[openskills-dev] Another constitution question
bbadger at openskills.com
Thu Oct 28 13:53:38 BST 2004
Thanks to Daniel and Patrick for some excellent thought on the subject
of electronic voting systems for OpenSkills.
I do think we need someone who "owns" this project to get their head
around the use cases and bring all the ideas together. But anyway, some
thoughts on this ...
The open voting project deals with many of the same issues Daniel &
Patrick have discussed:
It's not a direct match. The open voting people are targeting a system
that produces a paper ballot that ends up in a physical ballot box, and
in which ballots are absolutely anonymous.
The ideas about voter verification do apply, though. Imagine a system
that generates a string of bytes that represents a vote (no matter how
complex the vote). Voter verification means that the voter can use a
selection of methods to check that ballot (the byte string) really does
reflect their intentions. This is where the 10 programmers that Patrick
mentioned could get involved. Each could write a program that would
inspect the ballot and report its meaning. They should all, of course,
agree. As should the system that tallies the votes.
The point is that voter verification is about the voter being able to
verify a vote, in the open voting sense, prior to casting it (into the
ballot box). In our case, the ballot is a byte string that is cast into
an electronic tallying system. Voter verification in this sense is
*not* about being able to trace a vote after it has been cast - once
cast it is, in the absence of anything else, anonymous.
The benefit of physical ballot boxes it that they can by physically
monitored, if necessary by many people at a time. The many eyes tend to
keep the system honest.
How can one trust an electronic ballot box & tallying system?
I have note come across any clear papers on this (of the calibre of the
open voting material). My hunch, though, is that the voters will have
to choose between:
o Being anonymous
o Being able to trace & reconfirm their vote after it's cast
So, imagine a voting UI...
The construction of the byte string which represents the ballot can use
the same UI in all cases. The ballot can be made in advance and checked
many times by the voter.
It is at the point of casting a vote that a voter must choose between
trusting the ballot box, or tracing their ballot.
By signing their ballot (using their OpenPGP key), the voter
simultaneously relinquishes their absolute anonymity, and makes their
ballot traceable. Voters casting unsigned ballots must trust the
integrity of the ballot box and the tallying system. Voting system
administrators should make every effort to keep even signed ballots
The casting system must allow those eligible to vote to cast a single
vote, and to confirm that vote if signed. The casting system may even
allow signed votes to be modified (because we know for sure who owns a
ballot, this ought to be safe). Cast ballots can be safely handed out
if encrypted using the key that signed them - only the voter will be
able to decrypt and read the ballot.
Of course, the devil is in the detail.
Daniel & Patrick seem to have some great ideas about some of the key
elements in making such a system work.
I suggest the next step is for someone to stick their hand to lead the
project to nail down the requirements, specify & build the system.
Daniel? Patrick? Anyone else?
Make the most of your skills - with OpenSkills
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 227 bytes
Desc: This is a digitally signed message part
Url : http://lists.openskills.org/pipermail/openskills-dev/attachments/20041028/e1dffba8/attachment.pgp
More information about the OpenSkills-dev