[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Demexp-dev] Re: Leparlement and security (was: Re: [top-politics] Re: T
[Demexp-dev] Re: Leparlement and security (was: Re: [top-politics] Re: TOP invitation to programmers.)
Fri, 6 Oct 2006 10:28:41 +0200
On Fri, Oct 06, 2006 at 09:04:06AM +0200, David MENTRE wrote:
> Hello Emmanuel,
> 2006/10/6, echarp <address@hidden>:
> >I was the author of those comments, not too harsh hopefully.
> Constructive criticism is one pillar of democracy. :-)
Thank you for your understanding.
> >The goal is a forum/mailingList/chat/news system, where every post is
> >also a poll and potentially a vote.
> That's an iteresting concept. But won't you have too many votes that a
> user will have to track? ;-)
Many many many. But organized as a tree like any forum or mailing list.
This will also be useful for delegable proxies.
Plus a moderation system alike SlashDot: where each user can define a
filter to only view the elements above his threshold (on the right hand
0 and will hide the simple votes.
> >There is one solution that _could_ bring *trust*: total and complete
> >transparency. To the point of real time *reproducibility*.
> >To the point where a *P2P* system of servers can be set up by any number
> >of willing individuals. Then *PGP signatures* to ensure the relationship
> >between a vote and a persona. *Electoral lists* (of PGP public keys) to
> >calculate results.
> I see two weak points in your approach:
> * the first one is obviously lack of anonymity. I think anonymous
> vote is an essential part of democracy: avoid social pressure for each
> individual's decision. After that, you are arguing that anonymity is
> difficult to do on the Internet. You might be right but I hope one day
> we'll have strong arguments to invalidate your hypothesis; ;-)
My approach is simple: how can we trust an internet democracy? One
simple and basic way is *total* transparency. Yes, that implies no
At first anyway, because I can envision a service, a third party
trustee, that could vouch for a user's re-inscription under another
And/or, for the paranoid one, good old fashioned physical ballot boxes,
where a vote is slipped in a machine and the link with the physical
person is lost. To trace the vote in the system of P2P servers, a
random pseudo would/could still be associated with the vote. Of course
then, this person won't be able to change her mind.
Vote buying is the only *big* problem I can envision with internet
democracy. And it's only a problem if people don't value their voting
> * the second one is that it is difficult to link a GPG public key (or
> any kind of authentication token) to an individual. How can you be
> sure that I'm not creating thousands of GPG keys, cast thousand votes
> to change the vote result? This is a tricky question and we'll have to
> face the same issue in demexp. In demexp, we plan to rely on external
> proof, e.g. birth certificate, but we'll have also to face fake ones.
Yes, it is very difficult. The best way is thus to go around the
problem: let anybody setup any number of electoral lists following any
procedure they want.
An association for example, would have its own procedure to manage the
electoral list used to legitimately vote on decisions. This procedure
can imply a physical ID card, or the trust of another member. Their
An electoral list will be just another mail in the system, thus
transparent to scrutiny (basically, everything is a mail/post).
echarp - http://leparlement.org/security