On Mon, Jul 19, 1999 at 10:33:50AM -0500, Weisberg wrote:
> Kent Crispin wrote:
>
> > > Assuming that there is no question about the authenticity of the voters,
> > > the voting website could be duplicated , or even triplicated at several
> > > trusted third-party locations.
> >
> > That's a good idea. Right now the IDNO voting software is *not*
> > being run by a trusted third party at all -- it is being run by a
> > partisan to the debates.
> >
>
> Please expand upon these two issues (including proposed implementation):
>
> 1. Use of "trusted third parties;" and
I would rather not depend on TTPs at all.
Froomkin suggests a large law or accounting firm, the American
Arbitration Association has been suggested by others. Suggestions
like these completely miss the point, in my view, which is that in
fact, there are *no* trusted third parties. I will put up with a
large law firm or the AAA if it is forced on me. That doesn't mean I
trust them; it means it was forced on me.
The suggestions made are clearly come from a "first-world", large
business mindset.
That is, Froomkin is very familiar with those large names, but in
fact I'm not -- big law firms are not my daily fare, and, while I am
more familiar with large accounting firms, I also know that they
occasionally get sued for screwing up. And frankly, I never heard of
the AAA until someone mentioned them on these lists.
Someone otherwise like me, but from Latin America, is even less
likely to know those names. Thus, we are requiring the person from
LA to trust *us* to make that choice. But from the perspective of
the person in LA, WE ARE PARTISANS, and we are simply forcing our
choice on them. They have absolutely no reason to believe that a
large law firm headquartered in the US is above, say, resisting
pressure from the USG.
To put it more simply, what makes a TTP is that people *trust* them,
not that we are assured by an authority that they are trustworthy.
And, in our present circumstance, there is no TTP available.
> 2. Use of multiple vote counting sites.
This is actually completely different than the TTP approach. Using
multiple sites involves a "distributed trust" model -- none of the
individual sites is trusted, but as long as the probability of
trustworthy behavior is independent, and greater than 50%, this
scheme can achieve high trustworthiness. As described, it is
subject to denial of service abuses, but those could be rectified.
By far the best voting protocol is open roll-call voting -- it is
simple, even trivial, to implement, and it requires no TTP. A
suggestion was made back on the MAC list for a simple modification
that could give privacy to those who wanted it. I would like to
explore that further:
The essential character of a open roll-call vote (I have been using that
term, there may be a better one) is that the ballots are published.
Every vote is on the public record; every voter sees every other
voter's votes. There is no possibility of a fraudulent count.
The suggestion made on the MAC was that the election authority
provide a private alias to each voter, and that the published tally
would list the aliases, not the actual name of the voter.
This is not a secret ballot, and it doesn't deal with some of the
abuses that secret ballots address (you can still sell your vote and
verify that you kept your side of the bargain). But it may be
adequate for our purposes, or there may be a way to strengthen it.
[Note that you can always sell your vote and prove you kept your
bargain by having the buyer watch you vote. The issue is
convenience, not possibility.]
>
--
Kent Crispin "Do good, and you'll be
[EMAIL PROTECTED] lonesome." -- Mark Twain
