votes max being lost to
> anyone ;-)

Obviously however you'd have to guess those 3 votes would be equal, which is
still very unlikely you'd be able to do that.  Perhaps not as unlikely as
1/167960, but not likely enough to be worth even looking at.  And even if you
managed to do that, it's just 4 votes (note it's 4 not just 3).  Which could
perhaps mean that a person might get into the board that wouldn't otherwise,
but obviously that person was already quite popular to begin with.

Last time we had 211 valid votes, and you'd really need to get around 100
votes to get in.  That is, you'd have to already be popular with about 50% of
the voters to 'cheat your way in' this way.  Say if a less popular candidate
like RMS was to use the vast resources of his organization to cheat his way
in, he'd have to come up with about 50 votes.  (Not picking on RMS in
particular, he's just serving as an example here).  Also note that no matter
where you'd put an extra 4 votes in last elections, the actual board would
not be different.

We'll run a bigger risk in case the foundation voters become less interested
in the results however, but then we're getting skewed results anyway, and it
doesn't matter what voting system we use.

> > So with those odds, such a 'fix' would occur once in a millenium if it was
> > tried every year (given 15 candidates).  And even then your efforts would get
> > you one extra vote.
> 
> 	Perhaps we should investigate if in fact itp != pat; I could have sworn
> I'd seen both at once in the same room at Ximian - but perhaps they do
> that with mirrors ;-)

Now there's a way to break the system (even the previous system), just commit
a few things from different addresses, and voila you've got more then 1 vote.
Kind of a lot of trouble to go to however :)

> > But I have to say: WOW, the first actual technical 'issue' suggested, though
> > due to the odds of success it's not actually much of a real problem.  But
> > the above fix could make people trust it more.
> 
> 	Quite - I think the scheme is reasonable; and I'm paranoid - so I know
> no-one would vote for me if they knew I wouldn't twist their arm about
> it later. Still, the thugs whom I pay to beat up people who vote against
> me will be out of a job - and most unhappy about it. Perhaps we should
> have an open ballot on whether we should adopt a secret ballot to keep
> them happy ? [ or a simple show of twisted arms =].

Isn't it expensive to pay thugs to fly all over the world?  My thugs wanted
first class seating ...

> [1] - invest now in my patent hair-loss formula.

Careful, words like these tend to trigger bayes spam filters :)

George

-- 
George <jirka 5z com>
   If all economists were laid end to end, they would not reach a conclusion.
                       -- George Bernard Shaw