[OSM-talk] OSM Foundation Voting
Matt Amos
matt at matt-amos.uklinux.net
Fri Jun 2 12:15:05 BST 2006
Hello,
Following on from Nick's recent post about the OSM Foundation, I
though it would be good to discuss the voting procedures for the
upcoming elections. The wiki page says that we'll be using the single
transferable vote system, but doesn't provide any details beyond
that. There are several possibilities for implementing this:
1) Nominate one (or several) electoral officers who have no vested
interest in the outcome of the election and e-mail them all the
votes. This is the simplest to implement, but the most prone to human
errors (of all kinds).
2) Open voting - Steve could set up a separate mailing list with a
closed member list consisting of all those who can vote. This is
obviously not a hidden ballot, but at least all voters can check the
result of the election independently.
3) Set up a web site. The web site source code could be open to all
for bug checking and making sure there are no biases. This method can
retain some of the transparency of method (2) while keeping the
ballot a secret.
I think that method (3) is the best overall, so I've been working on
a PHP-based web site STV system inspired by paper electoral systems.
The method is as follows:
- You are given a voting token.
- You take the token to the polling station (web site).
- You give the token to the electoral officer (web server), who checks
off your name in the electoral register (database).
- He (or she) gives you a ballot token.
- You mark the ballot token in secret and place it in the ballot box.
The key to this system (unlike the British system) is that there is no
relationship between the voting token that authenticates you as a
valid voter and the ballot token which is eventually counted. (In the
British system the ballot token number is recorded against the
electoral register, apparently in case of fraud...)
The implementation details: The voting token could be a the SHA1 sum
of the registered voter's e-mail address and a secret salt known only
to the whoever has handed out the tokens and the administrator of the
web site (probably best if these are two different people).
Alternatively, it could be based on a digital signature, for extra
security (as then the administrator could not forge new users).
The ballot tokens could be pseudo-random strings, generated before
voting begins and stored in a database. Upon disclosing the voting
token to the web site, the next available ballot token is taken from
the database and given to the voter.
The voter can then either use the token immediately, or record it for
later use (to avoid correlation of timings as a method of determining
the vote).
In accordance with the STV system the vote will consist of a first,
second and third preferred candidate. These will be counted in the
way that is explained on the wikipedia STV article.
Mind you, all of this could be highly pointless, as there are
currently only one nomination each for the chairman and secretary's
positions!
Anyway, I thought it would be worthwhile having a discussion about
this so we can get a system implemented that everyone agrees is "free
and fair" [E/CN/4/RES/2000/47 1.(a)] ;-)
Cheers,
Matt
More information about the talk
mailing list