# [MG] Secret Ballots

Owen Ambur Owen.Ambur at verizon.net
Wed Jun 2 14:45:24 EDT 2010

It is kinda ironic to see the apparent disagreement on this point on a
listserv that places high value on synthesis.  It also seems to assume a
false either/or choice, when it would seem that both/and should be the
obvious aim, depending upon the wishes of each voter him or herself.

However, for whatever it may be worth, here's Wikipedia's article on the
http://en.wikipedia.org/wiki/Card_check

As one who spent many years on Capitol Hill, I'd also note that while the
votes of Congressmen and Senators are public on the floors of their
conducted in secret.

>From my perspective, the need for secret ballots is painfully obvious in
some instances (perhaps those that matter most, e.g., when disproportionate
power is to be taken from some and granted to others).

Owen

From: start-bounces at metagovernment.org
[mailto:start-bounces at metagovernment.org] On Behalf Of David Ruescas
Sent: Wednesday, June 02, 2010 2:00 PM
To: Metagovernment Project
Subject: Re: [MG] Introducing PdI (Partido de Internet)

On 2 June 2010 17:31, Michael Allan <mike at zelea.com> wrote:

Ed and David,

I agree with Ed's points.  Public voting is a natural form of
expression, and ordinarily it would be our expectation; whereas
private voting (at least on public matters) is an awkward and harmful
contrivance.  But still, for better or worse, people have come to
expect privacy in voting.  They have come to believe that the secret
ballot is a basic right (as though it were a hard won victory over the
authorities, as opposed to an imposition by them!).  This is the sense
in which I concede to David, for sake of the argument, that people do
indeed expect privacy in voting.

David Ruescas wrote:
> I have just stated what I think the public expects, and that the
> people I have talked to (experts in researching voting schemes) do
> not consider public voting systems seriously for the purposes of
> replacing or complementing current private election methods.

But we cannot reply to "experts told me so" arguments.  If it's in the

Besides the experts to which Ive talked in person, that belong to the
research group that I have linked to, you can take time to survey attempts
at e-voting around the world, where experts (researchers in the matter) have
tried to create voting system prototypes, all of them including privacy, eg
Cybervote, SERVE, Sensus, Evox, GNU Free (in fact, Ive actually talked to
Jason Kitcat) Scytl Pnyx.. I have yet to find an equivalent that does not
include privacy..

For my part, I cited a recent discussion among experts on the topic.
You may go into that forum and ask questions (they tend to be helpful
to non-experts).

> There's also the choice of words. In the literature, a "secure" voting
> system usually implies privacy.

Please provide references for this, too.  Where do you find that
public voting systems are generally characterized (I would say tarred)
by the label "insecure"?

What I was trying to clear up is my use of the word "secure" precisely to
avoid confusion with a less specific use of the word. In other words, when I
say secure voting system, it is a shorthand for the usual properties of
these systems as defined in the literature. You can easily see this use in
for example:

Applied Cryptography, Second Edition - Bruce Schneier - 6.1 Secure Elections

Berry Schoenmakers - http://www.win.tue.nl/~berry/2WC13/LectureNotes.pdf -
7.1 Electronic Voting

A Critical View on Internet Voting Technology - Eleni Tsekmezoglou1, John

An introduction to electronic voting schemes - Andreu Riera - 3 Security
Requirements

A secure and practical electronic voting scheme - Wei-Chi Ku, Sheng-De Wang
- 1 Introduction

Civitas: Toward a Secure Voting System - Michael R. Clarkson Stephen Chong
Andrew C. Myers - 1. Introduction

Because I am using the word in this semi-technical way, it does not mean
that other systems are insecure. Although of course, you are free to
interpret why this is the convention in academia, but that's your own
problem!

> ... What I have said is that it doesnt matter what I think, so long

> as society has decided on the matter. / If you want to know, I dont

> have a qualified opinion. My intuition tells me...

Again, it's best just to cite your sources.  (We cannot debate on the
basis of intuition.)

You could have included the rest:

"..based on the widespread practice of private voting for elections, and the
20+ years of research into private, coercion resistant remote voting
systems"

As you can understand, I am not going to provide you with references to all
the countries around the world that have practiced secret elections
throughout the years, or to the huge amount of research into secure voting
systems over the past 20 years, there's just too much of it. You can start
with "secure voting schemes" in google scholar for example. (And
incidentally, you'll notice that this area of research almost invariably
entails privacy, although again, nobody is explicitly labeling anything as
insecure)

> > Setting all that aside, we could focus on the likelihood of
> > success/failure for a private voting system.  Before beginning, I
> > would ask you to briefly describe your method of verification.  What
> > assurance will you give people that the results are trustworthy?
> > (Just roughly, in a sentence or two.)
>
> A voting system that satisfies this property is said to be universally
> verifiable. You can read up on this in the literature, but basically
> a universal verifiable voting scheme allows any third party to verify (in
a
> mathematically provable way) the results of an election. This usually
> involves a public bulletin board, where all the data from an election is
> posted for anyone and everyone to see.

You did not answer the question.  Have you designed a verification
scheme, yet?

Fortunately, I do not have to design it myself. As I said in a previous
email, the scheme I am looking at right now is an Elgamal homomorphic
threshold cryptosystem. You can find the theory here:

A Secure and Optimally E
cient Multi-Authority Election Scheme -
<http://www.win.tue.nl/~berry/papers/euro97.pdf>
http://www.win.tue.nl/~berry/papers/euro97.pdf

In particular, i quote

----

We work in the model set forth by Benaloh et al. [CF85,BY86,Ben87], where

the active parties are divided into l voters V1; : : : ; Vl and n tallying
authorities

(talliers) A1; : : : ;An. To achieve universal veri
ability all parties have access

to a so-called bulletin board. A bulletin board is like a broadcast channel
with

memory to the extent that any party (including passive observers) can see
the

contents of it, and furthermore that each active participant can post
messages by

appending the message to her own designated area. No party can erase
anything

from the bulletin board.

In this model, voters cast their votes by posting ballots to the bulletin
board.

The ballot does not reveal any information on the vote itself but it is
ensured by

an accompanying proof that the ballot indeed contains a valid vote and
nothing

else. Due to a homomorphic property of the ballots, the
nal tally (\sum" of all

votes) can be obtained and veri
ed (by any observer) against the \product" of

all submitted ballots. This ensures universal veri
ability.

----

--

Michael Allan

Toronto, +1 647-436-4521
http://zelea.com/

_______________________________________________
Start : a mailing list of the Metagovernment project
http://www.metagovernment.org/
Post to the list: Start at metagovernment.org
Manage subscription:
http://metagovernment.org/mailman/listinfo/start_metagovernment.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://metagovernment.org/pipermail/start_metagovernment.org/attachments/20100602/52bcfea5/attachment-0001.html>