Proposition for an anonymous voting process

Here's a first proposition. I wrote it quickly because I need to go
after that, but I think it's understandable. Please comment or flame me!

Proposition for an anonymous voting process

1. Generate tokens for each member
   * Use Alan's proposition to generate the tokens
   * Save somewhere the association token/member. It is needed because
     members may lose their token or not receive them. I propose that we
     have a directory with files named after the token, each file
     containing the member's informations (name + e-mail address)

2. Send a ballot to the member with their secret token
   * The ballot should contain clear instructions on how to use it
   * The Reply-To header should be correctly set to a special dedicated
     address (say anonymous gnome org)

3. The member sends his ballot to anonymous gnome org 

4. The mail is passed through a script
   * The script computes if the mail is a vote and if the vote is valid.
       - If it is not, it sends back a mail to the member explaining him
         what the problem is and asking him to send a valid vote.
       - If it is, the script generates a random confirmation token. It
         sends a mail to the member asking the member to send the
         confirmation token to confirm the vote. This automatically sent
         mail should contain what the scripts understand of the vote
         (e.g. for whom the member voted) so the member can verify that
         his vote contains what he intended to vote. The random
         confirmation token is saved in the token/member file
         corresponding to the member.

5. Member receives the mail asking the confirmation.
   * the vote is ok, he simply replies with the confirmation token to
     validate his vote.
   * the vote is not ok, he can send a new vote with the same first
     token. Go to step 4.

6. The confirmation mail is passed through the same script
   * the script computes if the mail is a confirmation
       - If it is and if the confirmation token is valid: remove the
         token/member association for this member. Go to step 7.
       - If it is not, then... What ?

7. We have a confirmed valid vote. There are two possibilities:
   * We use the script to send a mail to vote gnome org with the token
     and the vote. We'll then used the script we're already using to
     count the votes. We need a list of all the valid tokens generated
     in step 1. Note that all mails in the archives should be valid
   * For each candidate/answer to the vote/question, we have a
     subdirectory. The script then simply adds a file (the filename is
     the token) in all the needed directories.
     Example given: for the elections, we have a directory for each
                    candidates. A member, whose token is 002ERT, votes
                    candidates A, D and F. The script adds files
                    named 002ERT in subdirectories A, D and F.

   * The script should be able to regenerate new token for members who
     did not receive their tokens.
   * It's easier to only accept votes coming from the member's official
     e-mail address (which is the one in membership_new.txt). This
     should be clearly explained in the vote instructions.
   * Once the valid vote is confirmed by the member, we remove the
     token/member file. So we can't know anymore who sent this vote.
     This is where we anonymize the votes.
   * In this process, we trust the admins: the admins can save some
     information for later to break the anonymizing process (they can
     save the token/member files, e.g.). But I can't find a way that
     doesn't need trusting the admins...
     Note that the admins can't change the votes because people will be
     able to verify the vote associated to the token they were given.


Les gens heureux ne sont pas pressés.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]