gnu-misc-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sede - secure democracy


From: J.H.Boersema
Subject: Re: sede - secure democracy
Date: Wed, 08 Dec 2010 16:03:45 -0000
User-agent: slrn/0.9.8.1 (Debian)

On 2010-10-12, J.H.Boersema <address@hidden> wrote:
> I hope sede - secure democracy ( http://www.law4.org/sede )
> will become part of the GNU collection of software, which was
> always its goal.
>
> Hi Karl,
>
> Haven't heard from any decisions yet, so ...
> If I may: last time my project was reviewed by someone
> associated with GNU, they actually made a mistake about
> how it functions (Brave GNU World column). That mistake
> has never been rectified (though I asked for it).
[...]

They assumed, incorrectly, that the anonimity of the vote
only lies in the encryption of the ballot. But the anonymity
lies in the anonymous registration of the ballot communications
channel (between voter administration & voter).

In the language of that column: it does not matter whether
an attacker decrypts a ballot, because it is not send to a
non-anonymous e-mail account in the first place. It is not
send to (hypothetical) address@hidden; but to
address@hidden, an address accessed with the utmost
of care ... for example; or even by a proxy retreive and post
group effort (to defeat attacks with more extreme real world
measures.) I mean, sending in one trusted person to retreive
encrypted ballots over an anonymously connected connection
(or best one could get); and later uploading the filled in
ballots also in one go. Even someone watching the physical
Internet connection to and from the vote-administration
at the voter point, would find it exceedingly hard to know
what exactly is going on. If 30 ballots disappear in one
pocket, and later emerge from it, who voted what ballot ?
Can the group behind it even be established ?

So the essential mistake was the oversight that the communication
channel itself has been established anonymously (by anonymous
paper registration, exactly like you can do for a normal paper
vote but then you vote your contact-information.)

Note that these are all quite extreme measures for better
anonymity. In the real world you can happily register some
voters non-anonymous for some relatively trusted vote-admin,
and do some votes and that would be nice; it would work.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]