On Sat, 16 Jan 1999, Kent Crispin wrote:
> > In 1999 there is no practical way to prove the identity of a person
> > voting in a large-scale election over the Net.
>
> Yes, but that is not *anywhere* near as important as it seems at
> first.
>
> In practical terms this same problem exists for a large-scale
> international election conducted via postal-mail. The parameters are
> slightly different, but there are many strong similarities. If I am
> ...
Well, yes, agreed, but ...
> There are actually two places where identity verification is done --
> at voter registration time, and when the vote is actually cast.
It's a lot more complicated than that in elections of significance.
Take the system used in the UK, for example. There is a list of
people eligible to vote called the electoral roll. This is a public
document, one that anyone can examine at the public library. And
people do examine it. There is a constant background consistency
check going on. Banks look you up when you try to open an account
for example; and people thinking of suing you get your details from
it. At a higher level, if the population is known to be 10,000, and
there are 20,000 people on the electoral roll, there's an enquiry.
The registration phase is moderately complicated. Each year the
residents of a building get a notice requiring them to confirm that
they are still present, or notify the local authority of any
departures or new arrivals; anyone who will be of voting age at the
next election. This form must be returned and must be correct;
anyone who doesn't cooperate can be prosecuted.
When there's an election, they send you a notice through the post.
When you go to vote, you show them the notice and they check you off
on the list. You don't necessarily have to show them the card, but
then you usually go to a polling station in your neighborhood where
people know you.
The upshot of this is that large scale voter fraud in the UK at least
is extremely difficult.
This is how real elections tend to be handled. There are a lot of
cross checks at many levels. These tend to keep errors and fraud
at a level low enough so that there is rarely a question about the
outcome of elections in the Western democracies.
> The cost of identification at registration time is similar in both
> cases -- potentially high -- whether the voting mechanism is done
> through email or not. You identify the "administrative contact" for
> the vote (speaking metaphorically) to a fairly high of confidence, so
> that they can be contacted for later verification, should a problem
> arise. In fact, whatever identification method you use for the
> p-mail case could be used for the e-mail case -- of course, one would
> specify an email voting address instead of a pmail one.
Notice the role of the post office in the UK system. As in the USA,
it is a crime to interfere with the operations of the postal system,
so that notices can be delivered with a large element of reliability.
This means that (a) there is only one physical notice issued per voter,
(b) that notice gets to the official address of the voter, and (c) the
notice can be used at voting time to verify the identity of voter with
reasonable reliability.
It would of course be possible to use this idea of sending a unique
token to each voter in an email system, and then using that token to
verify the identify of the voter.
> In either case the per ballot cost of ballot verification must be
> kept low. Typically only a cursory per ballot validation is done,
> with record keeping so that fraud can be detected if the election is
> contested. If one is doing a roll-call vote, with publication of
> the entire roll to every voter of record the possibility of fraud
> becomes very slim.
Actually, you can get most of the advantage of publishing the roll call
vote by simply emailing the voting card back to the voter.
> So, while there are certainly some issues, there is no question that
> a successful, fair, and efficient international election can be held
> via email, and in fact, this can be considered a solved problem --
> such voting systems are in production use, including (as the ISOC
> example shows) election of officers of a Corporation.
I don't disagree with this. The problem is identifying the voters.
Mostly this is a problem in the registration phase.
I believe that in the email you responded to I was talking about Verisign
digital certificates costing $10 each. The problem is that these are not
tied to any individual identity; it's a no-brainer to have Verisign
generate a large number of digital certificates for a large number of
imaginary people.
Once you have this little army of imaginary people you can then have
them vote for whoever you wish. And they don't have to survive the
scrutiny of one of the neighbourhood wives at the polling centre;
there are none of the multiplicity of crosschecks that characterize
most elections in most Western polities.
Things would move much closer to practicality if rather than tying
votes to the elusive individual you tied them to either domain names
or IP address space. Given the fact that anyone can have as many
domain names as they are willing to pay for, it would make more sense
to tie the vote to registered IP address space. This very roughly
corresponds to the method used in generating the UK electoral roll,
and has many of the same advantages. The IP address space is finite
and at least the newer blocks allocated through the RIRs are tracked
very carefully, so that there is an audit trail leading back from an
IP address to whoever is responsible for the address block.
> I realize that you probably agree with this conclusion. I just
> wanted to be sure that people didn't draw erroneous conclusions from
> your statement.
>
> I believe it is true that Nominet uses online voting, doesn't it?
Well, on arrival at the last Nominet AGM, you were given a name tag
and then one large card per member. The card had YES and one colour
on one side and NO and another bright colour on the other. Then you
voted by raising your card and preferred colour. Low tech, high
reliability.
However, ISPA UK uses electronic voting. We hold elections over the
Net using single transferable voting (STV). We announce elections
by broadcast to the membership. Members vote through a Web page.
When a vote is cast we email the registered voter, verifying the vote
as we understand it and giving him or her the chance to complain if
there is an error. We also publish an up-to-date version of the vote
on the Web as voting proceeds, listing each voter and how they have
voted.
In consequence there is little chance for fraud. What we have found,
however, is that voting is so easy that we have a problem with apathy.
Before people had to take the day off work and go down to London to
vote. Now they just use their browsers. Oddly enough, the voter
turnout has fallen, and the degree to which elections involve the same
old people has risen. Oh well ... #-}
--
Jim Dixon Managing Director
VBCnet GB Ltd http://www.vbc.net tel +44 117 929 1316
---------------------------------------------------------------------------
Member of Council Telecommunications Director
Internet Services Providers Association EuroISPA EEIG
http://www.ispa.org.uk http://www.euroispa.org
tel +44 171 976 0679 tel +32 2 503 22 65
__________________________________________________
To receive the digest version instead, send a
blank email to [EMAIL PROTECTED]
To SUBSCRIBE forward this message to:
[EMAIL PROTECTED]
To UNSUBSCRIBE, forward this message to:
[EMAIL PROTECTED]
Problems/suggestions regarding this list? Email [EMAIL PROTECTED]
___END____________________________________________
