Damien Broderick wrote:
> To send yourself mail with the flap tucked in rather than stuck down, you
> still need an address on the envelope. Wouldn't the vote counters get
> suspicious if lots of votes arrived later with new labels posted over Mike
> Lorrey's snail? Or is this like buying `first day covers' or whatever
> they're called by philatelists, stamped and postmarked by never mailed?
That part, at least, isn't a problem. Attach the address label with Post-It
glue, then take the address label off after it arrives, then write the "real"
address on the envelope. They're making Post-It gluesticks, so the same
method can be used to seal the envelope if you don't want to just tuck it in.
Then you just drop the back-postdated envelope into someone's mailbox, or
(you'd need an inside guy for this) into someone's heap of uncounted absentee
ballots. This assumes that postmarks don't have routing information.
No, it's not my Chicagoan blood showing through. It's just that I feel that
votes won't be secure until they come up with a way to use PGP signatures.
Better yet would be if the cryptomagic folks come up with a way to
double-blind the votes, as with some of the proposals that have been floated
for untraceable, non-double-spendable digital cash. An ideal crypto election
system would have the following properties:
1) All votes - that is, the digital information representing votes - are
2) Anyone can independently count the votes.
3) Anyone can independently verify the identities of the registered voters.
4) Anyone can verify that their vote is represented in the count.
5) Nobody can trace my own vote back to me.
You'd need some fancy prime numbers to handle that. It would probably work
something like this; I create my voting slate; I perform an operation which
blinds the data in my voting slate; I send my blinded vote to the election
commission (this occurs in full view of everyone); the election commission
signs my blinded vote using the universal Election Private Key and sends the
signed, blinded text back (also in full view); I decrypt the signed vote in a
way which leaves the plaintext signed; I post the vote data to a repository
through some anonymous means.
Anyone should be able to independently examine and count the plaintexts of the
votes; anyone should be able to verify that their personal vote appears in the
public repository; the votes themselves should be untraceable; finally, the
number of signatures performed by the election commission is a matter of
public record, as are the identities of the individuals who sent in blinded
votes. (The total number of signed plaintext votes should be less than or
equal to the number of publicly signed blinded votes, unless the election
commission is pulling something.)
Somebody has probably thought this through before. Are there any papers on
this already out there?
-- -- -- -- --
Eliezer S. Yudkowsky http://singinst.org/
Research Fellow, Singularity Institute for Artificial Intelligence
This archive was generated by hypermail 2b30 : Mon May 28 2001 - 09:50:20 MDT