Accountability and the secret ballot
Hi,
People who have successfully voted may have noticed that the
ack contained a secret token, which is meant to be unique to each
voter. The idea is that a list of voters is published, as well as a
tally sheet of votes, with a secret token instead of voter
names. People can verify that the tally sheet contains as many votes
as there are voters, and people can verify their own votes. (echelon
can be sued to verify the uid's sent mail in to vote.debian.org as
well).
The tally like would look like:
V: 1234 md5sum (voter_uid + secret token)
(Thanks to AJ for the md5sum suggestion). This means that the
secretary can't manufacture tokens based on the vote cast, in order
to have one line represent a bunch of voters with identical votes, in
order to manufacture N -1 spurious votes to bias the election.
Any way, the developers can always appoint an auditor to
recreate the vote process starting from the original, signed messages
(assuming I have not rearranged them -- so an older vote overrides a
newer one, and the developer did not check). We still should have
the ballots sent to a second location not under control of the
secretary so such reordering is not feasible (it is hard to design a
protocol to protect the vote from a malicious secretary).
manoj
--
Procrastination is the art of keeping up with yesterday. George
Carlin
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to debian-vote-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: