[Osmf-talk] OSMF Articles of Association - Discussion on Revision for 2013 AGM

[Jaak Laineste (Nutiteq)]

On 05.04.2013, at 16:34, Frederik Ramm wrote:

> Hi,
> 
> On 04/05/13 14:15, Simon Poole wrote:
>> I'm slightly surprised that there is no discussion on points 4 to 6. In
>> particular I would have at least thought that some discussion on the
>> democratic elements (resolutions from outside of the board) would  take
>> place. Can we in that case assume that everybody is fine with the
>> proposals as suggested (without any restriction on proposals)?
> 
> I am slightly uneasy about one point that is perhaps a bit too procedural for the AoA - but with all this voting and especially online voting, I would like the process to be designed in a way that is reasonably safe against tampering. "Reasonably safe", for me, means that at no point must there be a way for a single individual to tamper with the process undetected.
> 
> For example:
> 
> * Who keeps the list of people who are allowed to vote, and how can we make sure that this list is actually correct?
> 
> * Who records the votes, and how can we make sure that no mistakes are made here?
> 
> Of course if votes were public then all this would be a non-issue since any mistakes or tampering could be detected by third parties. If votes are not public then we must at least have some kind of many-eyeballs way to make this reasonably safe. What we currently have is not bad - with several people receiving and counting the e-mail votes - however as far as I know when these pepole check whether someone is entitled to vote they all compare against a non-public list of members which they have no means of verifying.

 As I was one of the three persons counting and verifying votes in last year AGM, then I can confirm that in theory this was possible. We had the list of members what we used to verify the votes, but no way to verify the list itself. We just trusted Henk who gave the list and that was enough. But in theory, yes, anyone who manages the list could add say 50 fake names there, and then send 50 fake votes from their fake email addresses, and most probably we would have been fooled.

 Anyway, having public listing does not really eliminate the problem. It would be a bit more expensive : anyone could register few hundreds (or whatever the needed minimum is) fake OSMF members, pay their fee and send fake votes. To resolve this we should ask state-issued photo ID copies for registration, and for voting also. 

 In fact, public listing would make faking much easier, as then anyone could fabricate fake votes really easily, just based on the listing; as the vote registrators have no way to verify email vote sources in any secure way. The vote counters may suspect it, as they may see duplicate votes (real and fake), but it could be impractical to reverify each vote.

 To make it really safe, every member should have digital ID-s provided by OSMF, and special voting/signing system for this. This would be very expensive. For example, here in Estonia 90+% of residents do have national ID-card (required by law), so we have done official e-elections already for some time, and in more secure way than in traditional elections. But I know most of you don't have anything like that and even if you have then they are technically incompatible and internationally useless.

 Even with this - really motivated guy could hire real persons as fake members, so there should be way to spot and fix these cases.

 So I would consider current security solution quite optimal - there is security, it is based on trust on certain key persons, but real technically secure solution would be too expensive for us.


Jaak