# [MG] Introducing PdI (Partido de Internet)

David Ruescas david.ruescas at partidodeinternet.es
Wed Jun 2 14:00:03 EDT 2010

On 2 June 2010 17:31, Michael Allan <mike at zelea.com> wrote:

> Ed and David,
>
> I agree with Ed's points.  Public voting is a natural form of
> expression, and ordinarily it would be our expectation; whereas
> private voting (at least on public matters) is an awkward and harmful
> contrivance.  But still, for better or worse, people have come to
> expect privacy in voting.  They have come to believe that the secret
> ballot is a basic right (as though it were a hard won victory over the
> authorities, as opposed to an imposition by them!).  This is the sense
> in which I concede to David, for sake of the argument, that people do
> indeed expect privacy in voting.
>
> David Ruescas wrote:
> > I have just stated what I think the public expects, and that the
> > people I have talked to (experts in researching voting schemes) do
> > not consider public voting systems seriously for the purposes of
> > replacing or complementing current private election methods.
>
> But we cannot reply to "experts told me so" arguments.  If it's in the
>

Besides the experts to which Ive talked in person, that belong to the
research group that I have linked to, you can take time to survey attempts
at e-voting around the world, where experts (researchers in the matter) have
tried to create voting system prototypes, all of them including privacy, eg
Cybervote, SERVE, Sensus, Evox, GNU Free (in fact, Ive actually talked to
Jason Kitcat) Scytl Pnyx.. I have yet to find an equivalent that does not
include privacy..

> For my part, I cited a recent discussion among experts on the topic.
> You may go into that forum and ask questions (they tend to be helpful
> to non-experts).
>
> > There's also the choice of words. In the literature, a "secure" voting
> > system usually implies privacy.
>
> Please provide references for this, too.  Where do you find that
> public voting systems are generally characterized (I would say tarred)
> by the label "insecure"?
>

What I was trying to clear up is my use of the word "secure" precisely to
avoid confusion with a less specific use of the word. In other words, when I
say secure voting system, it is a shorthand for the usual properties of
these systems as defined in the literature. You can easily see this use in
for example:

Applied Cryptography, Second Edition - Bruce Schneier - 6.1 Secure Elections
Berry Schoenmakers - http://www.win.tue.nl/~berry/2WC13/LectureNotes.pdf - 7.1
Electronic Voting
A Critical View on Internet Voting Technology - Eleni Tsekmezoglou1, John
An introduction to electronic voting schemes - Andreu Riera - 3 Security
Requirements
A secure and practical electronic voting scheme - Wei-Chi Ku, Sheng-De Wang
- 1 Introduction
Civitas: Toward a Secure Voting System - Michael R. Clarkson Stephen Chong
Andrew C. Myers - 1. Introduction

Because I am using the word in this semi-technical way, it does not mean
that other systems are insecure. Although of course, you are free to
interpret why this is the convention in academia, but that's your own
problem!

>
> > ... What I have said is that it doesnt matter what I think, so long
> > as society has decided on the matter. / If you want to know, I dont
> > have a qualified opinion. My intuition tells me...
>
> Again, it's best just to cite your sources.  (We cannot debate on the
> basis of intuition.)
>

You could have included the rest:

"..based on the widespread practice of private voting for elections, and the
20+ years of research into private, coercion resistant remote voting
systems"

As you can understand, I am not going to provide you with references to all
the countries around the world that have practiced secret elections
throughout the years, or to the huge amount of research into secure voting
systems over the past 20 years, there's just too much of it. You can start
with "secure voting schemes" in google scholar for example. (And
incidentally, you'll notice that this area of research almost invariably
entails privacy, although again, nobody is explicitly labeling anything as
insecure)

> > > Setting all that aside, we could focus on the likelihood of
> > > success/failure for a private voting system.  Before beginning, I
> > > would ask you to briefly describe your method of verification.  What
> > > assurance will you give people that the results are trustworthy?
> > > (Just roughly, in a sentence or two.)
> >
> > A voting system that satisfies this property is said to be universally
> > verifiable. You can read up on this in the literature, but basically
> > a universal verifiable voting scheme allows any third party to verify (in
> a
> > mathematically provable way) the results of an election. This usually
> > involves a public bulletin board, where all the data from an election is
> > posted for anyone and everyone to see.
>
> You did not answer the question.  Have you designed a verification
> scheme, yet?
>

Fortunately, I do not have to design it myself. As I said in a previous
email, the scheme I am looking at right now is an Elgamal homomorphic
threshold cryptosystem. You can find the theory here:

A Secure and Optimally Ecient Multi-Authority Election Scheme -
http://www.win.tue.nl/~berry/papers/euro97.pdf

In particular, i quote

----

We work in the model set forth by Benaloh et al. [CF85,BY86,Ben87], where
the active parties are divided into l voters V1; : : : ; Vl and n tallying
authorities
(talliers) A1; : : : ;An. To achieve universal veriability all parties have
access
to a so-called bulletin board. A bulletin board is like a broadcast channel
with
memory to the extent that any party (including passive observers) can see
the
contents of it, and furthermore that each active participant can post
messages by
appending the message to her own designated area. No party can erase
anything
from the bulletin board.
In this model, voters cast their votes by posting ballots to the bulletin
board.
The ballot does not reveal any information on the vote itself but it is
ensured by
an accompanying proof that the ballot indeed contains a valid vote and
nothing
else. Due to a homomorphic property of the ballots, the nal tally (\sum" of
all
votes) can be obtained and veried (by any observer) against the \product"
of
all submitted ballots. This ensures universal veriability.

----

>
> --
> Michael Allan
>
> Toronto, +1 647-436-4521
> http://zelea.com/
>
> _______________________________________________
> Start : a mailing list of the Metagovernment project
> http://www.metagovernment.org/
> Post to the list: Start at metagovernment.org
> Manage subscription:
> http://metagovernment.org/mailman/listinfo/start_metagovernment.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://metagovernment.org/pipermail/start_metagovernment.org/attachments/20100602/d690f172/attachment-0001.html>