|
Grex > Coop8 > #123: Cyberspace Communications, Inc. finances through 9/30/96 |  |
|
| Author |
Message |
| 16 new of 40 responses total. |
davel
|
|
response 25 of 40:
| 
Oct 18 13:47 UTC 1996 |
Re 23: theoretically possible, but I think it would involve rewriting the cat
command.
Re 24: so if I want to check my vote I have to remember yet another password?
|
albaugh
|
|
response 26 of 40:
|
Oct 19 04:57 UTC 1996 |
Yep, you'd have to "remember" it. 'Course, you could just store it in a file
with no outside permissions until you no longer needed to remember it...
|
davel
|
|
response 27 of 40:
|
Oct 19 11:57 UTC 1996 |
But then it's not a "secret ballot"! Some root could read that.
|
tsty
|
|
response 28 of 40:
|
Oct 20 06:20 UTC 1996 |
bingo! even if it's a step away, it's not secret.
|
popcorn
|
|
response 29 of 40:
|
Oct 20 16:21 UTC 1996 |
This response has been erased.
|
pfv
|
|
response 30 of 40:
|
Oct 20 17:18 UTC 1996 |
Why not merely do the PGP-like thing? Grex gets a 'public key'
and all 'voters' must know their own 'private' key..
It's not like the issues don't cross over to other areas or lack
for solutions..
|
drew
|
|
response 31 of 40:
|
Oct 20 21:55 UTC 1996 |
Hey, that would work. The voters would "sign" with their private key, and
the public keys, placed in people's .plans, could be used to verify the
signatures.
|
arthurp
|
|
response 32 of 40:
|
Oct 21 01:35 UTC 1996 |
And then the recievers know exactly who sent each vote.
Hardly secret.
|
e4808mc
|
|
response 33 of 40:
|
Oct 21 06:37 UTC 1996 |
The Grex secrecy problem is very similar to the absentee ballot problem for
any election. You mail in your ballot with an identifying sequential number
attached. Election workers check to see that the number is the same as the
one you were given to complete. Then they tear it off the ballot, and pass
the ballot on to have the votes recorded. *Theoretically* election workers
could check your ballot before they passed it on.
However, with several workers handling the ballot, and watching what happens
to it, this never happens. Political parties are also allowed to have poll
watchers there to see that ballots are kept secret.
Now all we need for Grex is a way that the ballots could all be kept "sealed"
until a group was gathered to "open" them. This might mean that you could
only vote once, and not be able to "retrieve" your vote and change it.
|
remmers
|
|
response 34 of 40:
|
Oct 21 10:10 UTC 1996 |
There are two issues here: *secrecy* of the voting process
(preventing anyone from finding out how you voted) and
*integrity* of the voting process (preventing tampering with
votes, insuring that the final tally accurately reflected
how people actually voted). Those are both desirable goals,
but as people have pointed out, they may be somewhat in
conflict.
With respect to secrecy the vote program is in a similar
position to email: People with root access could peek at
people's votes, just as they could peek at people's private
email messages. So if you trust the roots not to be reading
your mail, you should trust them not to be looking at your
votes.
With respect to integrity, there are safeguards in the
program intended to make it difficult for someone (even a
root) to tamper with the ballots undetected, but I can't
claim that they are 100% infallible. So there's an element
of trust here as well.
If I were to beef up security in the vote program, I would
be more inclined to tighten up integrity rather than secrecy,
as I think that's the more important issue. (Wouldn't you be
more upset if you learned that an election had been rigged
than if you found out someone had looked at your vote?) It
won't happen this time around, but it's something to think
about for the future.
|
pfv
|
|
response 35 of 40:
|
Oct 22 05:30 UTC 1996 |
If you cannot trust yer 'root' at least as well as you trust the
election personnel, then you have a serious, major problem which
is beyond the scope of this entire discussion.
Write a single program to use Unix en(de)cryption from the data
file and program itself. Lock a copy of the source in the Safety
Deposit Box. delete all source online.
Have it use pseudo-random numbers, or timestamps in addition to
the PGP key.. All this complication STILL means that at least ONE
person must still be trusted.
|
marcvh
|
|
response 36 of 40:
|
Oct 22 15:46 UTC 1996 |
There are lots of interesting cryptographic issues involved with
creating a secure voting system; see Schneier. Probably the biggest
issue is how exactly you define "secure." Even then you have to
impart some degree of trust into the people who create the ballots.
Unfortunately PGP doesn't solve any of these problems; it's not a
secure election tool. Creating a mechanism for a cryptographically
secure election seems to be of questionable value in any case..
|
albaugh
|
|
response 37 of 40:
|
Oct 22 15:59 UTC 1996 |
Response #34 seems to have laid it out clearly to me...
|
tsty
|
|
response 38 of 40:
|
Nov 2 09:21 UTC 1996 |
i would presume that the integrity of the code is pretty good, no
reports of tampering made public either here or there. besides, given
your enthusiasm for the project and your standing in the community
i consider that your efforts at integrity to be far higher than one
would casually consider. in other words, the current code is in all
likelihood pretty damn solid. how about tweaking the secrecy?
|
remmers
|
|
response 39 of 40:
|
Nov 2 12:12 UTC 1996 |
When I mentioned "integrity" above, I wasn't referring to the
accuracy of the program in recording the votes correctly (which
I think is pretty solid), but rather to the issue of people with
root access being able to tamper with the vote files undetected
after votes have been cast. Take another look at my response.
|
tsty
|
|
response 40 of 40:
|
Nov 2 12:52 UTC 1996 |
did ... my take is that both situations have about the same, and sufficient,
integrity. i guess my take was more general, that's about all. i am glad
you pointed out that tampering from *any* source is pretty detectable.
again, i consider that your efforts at integrity to be far higher than
one would casually consider - and i would include any of the staff
who would undertake such a project as well.
|