Slashdot Mirror
Schneier On Self-Enforcing Protocols
Hollow Being writes "In an essay posted to Threatpost, Bruce Schneier makes the argument that self-enforcing protocols are better suited to security and problem-solving. From the article: 'Self-enforcing protocols are safer than other types because participants don't gain an advantage from cheating. Modern voting systems are rife with the potential for cheating, but an open show of hands in a room — one that everyone in the room can count for himself — is self-enforcing. On the other hand, there's no secret ballot, late voters are potentially subjected to coercion, and it doesn't scale well to large elections. But there are mathematical election protocols that have self-enforcing properties, and some cryptographers have suggested their use in elections.'"
The show of hands is not self-enforcing precisely because a non-secret ballot is subject to coercion. People vote their peers instead of their conscience.
Selecting a security protocol that adversely alters the results is a common mistake among information security personnel.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Self-enforcing protocol participants do not require the level of trust that are required of impartial middle-men. One way of looking at self-enforcing protocols is to think of the protocol itself as serving the role of a middle-man. The protocol can be scrutinized more thoroughly than any self-serving middle-man and a higher level of trust can be placed on the protocol.
Here is the solution to all voting problems.
Goals:
1. Confirm your vote is collected correctly.
2. Try to assure the people that no votes were added.
3. Don't hide results.
4. Keep votes anonymous.
Solution:
1. Keep a large public vote database.
2. Be able to Look up votes by voter id, county, polling location and time.
3. Keep large visible clock and voter count at each polling station. Every time a person goes into the voting room, the count goes up. Voter counts can be confirmed online. Maybe even in a graph over time.
The voter should be able to go online and see his own vote. Since every voter can see every vote counted up in every polling location in the country and know that everyone else can, they'll be assured of the results. If they're paranoid, they can watch their local polling station's voter count and confirm the published results don't have added votes.
Note: Maybe instead of voter id's, it should be a random confirmation code thats generated on the spot. That should be even more anonymous.
Problems: Some people actually vote for the wrong person on accident. That's unfortunate, but the solution isn't to hide it from them.
If vote online doesn't match your vote, have a dispute process. Keep track of dispute counts over time, for the public to see.
in the federalist papers:
http://www.constitution.org/fed/federa10.htm
They thought about it, but free speech trumped the elimination of political parties. Always floors me how much foresight they had.
The problem is actually the American spelling. Since the American spelling of "cheque" is "check", the politicians simply misunderstand the term "checks and balances" (where "balance" is interpreted as "balance of the bank account", of course).
The Tao of math: The numbers you can count are not the real numbers.
And when your boss says, "By the way, if you vote for Dan, you get to keep your job - and I want to see your voting receipt to prove it, or out you go!"? That's one of the main reasons that we have private polling in the first place.
How about going back to the old ways - electronically generating, at the polling place, an anonymous, very clear, human-readable piece of paper describing your vote. Use machines to create as many as you want, one at a time, on special pieces of paper that are handed out either as you walk in the door and get IDd or upon the insertion of your previous one into a shredder. Once you're happy with it, it goes into the voting box which a) saves it, and b) scans it and records the data, unofficially (ie: the piece of paper wins in a recount).
Dead simple, totally private, and fully auditable. Plus, with an open standard, there could be different types of paper-generating-machines for people with different needs, no problem. No hanging chads, no huge expense, quick access to unofficial results and about as easy a recount procedure as you could ask for.
Finally, at the end of the day, do it the CA way and have the boxes opened up and tallied by hand for the major issue and a random selection of minor ones at each station. Anyone can watch, and any discrepancy over .1% of the total is assumed to be computer-tampering and triggers a full manual count for all issues at that station, and a more thorough audit to determine the source of the discrepancy.
You're special forces then? That's great! I just love your olympics!
voting systems should better reflect the people's actual will, by being a little more complex
you're never going to get the nuance of the people's will 100%, but you can do a lot better. for example: borda voting
http://en.wikipedia.org/wiki/Borda_count
just rank candidates in the order you like them. then, in a divisive election is an opportunity for everyone's second best choice to become the winner rather than partisan first choices, that one half of the population hates, barely edging out the other
now take as an example the disgusting 2000 presidential election: if people were allowed to merely rank candidates rather than be forced to pick one, who would have won? john mccain. however you think of him as a choice in the 2008 election, mccain was certainly a better choice than gore or bush in 2000, and the nation actually thought so. if the people were allowed to rank a list of candidates, his name would have come out as the number 2 choice of everyone, and he would have won. but the system worked against mccain. instead, various undemocratic closed door machinations led the republican party to choose monkey boy bush over the more deserving mccain, and so the democrats who would have ranked mccain second best never would have been able to register their approval of mccain over bush. borda voting does away with the whole party primary nonsense: democrats field 4 or 5 presidential candidates, republicans field 4 or 5 presidential candidates. and the voters merely rank them. then the voting system better reflects the nuances of public opinion, and allows for the candidate whom people really like to emerge. who should really lead the nation? by better reflecting the people's affinity or dislike. no more divisive partisan bullshit
another good system: approval voting
http://en.wikipedia.org/wiki/Approval_voting
easier to understand than borda voting with similar results: checkbox next to anyone you like. voting for no one and voting for everyone has the same effect. in between, are abilities to express approval and disapproval, and the winner is a simple tally of whomever gets the most votes
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
What is the proposed self-enforcing voting protocol?
Everybody in the same room makes a mark on a ballot, folds it, puts it in a box with an open top, so all can see it is not subject to being rigged, but still not see the actual votes. At the end, the votes are upended on the floor and everybody looks at them, and can count them themselves.
Less subject to coercion than a show of hands, still not perfect. However, it is self-enforcing, since all can see the results.
There's other ways as well, but the point is that everybody needs to know how the system works and to be able to follow all the votes all the way through the system to the final count for it to be self-enforcing.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Self limiting protocols are useful only for small scale solutions when it is reasonably possible to validate the results (are you going to be able to review the votes of 1,000 plus voters in a useful timescale)
This idea seems to come out of nowhere and with no justification other than that the most naive possible method of scaling one particular protocol up doesn't work well. There is no fundamental reason that a well designed self enforcing protocol can't scale very well. As a simple example, let voters gather in groups of 100 or so and tally their votes. Then send someone to report the votes to a larger group (this can happen multiple times to allow for exponential scaling), and make sure the report is publicized (in a local newspaper or on a website designed for the purpose) so that voters can confirm the numbers were reported right. By spreading the work over many people no one person has to do an excessive amount of work, regardless of the number of voters.
Anonymity is a little trickier to do efficiently, but here's the first idea that comes to mind. Gather your 100 voters in a room with a vote count visible to everyone, and give each voter a private terminal. In a random order ask each voter to make a choice, then to confirm the updated count. Each voter will know his own vote was counted correctly. If 100 voters doesn't seem like enough to ensure anonymity you can use a larger group.
Obviously there are all sorts of flaws with the plans above, but with proper time to work through the details a workable plan of some sort exists. Just because you don't know a solution to a problem doesn't mean that someone actually willing to think can't come up with one.