After bouncing the idea off a few people and thinking about it for a while, I've got the next iteration of my voting idea. I'm thinking we could use GnuPG
to handle all the cryptography since it's free (as in speech), open source, stable, secure, and widely adopted. Here's how it works.Three groups
Everyone involved in the process falls into one or more of the following groups:
Step 1: Delegate registration
- The polling authority is the entity in charge of administering the voting process, and in this case would be a political party.
- The voter is anyone eligible to vote, but not necessarily a member of this party. They choose a delegate to vote on their behalf. All voter information is confidential.
- The delegates are entities that have been given authorization by voters to vote on their behalf. They can be people, computer programs, corporations, other political parties, or whatever else the voter chooses. All delegate-related information is public.
Anyone or anything wishing to serve as a delegate can submit a name, email address, and public key
to the polling authority. An encrypted confirmation email will then be sent to the delegate. Once confirmed, the delegate is added to the key server
. The public will have read-only access to the key server.Step 2: Voter registration
A voter travels to the polling authority with an accepted form of identification and registers to vote. The voter then types in the email address of a delegate who has registered in Step 1. The voter can optionally specify multiple delegates, so if the voter's first choice delegate does not vote, their second (or third, fourth, etc) choice will be used instead. As a courtesy, voters can notify their delegates when selected or removed, but this can't be done by the polling authority without risking voter coercion
. For most voters this step can be automated for complete privacy, but we'd also provide assistance on request.Step 3: Call for votes
When it's time to vote, the polling authority publishes notice on the party website and mailing list. For example, a poll could look like this:
Poll 123456: "What will we have for dinner?"
003 ToothpasteStep 4: Votes submitted
The delegates who had registered in Step 1 would then:
- Rank the choices from Step 3 in order of preference,
- Save those rankings to a file,
- Tamper-proof the file by digitally signing it, and
- Email this ballot to the polling authority.
Since an unscrupulous attacker could block a delegate's registered email address during this step, we'd have to allow ballots from any address so long as the registered one is mentioned and the signature passes verification.Step 5: Votes tallied
After a set amount of time has passed, the polling authority verifies all submitted ballots and tallies the votes. I'm a fan of the Schulze method
, but there are some other good electoral systems
out there for determining the winner. The winning choice and every other choice that has been ranked by over 1% of all votes will be displayed on the party website. The ballot from each delegate will also be publicly visible.Other ideas
I've been thinking about Coriolinus' tagging idea from the last post, but I can't think of any good way to make it work properly. Everything I've got so far either introduces the risk of gaming the system or just wouldn't prioritize issues perfectly for everyone. I'm open to the idea, but I'm not 100% sure how I could make it work.
Labels: politics, voting