election software
Ben Adida
ben at adida.net
Thu Oct 9 01:15:57 UTC 2008
Nigel Jones wrote:
>> We probably would want to tie to the existing auth system. Currently we
>> allow people to join groups while elections are in progress and they get
>> to vote in those elections. Keeping track of group joining while an
>> election is in progress and sending out new one-time passwords wouldn't
>> be the best in this situation. Also, I'm pretty sure that some of our
>> users won't like the fact that the passwords travel via email. (We could
>> encrypt with GPG if we have a key on file or something but that's extra
>> work that when we'd be happier to put the extra work into getting our
>> authentication working with the app).
> We do have some weird requirements at times for allowing people to vote,
> at least with doing everything ourselves we can check on the spot
> in-app.
It may well be that your specific requirements make Helios a poor
choice. If you need to modify the list of voters while an election is in
progress, that's probably an incompatibility that won't go away: Helios
is meant for secure elections, and modifying the voter list after some
people have already cast a vote is an inherent weakness. A weakness
which Fedora may be completely willing to accept of course, but that
makes Fedora a very special case, so this likely won't be built into Helios.
> Why change to something else when what we use now is proven to work?
I'm pretty sure that your system, like almost every other election
system is only proven to work insofar as you haven't noticed any
errors... but then again how would one notice an error in a system where
voters send in a vote to a black box, and out comes a tally? Even if the
code is free/open-source, voters can't be sure *which* code was actually
used to compute the tally. So the chance that you'd detect an error in
tallying is actually fairly small.
That's what Helios is meant to address, and in that respect, I can't
stress enough how it is radically different than most code you see. It
provides a cryptographic proof of every election result, so an observer
can run *his* code on the public election data to verify that all
captured votes, identified by hash at casting time, were correctly
tallied. All without violating voter secrecy.
If this sounds intriguing and you want to learn more, and if you have
60-90 free minutes (Hah, I know, crazy, but you never know), here's a
presentation I gave at Google on this topic in general:
http://youtube.com/watch?v=ZDnShu5V99s
What this kind of technology means is that you can safely outsource your
election to a third party, and you know the election ran well because
the third party provides a proof of the election.
As Fedora is not in the business of elections, I would recommend
considering this as an option.
But again, if your voting requirements must remain as unique as
described by Toshio, then maybe Helios isn't the right solution.
Regardless, I really appreciate everyone's time considering Helios. I'm
happy to answer any additional questions, of course, and I appreciate
all of the feedback!
-Ben
More information about the fedora-advisory-board
mailing list