Proposition for an anonymous voting process
- From: Vincent Untz <vincent vuntz net>
- To: membership-committee gnome org
- Subject: Proposition for an anonymous voting process
- Date: Tue, 30 Mar 2004 21:56:17 +0200
Here's a first proposition. I wrote it quickly because I need to go
after that, but I think it's understandable. Please comment or flame me!
Proposition for an anonymous voting process
===========================================
1. Generate tokens for each member
* Use Alan's proposition to generate the tokens
http://mail.gnome.org/archives/foundation-list/2003-September/msg00009.html
* Save somewhere the association token/member. It is needed because
members may lose their token or not receive them. I propose that we
have a directory with files named after the token, each file
containing the member's informations (name + e-mail address)
2. Send a ballot to the member with their secret token
* The ballot should contain clear instructions on how to use it
* The Reply-To header should be correctly set to a special dedicated
address (say anonymous gnome org)
3. The member sends his ballot to anonymous gnome org
4. The mail is passed through a script
* The script computes if the mail is a vote and if the vote is valid.
- If it is not, it sends back a mail to the member explaining him
what the problem is and asking him to send a valid vote.
- If it is, the script generates a random confirmation token. It
sends a mail to the member asking the member to send the
confirmation token to confirm the vote. This automatically sent
mail should contain what the scripts understand of the vote
(e.g. for whom the member voted) so the member can verify that
his vote contains what he intended to vote. The random
confirmation token is saved in the token/member file
corresponding to the member.
5. Member receives the mail asking the confirmation.
* the vote is ok, he simply replies with the confirmation token to
validate his vote.
* the vote is not ok, he can send a new vote with the same first
token. Go to step 4.
6. The confirmation mail is passed through the same script
* the script computes if the mail is a confirmation
- If it is and if the confirmation token is valid: remove the
token/member association for this member. Go to step 7.
- If it is not, then... What ?
7. We have a confirmed valid vote. There are two possibilities:
* We use the script to send a mail to vote gnome org with the token
and the vote. We'll then used the script we're already using to
count the votes. We need a list of all the valid tokens generated
in step 1. Note that all mails in the archives should be valid
votes...
* For each candidate/answer to the vote/question, we have a
subdirectory. The script then simply adds a file (the filename is
the token) in all the needed directories.
Example given: for the elections, we have a directory for each
candidates. A member, whose token is 002ERT, votes
candidates A, D and F. The script adds files
named 002ERT in subdirectories A, D and F.
Notes:
* The script should be able to regenerate new token for members who
did not receive their tokens.
* It's easier to only accept votes coming from the member's official
e-mail address (which is the one in membership_new.txt). This
should be clearly explained in the vote instructions.
* Once the valid vote is confirmed by the member, we remove the
token/member file. So we can't know anymore who sent this vote.
This is where we anonymize the votes.
* In this process, we trust the admins: the admins can save some
information for later to break the anonymizing process (they can
save the token/member files, e.g.). But I can't find a way that
doesn't need trusting the admins...
Note that the admins can't change the votes because people will be
able to verify the vote associated to the token they were given.
Vincent
--
Les gens heureux ne sont pas pressés.
[
Date Prev][Date Next] [
Thread Prev][Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]