[OSM-talk] OSM Foundation Voting

Matt Amos matt at matt-amos.uklinux.net
Fri Jun 2 12:15:05 BST 2006 

Hello,

Following on from Nick's recent post about the OSM Foundation, I 
though it would be good to discuss the voting procedures for the 
upcoming elections. The wiki page says that we'll be using the single 
transferable vote system, but doesn't provide any details beyond 
that. There are several possibilities for implementing this:

1) Nominate one (or several) electoral officers who have no vested 
interest in the outcome of the election and e-mail them all the 
votes. This is the simplest to implement, but the most prone to human 
errors (of all kinds).

2) Open voting - Steve could set up a separate mailing list with a 
closed member list consisting of all those who can vote. This is 
obviously not a hidden ballot, but at least all voters can check the 
result of the election independently.

3) Set up a web site. The web site source code could be open to all 
for bug checking and making sure there are no biases. This method can 
retain some of the transparency of method (2) while keeping the 
ballot a secret.

I think that method (3) is the best overall, so I've been working on  
a PHP-based web site STV system inspired by paper electoral systems. 
The method is as follows:
- You are given a voting token.
- You take the token to the polling station (web site).
- You give the token to the electoral officer (web server), who checks 
off your name in the electoral register (database).
- He (or she) gives you a ballot token.
- You mark the ballot token in secret and place it in the ballot box.

The key to this system (unlike the British system) is that there is no 
relationship between the voting token that authenticates you as a 
valid voter and the ballot token which is eventually counted. (In the 
British system the ballot token number is recorded against the 
electoral register, apparently in case of fraud...)

The implementation details: The voting token could be a the SHA1 sum 
of the registered voter's e-mail address and a secret salt known only 
to the whoever has handed out the tokens and the administrator of the 
web site (probably best if these are two different people). 
Alternatively, it could be based on a digital signature, for extra 
security (as then the administrator could not forge new users).

The ballot tokens could be pseudo-random strings, generated before 
voting begins and stored in a database. Upon disclosing the voting 
token to the web site, the next available ballot token is taken from 
the database and given to the voter.

The voter can then either use the token immediately, or record it for 
later use (to avoid correlation of timings as a method of determining 
the vote).

In accordance with the STV system the vote will consist of a first, 
second and third preferred candidate. These will be counted in the 
way that is explained on the wikipedia STV article.

Mind you, all of this could be highly pointless, as there are 
currently only one nomination each for the chairman and secretary's 
positions!

Anyway, I thought it would be worthwhile having a discussion about 
this so we can get a system implemented that everyone agrees is "free 
and fair" [E/CN/4/RES/2000/47 1.(a)] ;-)

Cheers,

Matt

More information about the talk mailing list