I am currently investigating the possibility to conduct electronic
elections on the web.
My aim is to be able to cut the costs and the administative overhead of
having an ordinary election.
The organization it involves right now is Uppsala university student union
and its approximate 30.000 members. Every year they elect 41 people to
rule over the student union for the nexrt year, currently 2/3 of the votes
comes via snail-mail and the rate of participation is very low.
So Im looking for a system that will give me the following:
* Ease of use for non computer experts.
* Secure, i.e. one vote per person.
* Anonymous voting, i.e. no conection between a certain vote and a certain
person.
* Shall produce good statistics and be able to perform sanity checks of
the data, i.e. if any cheating is undertaken it shall be easy to find
out.
* Easy to administrate, shall be able to handle both parties and
persons. (A vote can be casted both on a party and on a special person
in that party)
One can assume that all the voters have a encryted passfrase stored in a
central password file.
The voters are not familiar with personal certificates and we can't expect
that we can use thoose for identification.
The system I have sketched on works as follows:
1) A website presents all the data on the candidates and the parties
involved.
2) A voter can log in to the system and cast a vote on a special
candidate in a special party.
3) The login is carried out using SSLv3 encrypted connection and
authorizing against a encrypted passwd file.
4) Ones a voter submits the vote a post in a sql-database is created
where one stores that a certain person has submitted a vote and from
what computer (ip#) and at what time.
5) The vote is stored in another table. The party and the possible
candidate is stored. As well is a encrypted value about how submitted
the vote stored. This is pgp encrypted using a public key that belongs
to a trusted third party. Possible even with a key that is in
part stored at several different locations, i.e. one pice at each of
the participating parties.
In point 5 above I wonder wether there is any other good way of securing
both the anonymity of the voters and preserving the security.
If there is no system available for doing this I will most probably
implement it as a Roxen module with a mysql backend.
What do you think of the above described system? What work has been dowe
before and is there any similar organizations having electronic elections?
Best regards,
/Per
|-Per Kangru--http://kangru.org-+46-(0)[EMAIL PROTECTED]|
|Lasercooling @ Stockholm Univ. +46-(0)8-161136 [EMAIL PROTECTED] |
|Consultant @ Roxen IS AB +46-(0)709-153939 [EMAIL PROTECTED]|
|-PGP-fingerprint-672C8-5632-7DC49-CFECC-E0EE-3DA4-E82E-A036F-59A1|
