It would be better for management to study and apply the ideas of Ricardo Semler
http://en.wikipedia.org/wiki/Ricardo_Semler Most companies are too afraid of open markets that deal in information. They fail to build trust and do not trust their employees. The result is predictable. E-voting won't fix it, just as much as all the elections, "democracies", and admiralty courts have failed to stop fraud in law and money at rung zero. Best, Ray On 06/01/11 17:26, Marsh Ray wrote: > On 01/06/2011 10:27 AM, [email protected] wrote: >> On Thu, Jan 06, 2011 at 08:22:03AM -0800, >> [email protected] wrote: >>> Someone emailed into "Security Now" a while back, asking about workplace >>> surveys that are supposed to be anonymous, but have a unique URL for each >>> person, so that they can tell who hasn't filled it out. >> >> That is, one requirement is that mgmt can tell who hasn't done the form, >> so they can go bug them. > > Years back I contributed to the design of an in-house employee survey. We had > that same requirement. There was also the requirement that the survey be > "anonymous". > > The whole point of an anonymous survey after all is that everyone understands > the anonymization process well enough that they have confidence in their > anonymity. In a sense, this requires a 'meta threat model': the system design > needs to incorporate a model of the internal threat model of each individual > user and allow every user to prove to himself that his own constraints have > been > satisfied. > > The company was big enough for meaningful aggregate data, but still small > enough > that an HR person walked around with the pay stubs. One suggestion was for > people to just draw their survey ID numbers out of a literal hat. > > This suggestion was dismissed immediately due to that same objection that it > would be hard to force employees to fill out the survey. Various methods were > proposed, I think they went with the survey app giving the employee some kind > of > proof-of-completion code which they were then supposed to email to HR. > > Nobody really believed the survey was anonymous when it was taken. (Previously > the physical suggestion box had been taken off the cafeteria wall and replaced > by a folder on the Microsoft Exchange system and the claim that "management > will > make no attempt to identify the submitter...".) > > After the first survey, the results were published with such detail that they > were broken down into business units as small as 3 - 5 employees. Everyone > had a > grand time correlating the satisfaction levels and comments with things people > had said openly in the past. > > 'Anonymous' exists in the mind of the surveyed, not just as some formal > constraints on the knowledge of the surveyor. > > - Marsh -- Rayservers http://www.rayservers.com/ Zurich: +41 43 5000 728 London: +44 20 30 02 74 72 Panama: +507 832 1846 San Francisco: +1 408 419 1978 USA Toll Free: +1 888 265 5009 10:00 - 24:00 GMT We prefer to be paid in gold Globals™ and silver Isles™ Global Standard™ - Global Settlement Foundation http://www.global-settlement.org/ Our PGP key 0x079CCE10 on http://keyserver.rayservers.com/ _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
