Loading ...
Sorry, an error occurred while loading the content.
 

Bootstrapping the democratic process (was Re: [FSP] Re: Hacking the vote ( was 'Re: membership growth' ))

Expand Messages
  • Logic
    This has probably been said before (dead horse, kick, kick...) but: 1. Organize registration by regions and districts 2. Porcupines register by showing up,
    Message 1 of 4 , Dec 3, 2002
      This has probably been said before (dead horse, kick, kick...) but:

      1. Organize "registration" by regions and districts
      2. Porcupines register by showing up, in person, and receive a public-key on
      a floppy disk or other means
      a) they don't *have* to provide identification, they can be anonymous
      b) it is the district manager's responsibility to ensure that 1 person
      gets one key
      c) it is unreasonable to believe that someone could claim enough keys to
      seriously alter any vote (it could be *possible* to get a few before being
      caught, I suppose)
      d) if it is the district managers responsibility, it may be up to the
      district to determine how best to ensure that multiple keys are not
      delivered to the same person while respecting our principles of liberty
      and/or anonymity (e.g. a district with a handful of participants may not
      require any extra procedures, a district overwhelmed may require a
      hand-written signature or perhaps a photograph, who knows? It could be
      handled locally)
      3) All future votes or other official business can be conducted in a
      reasonably secure manner using these "keys" that are provided to anonymous
      participants
      4) keys are signed with a reasonable expiration period

      No paper, no intrusive phone calls, no *requirement* for a manual count of
      the vote, and one-time cost to get the keys out.
      - cost of securing a location (conference hall at a hotel, for example)
      - cost of a computer at the location to generate keys (I'm sure there is at
      least one person per district who would be willing to drag a computer to a
      location so we could use it for a day)
      - cost of a volunteer or volunteers to disseminate keys on disk (volunteer?
      hopefully no cost for their time)
      - cost of the voter to travel to the location (something we, as voters will
      have to bear, once, hopefully a short drive and a couple of hours away from
      work or home)
      - cost of publishing public portions of keys somewhere where EVERYONE can
      access them so they can make their own verifications if they so choose (we
      already have a website, put the file there!)

      For the extremely paranoid: district managers may sign new keys with their
      own keys. These volunteers may provide some means to verify their identity
      (since they are operating in a public and official capacity and should be
      accountable). If someone has doubts about the authenticity of a vote or
      those ensuring a valid vote, they can at least verify that the manager has
      personally handed each person a key, and they can identify the official in
      charge of key dissemination. There is a method of accountability through
      official or public discourse in a case where anyone suspects something is
      "not quite right".

      If votes and voter "registration" are handled this way, I for one would
      think the process of voting is reasonably resistant to tampering or fraud.

      What does this mean for me, the voter? I travel to the location, I'm handed
      a floppy disk. I can use that disk as my anonymous identity anywhere there
      is a computer for any official porcupine business.

      I think the most important benefit of this sort of system is that more items
      may come to a vote more easily and more accessibly by more people, reducing
      the reliability on a single person or commission to make decisions, because
      paper or manual democratic processes are too time consuming and too costly.

      I'll be happy to answer questions (off the list, to reduce noise) for
      non-technical folks concerned about the reliability of digital signatures or
      the technology involved. There are also many resources available on the net
      concerning public-key cryptography.

      http://www.ccs.neu.edu/home/tdunn/honors/ (somewhat technical)
      http://www.nwfusion.com/news/64452_05-17-1999.html (not quite so technical)
    • Bob Compton
      Hmm. Good idea! You are, however, making one BIG assumption with the floppy disk idea. That is everyone uses the same kind of computer. Floppy disks are
      Message 2 of 4 , Dec 3, 2002
        Hmm. Good idea! You are, however, making one BIG assumption with the
        "floppy disk" idea. That is everyone uses the same kind of computer.
        Floppy disks are formatted based on the operating system used. I assume you
        are using Micro$oft Windoze. Fine, there are others who use Mac's which
        generally won't read a Windows formatted disk. I use Linux and can fairly
        easily get around most obsticals. Most people are not as computer savvy as
        myself. We really need to make this easy for the "average guy" (like our
        laws are SUPPOSED to be!).

        This can, however, be fairly easily resolved by using a more durable and
        universally accepted media: a mini-disk (small CD-Rom). The cost in
        quantity is about the same as a floppy, but they're MUCH more durable and
        resistant to magnetic fields and heat. They're small and easy to carry
        (stack about 6 standard business cards together or 2 credit cards for an
        idea of the actual size). Also, they use a universally accepted format
        (ISO9660) which can be read by nearly ANY operating system. Also, if the
        voter doesn't have direct access to a computer, they can always go to the
        library or a friends house and use whatever computer is available assuming
        it is reasonably new (~1995 or newer). Sometimes operating systems are
        particularly sensitive to the format of key files, which still wouldn't be a
        problem as the mini-disk could hold numerous copies of the exact same key in
        the various formats needed by various operating systems.

        I realize some of this is a bit tedious, but it should be ironed out to
        allow as many people as humanly possible to easily use whatever method we
        decide upon. That method should be operating system/computer independent.

        > This has probably been said before (dead horse, kick, kick...) but:
        >
        > 1. Organize "registration" by regions and districts
        > 2. Porcupines register by showing up, in person, and receive a
        > public-key on a floppy disk or other means
        > a) they don't *have* to provide identification, they can be
        > anonymous b) it is the district manager's responsibility to ensure
        > that 1 person
        > gets one key
        > c) it is unreasonable to believe that someone could claim enough
        > keys to
        >seriously alter any vote (it could be *possible* to get a few before
        >being caught, I suppose)
        > d) if it is the district managers responsibility, it may be up to
        > the
        > district to determine how best to ensure that multiple keys are not
        > delivered to the same person while respecting our principles of liberty
        > and/or anonymity (e.g. a district with a handful of participants may
        > not require any extra procedures, a district overwhelmed may require a
        > hand-written signature or perhaps a photograph, who knows? It could be
        > handled locally)
        > 3) All future votes or other official business can be conducted in a
        > reasonably secure manner using these "keys" that are provided to
        > anonymous participants
        > 4) keys are signed with a reasonable expiration period
        >
        > No paper, no intrusive phone calls, no *requirement* for a manual count
        > of the vote, and one-time cost to get the keys out.
        > - cost of securing a location (conference hall at a hotel, for example)
        > - cost of a computer at the location to generate keys (I'm sure there
        > is at least one person per district who would be willing to drag a
        > computer to a location so we could use it for a day)
        > - cost of a volunteer or volunteers to disseminate keys on disk
        > (volunteer? hopefully no cost for their time)
        > - cost of the voter to travel to the location (something we, as voters
        > will have to bear, once, hopefully a short drive and a couple of hours
        > away from work or home)
        > - cost of publishing public portions of keys somewhere where EVERYONE
        > can access them so they can make their own verifications if they so
        > choose (we already have a website, put the file there!)
        >
        > For the extremely paranoid: district managers may sign new keys with
        > their own keys. These volunteers may provide some means to verify their
        > identity (since they are operating in a public and official capacity
        > and should be accountable). If someone has doubts about the
        > authenticity of a vote or those ensuring a valid vote, they can at
        > least verify that the manager has personally handed each person a key,
        > and they can identify the official in charge of key dissemination.
        > There is a method of accountability through official or public
        > discourse in a case where anyone suspects something is "not quite
        > right".
        >
        > If votes and voter "registration" are handled this way, I for one would
        > think the process of voting is reasonably resistant to tampering or
        > fraud.
        >
        > What does this mean for me, the voter? I travel to the location, I'm
        > handed a floppy disk. I can use that disk as my anonymous identity
        > anywhere there is a computer for any official porcupine business.
        >
        > I think the most important benefit of this sort of system is that more
        > items may come to a vote more easily and more accessibly by more
        > people, reducing the reliability on a single person or commission to
        > make decisions, because paper or manual democratic processes are too
        > time consuming and too costly.
        >
        > I'll be happy to answer questions (off the list, to reduce noise) for
        > non-technical folks concerned about the reliability of digital
        > signatures or the technology involved. There are also many resources
        > available on the net concerning public-key cryptography.
        >
        > http://www.ccs.neu.edu/home/tdunn/honors/ (somewhat technical)
        > http://www.nwfusion.com/news/64452_05-17-1999.html (not quite so
        > technical)
        >
        >
        >
        >
        >
        > To unsubscribe from this group, send an email to:
        > freestateproject-unsubscribe@yahoogroups.com
        >
        >
        >
        > Your use of Yahoo! Groups is subject to
        > http://docs.yahoo.com/info/terms/
      • voodootyke
        GREAT APPROACH!!!!!!! Now that s the power of Libertarian thinking applied to important issues. We don t have to make compromises reagrding privacy. All we
        Message 3 of 4 , Dec 3, 2002
          GREAT APPROACH!!!!!!!

          Now that's the power of Libertarian thinking applied to important
          issues. We don't have to make compromises reagrding privacy. All we
          need is a little thinking and a tiny amount of effort and it goes
          along way.

          The laziness excuse is lame imo.

          --- In freestateproject@y..., "Logic" <logic@j...> wrote:
          > This has probably been said before (dead horse, kick, kick...) but:
          >
          > 1. Organize "registration" by regions and districts
          > 2. Porcupines register by showing up, in person, and receive a
          public-key on
          > a floppy disk or other means
          > a) they don't *have* to provide identification, they can be
          anonymous
          > b) it is the district manager's responsibility to ensure that
          1 person
          > gets one key
          > c) it is unreasonable to believe that someone could claim
          enough keys to
          > seriously alter any vote (it could be *possible* to get a few
          before being
          > caught, I suppose)
          > d) if it is the district managers responsibility, it may be up
          to the
          > district to determine how best to ensure that multiple keys are not
          > delivered to the same person while respecting our principles of
          liberty
          > and/or anonymity (e.g. a district with a handful of participants
          may not
          > require any extra procedures, a district overwhelmed may require a
          > hand-written signature or perhaps a photograph, who knows? It
          could be
          > handled locally)
          > 3) All future votes or other official business can be conducted in
          a
          > reasonably secure manner using these "keys" that are provided to
          anonymous
          > participants
          > 4) keys are signed with a reasonable expiration period
          >
          > No paper, no intrusive phone calls, no *requirement* for a manual
          count of
          > the vote, and one-time cost to get the keys out.
          > - cost of securing a location (conference hall at a hotel, for
          example)
          > - cost of a computer at the location to generate keys (I'm sure
          there is at
          > least one person per district who would be willing to drag a
          computer to a
          > location so we could use it for a day)
          > - cost of a volunteer or volunteers to disseminate keys on disk
          (volunteer?
          > hopefully no cost for their time)
          > - cost of the voter to travel to the location (something we, as
          voters will
          > have to bear, once, hopefully a short drive and a couple of hours
          away from
          > work or home)
          > - cost of publishing public portions of keys somewhere where
          EVERYONE can
          > access them so they can make their own verifications if they so
          choose (we
          > already have a website, put the file there!)
          >
          > For the extremely paranoid: district managers may sign new keys
          with their
          > own keys. These volunteers may provide some means to verify their
          identity
          > (since they are operating in a public and official capacity and
          should be
          > accountable). If someone has doubts about the authenticity of a
          vote or
          > those ensuring a valid vote, they can at least verify that the
          manager has
          > personally handed each person a key, and they can identify the
          official in
          > charge of key dissemination. There is a method of accountability
          through
          > official or public discourse in a case where anyone suspects
          something is
          > "not quite right".
          >
          > If votes and voter "registration" are handled this way, I for one
          would
          > think the process of voting is reasonably resistant to tampering
          or fraud.
          >
          > What does this mean for me, the voter? I travel to the location,
          I'm handed
          > a floppy disk. I can use that disk as my anonymous identity
          anywhere there
          > is a computer for any official porcupine business.
          >
          > I think the most important benefit of this sort of system is that
          more items
          > may come to a vote more easily and more accessibly by more people,
          reducing
          > the reliability on a single person or commission to make
          decisions, because
          > paper or manual democratic processes are too time consuming and
          too costly.
          >
          > I'll be happy to answer questions (off the list, to reduce noise)
          for
          > non-technical folks concerned about the reliability of digital
          signatures or
          > the technology involved. There are also many resources available
          on the net
          > concerning public-key cryptography.
          >
          > http://www.ccs.neu.edu/home/tdunn/honors/ (somewhat technical)
          > http://www.nwfusion.com/news/64452_05-17-1999.html (not quite so
          technical)
        • turingstest
          ... public-key on ... I ve been reading all of this e-voting stuff with some interest, and I thought I d chime in with a question. Where s the voting
          Message 4 of 4 , Dec 4, 2002
            --- In freestateproject@y..., "Logic" <logic@j...> wrote:
            > This has probably been said before (dead horse, kick, kick...) but:
            >
            > 1. Organize "registration" by regions and districts
            > 2. Porcupines register by showing up, in person, and receive a
            public-key on
            > a floppy disk or other means

            <SNIP>

            I've been reading all of this e-voting stuff with some interest, and I
            thought I'd chime in with a question.

            Where's the voting application?

            The e-voting proponents are trying to figure out what contortions they
            need to have everyone go through to distribute public keys. But what
            do the voters do with the keys once they have them? What
            specifically? The only direct use we could put PGP public keys to
            would be email (assuming everyone had access to a mail client that
            supported PGP).

            I thought that the whole point of e-voting was to eliminate possible
            fraud or counting errors induced by the paper voting process. I don't
            see how anything is gained by counting emails instead of paper
            ballots. So, where is the voting app that uses the keys?

            The plan so far seems to be:
            1) Annoy everyone
            2) Distribute PGP keys
            3) ???
            4) PROFIT!

            (I know... cheap shot. I couldn't resist) :)

            Or maybe when you guys are saying "keys", you really mean
            "certificates"? As in the web end of PKI... Personally, I find the
            value of client/server certificates to be debatable, but I can see the
            value in that. User authentication on the web site will be important
            once strategy talks start in earnest and the web site is locked down.
            But I ask again, where is the voting app?

            This isn't some hypothetical question. Within 6-8 months there needs
            to be a rock-solid, fully tested application in place. Who is writing
            it? I hope they've already started. Imagine, after all of the rancor
            in this list on the subject, if the voting didn't work correctly.
          Your message has been successfully submitted and would be delivered to recipients shortly.