[pp.int.general] Agora Voting System for a Liquid Democracy at FOSDEM

[Rodrigo dA]

the cool and nice to have feature about the system in the video i sent
was that later you could check online your vote, see if it was counted 
right and have a crypto-signed prof if not.
all e-voting systems to the date have failed because they assume, this
you can't break, and when someone does there's no backup plan.-

-r
> From: edulix at gmail.com
> Date: Wed, 19 Jan 2011 10:55:17 +0100
> To: pp.international.general at lists.pirateweb.net
> Subject: Re: [pp.int.general] Agora Voting System for a Liquid Democracy at	FOSDEM
> 
> On Wed, Jan 19, 2011 at 10:34 AM, Yves Quemener <quemener.yves at free.fr> wrote:
> > On 01/19/2011 09:50 AM, Eduardo Robles Elvira wrote:
> >>
> >> Of course we are not going to do that directly: Partido de Internet
> >> would need first to have at least one seat at parliament. But when the
> >> system is ready and in the mean time, we can start using, testing and
> >> improving its security.
> >
> > As enthusiast as I am about e-democracy, I think this is not the way to go.
> > In my humble opinion you start by having a good security and then add some
> > features. What is a debatable methodology in regular software development is
> > a must-have for this kind of project for a simple reason : you do not want
> > fraud, even in the first votes. Especially when you try to convince people
> > that this is a viable alternative. Security is not a feature you can patch
> > on later. Especially not cryptographic security.
> 
> I agree with you. You start with *very* good security: that is one of
> the tenets in our system. This is not to say that you have to always
> try to improve the security, which is what I meant.
> 
> >> There are cryptographic voting
> >> protocols that even if all election administrators are corrupt, they
> >> cannot convincingly fake a tally [1]. These are the kind of systems we
> >> are going to use.
> >
> > Have you seen that in the scenario you propose, they trade privacy for vote
> > integrity ? That is currently a big problem in online voting systems and an
> > active field of research in cryptography. Currently you have to trade one
> > for the other. From the article you link :
> 
> > "In cryptographic voting protocols, there is an inevitable
> > compromise: unconditional integrity, or unconditional
> > privacy. When every component is compromised, only
> > one of those two properties can be preserved. In this
> > work, we hold the opinion that the more important prop-
> > erty, the one that gets people’s attention when they under-
> > stand open-audit voting, is unconditional integrity: even
> > if all election administrators are corrupt, they cannot con-
> > vincingly fake a tally. With this design decision made,
> > privacy is then ensured by recruiting enough trustees and
> > hoping that a minimal subset of them will remain honest."
> >
> > All the online voting systems that work (like the debian voting system)
> > completely drop the privacy exigence in order to have absolute vote
> > integrity and no trust given on third parties. I think that this question is
> > serious enough to be considered.
> 
> 
> I know that, I've been studying this topic for a while. There is no
> way you can have both things at the same time. In current voting
> system, you have to also trust the voting system integrity (watch the
> TED talk referred by Rodrigo in this thread). The good thing about the
> kind of cryptographic systems like the one used in Helios Voting is
> that you can have with reasonably good expectations both things,
> because you setup a wide list of election administrators that would
> need all to be corrupt for decrypting a single vote.
> 
> > And I am not even talking about deniability (the fact that you could be
> > threatened into revealing your encryption keys in order to check that you
> > voted "correctly")
> >
> > If you want a trustable e-voting system, you have to either propose a way to
> > create a third-party that every voter can trust, or you have to convince
> > voters that privacy of vote is not necessary. I mean, that is possible.
> > Deputies and senators don't have secrecy of vote, in some swiss cities they
> > use hand-voting, and signing a petition is the opposite of secret voting.
> > That is a defensible point of view but you have to make it clear from the
> > start.
> 
> OR you have a wide range of third parties with different interests
> that no one will think that they will be able to all agree to corrupt
> a voting together. Different organizations and political parties
> working together. This would be like voting observers, but they do not
> only observe but participate in the anonimization process of the
> mixnet based voting system.
> 
> >> If we want to have a better control of the
> >> voting environment we could for example only allow voting in computers
> >> specially set up in Partido de Internet's local offices and using a
> >> secure GNU/Linux live cd created for this purpose.
> >
> > But people would have to trust Partido de Internet for not installing
> > fraudulent software. Why would they trust it ?
> 
> The livecd wouldbe 100% free software. Check the software source code
> if you want. Then bring your own CD, we do a check sum or similar to
> be sure that CD is correct, then you can use it.
> 
> Regards,
>      Eduardo.
> ____________________________________________________
> Pirate Parties International - General Talk
> pp.international.general at lists.pirateweb.net
> http://lists.pirateweb.net/mailman/listinfo/pp.international.general
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pirateweb.net/pipermail/pp.international.general/attachments/20110119/b7889a66/attachment-0001.htm>