Re: Making the ballots secret

While trying to find the definition of the multi-winner SPI method for
Antti-Juhani Kaijanaho, I spotted this little gem in Article Five of
http://www.spi-inc.org/corporate/by-laws which relates to comments I
made elsewhere:

"Ballots concerning election or removal of officers shall be secret
ballots."

At present, ballots are (correctly IMO) described as confidential, not
secret, on the voting pages like
https://members.spi-inc.org/vote/election.php?ref=6

One way they are not secret is that votes seem to be stored on that
server indefinitely. Any webmaster of members.spi-inc could see all
of our past votes back to at least 2004, right?

I don't want to change the by-laws, so can the election system be
changed to offer a secret ballot instead of a confidential one?

One possibility is to require the secret cookie to change one's vote.
That does mean if the secret cookie is lost after voting, a vote can't
be changed (has-voted would need to be tracked seperately). Also, I
don't know whether recent developments in MD5 hash collisions make
this unsafe. Comments?

Any other ways to fix this?

Thanks,
--
MJ Ray - see/vidu http://mjr.towers.org.uk/email.html
Experienced webmaster-developers for hire http://www.ttllp.co.uk/
Also: statistician, sysadmin, online shop builder, workers co-op.
Writing on koha, debian, sat TV, Kewstoke http://mjr.towers.org.uk/

On Tue, Aug 07, 2007 at 06:01:54PM +0100, MJ Ray wrote:
> While trying to find the definition of the multi-winner SPI method for
> Antti-Juhani Kaijanaho, I spotted this little gem in Article Five of
> http://www.spi-inc.org/corporate/by-laws which relates to comments I
> made elsewhere:
>
> "Ballots concerning election or removal of officers shall be secret
> ballots."
>
> At present, ballots are (correctly IMO) described as confidential, not
> secret, on the voting pages like
> https://members.spi-inc.org/vote/election.php?ref=6

That voting page relates to the election of directors, not of officers.
The election for officers as referenced in that bylaw was done by the
new board of directors at the 3-minute August 1st special board meeting,
which had no other business and had exactly one candidate for every
officer position. That was done by having the directors send their
votes via /msg to Neil or Michael (I forget which), who then announced
that the motion to approve the slate of officers had passed. I agree
that is less than fully secret given that one of the candidates in his
role as vote collector saw how everyone voted, and also that in general
it is good to know the vote totals, but given that none of the elections
were contested I'm not too worried about these issues in the particular
case that just occurred. They are worth addressing before the next
officer elections in case some positions then have multiple candidates.

- Jimmy Kaplowitz
jimmy(at)spi-inc(dot)org

On Tue, Aug 07, 2007 at 06:01:54PM +0100, MJ Ray wrote:
> While trying to find the definition of the multi-winner SPI method for
> Antti-Juhani Kaijanaho, I spotted this little gem in Article Five of
> http://www.spi-inc.org/corporate/by-laws which relates to comments I
> made elsewhere:
>
> "Ballots concerning election or removal of officers shall be secret
> ballots."
>
> At present, ballots are (correctly IMO) described as confidential, not
> secret, on the voting pages like
> https://members.spi-inc.org/vote/election.php?ref=6
>

You seem to be mixing up board members and officers.

Neil
--
Neil McGovern
Secretary, Software in the Public Interest, Inc.

Neil McGovern <neilm(at)spi-inc(dot)org> wrote:
> On Tue, Aug 07, 2007 at 06:01:54PM +0100, MJ Ray wrote:
> > [...] in Article Five of
> > http://www.spi-inc.org/corporate/by-laws which relates to comments I
> > made elsewhere:
> > "Ballots concerning election or removal of officers shall be secret
> > ballots." [...]
>
> You seem to be mixing up board members and officers.

Perhaps. Article Seven says "The directors to be chosen for the
ensuing year shall be chosen at the annual meeting of this
organization in the same manner and style as the officers [...]"

Should board member elections be secret?

Confused,
--
MJ Ray - see/vidu http://mjr.towers.org.uk/email.html
Experienced webmaster-developers for hire http://www.ttllp.co.uk/
Also: statistician, sysadmin, online shop builder, workers co-op.
Writing on koha, debian, sat TV, Kewstoke http://mjr.towers.org.uk/

Previously MJ Ray wrote:
> While trying to find the definition of the multi-winner SPI method for
> Antti-Juhani Kaijanaho, I spotted this little gem in Article Five of
> http://www.spi-inc.org/corporate/by-laws which relates to comments I
> made elsewhere:
>
> "Ballots concerning election or removal of officers shall be secret
> ballots."
>
> At present, ballots are (correctly IMO) described as confidential, not
> secret, on the voting pages like
> https://members.spi-inc.org/vote/election.php?ref=6
>
> One way they are not secret is that votes seem to be stored on that
> server indefinitely. Any webmaster of members.spi-inc could see all
> of our past votes back to at least 2004, right?

No, a script is run post-vote that removes the relation between the vote
and the votee.

Wichert.

--
Wichert Akkerman <wichert(at)wiggy(dot)net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.

Wichert Akkerman <wichert(at)wiggy(dot)net> wrote:
> Previously MJ Ray wrote:
> > One way they are not secret is that votes seem to be stored on that
> > server indefinitely. Any webmaster of members.spi-inc could see all
> > of our past votes back to at least 2004, right?
>
> No, a script is run post-vote that removes the relation between the vote
> and the votee.

So why can I see my past votes back to 2004?

Still, can a webmaster of members.spi-inc see votes for current ballots?
That doesn't seem secret.

(As I understand it, secret ballots in real life often happen by
issuing anonymous-but-validated ballot papers to voters in a
controlled space, which are then completed and submitted into holding
pools along with similar votes from many others. SPI voters' ability
to check one's own vote afterwards is unusual. Although good, I don't
see how to do it by modelling a real-life secret ballot.)

Regards,
--
MJ Ray - see/vidu http://mjr.towers.org.uk/email.html
Experienced webmaster-developers for hire http://www.ttllp.co.uk/
Also: statistician, sysadmin, online shop builder, workers co-op.
Writing on koha, debian, sat TV, Kewstoke http://mjr.towers.org.uk/

Previously MJ Ray wrote:
> Wichert Akkerman <wichert(at)wiggy(dot)net> wrote:
> > Previously MJ Ray wrote:
> > > One way they are not secret is that votes seem to be stored on that
> > > server indefinitely. Any webmaster of members.spi-inc could see all
> > > of our past votes back to at least 2004, right?
> >
> > No, a script is run post-vote that removes the relation between the vote
> > and the votee.
>
> So why can I see my past votes back to 2004?

I don't know. Maybe people haven't been running the script anymore.

> Still, can a webmaster of members.spi-inc see votes for current ballots?
> That doesn't seem secret.

A webmaster can't. The nm team and the SPI-admins can take a look inside
the SQL database.

(This is all assuming it's still running the same software as it was a
few years ago)

Wichert.

--
Wichert Akkerman <wichert(at)wiggy(dot)net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.

Wichert Akkerman <wichert(at)wiggy(dot)net> wrote:
> Previously MJ Ray wrote:
> > Wichert Akkerman <wichert(at)wiggy(dot)net> wrote:
> > > No, a script is run post-vote that removes the relation between the vote
> > > and the votee.
> >
> > So why can I see my past votes back to 2004?
>
> I don't know. Maybe people haven't been running the script anymore.

Can an SPI-admin run the script, please? (At least for 2004-6, which
should be OK by everyone - surely no-one's would contest those now?)

> > Still, can a webmaster of members.spi-inc see votes for current ballots?
> > That doesn't seem secret.
>
> A webmaster can't. The nm team and the SPI-admins can [...]

Someone can check the votes, maybe including candidates. Not secret.

Should board member elections be secret? (Not only because it looks
required by Articles Five and Seven of the by-laws, but also.)

If so, how will the election system change to run a secret ballot?

Thanks,
--
MJ Ray - see/vidu http://mjr.towers.org.uk/email.html
Experienced webmaster-developers for hire http://www.ttllp.co.uk/
Also: statistician, sysadmin, online shop builder, workers co-op.
Writing on koha, debian, sat TV, Kewstoke http://mjr.towers.org.uk/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MJ Ray wrote:
> Wichert Akkerman <wichert(at)wiggy(dot)net> wrote:
>> Previously MJ Ray wrote:
>>> Wichert Akkerman <wichert(at)wiggy(dot)net> wrote:
>>>> No, a script is run post-vote that removes the relation between the vote
>>>> and the votee.
>>> So why can I see my past votes back to 2004?
>> I don't know. Maybe people haven't been running the script anymore.
>
> Can an SPI-admin run the script, please? (At least for 2004-6, which
> should be OK by everyone - surely no-one's would contest those now?)
>
>>> Still, can a webmaster of members.spi-inc see votes for current ballots?
>>> That doesn't seem secret.
>> A webmaster can't. The nm team and the SPI-admins can [...]
>
> Someone can check the votes, maybe including candidates. Not secret.
>
> Should board member elections be secret? (Not only because it looks
> required by Articles Five and Seven of the by-laws, but also.)
>
> If so, how will the election system change to run a secret ballot?

Votes are confidential, and they should be.

Sincerely,

Joshua D. Drake

>
> Thanks,

- --

=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive PostgreSQL solutions since 1997
http://www.commandprompt.com/

Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGu0pWATb/zqfZUUQRAiD/AJ97dk1O5+ZoJ+4qjzqmC5X8oRrsyACeKhuC
TcV9bLbmWp93Cdqg4P0TWJM=
=fWig
-----END PGP SIGNATURE-----

>> Previously MJ Ray wrote:
>> > Wichert Akkerman <wichert(at)wiggy(dot)net> wrote:
>> > > No, a script is run post-vote that removes the relation between the vote
>> > > and the votee.
>> > So why can I see my past votes back to 2004?
>> I don't know. Maybe people haven't been running the script anymore.
> Can an SPI-admin run the script, please? (At least for 2004-6, which
> should be OK by everyone - surely no-one's would contest those now?)

No.
First - there is no such script.
Second - this is something for the secretary to do, if he wants to.

--
bye Joerg
* HE wants applicants to write about the sex life, to make
debian-newmaint more interesting

Joerg Jaspert <joerg(at)debian(dot)org> wrote: [...]
> First - there is no such script.
> Second - this is something for the secretary to do, if he wants to.

OK, I'm too confused. In summary: the ballot is confidential, but old
votes could be made secret afterwards, but it doesn't happen because
some script is missing.

I'm dropping this thread now, with a final mention to newly-elected
board member Luk Claes for his "improve our bylaws to match reality"
main goal. If another SPI member wants a secret ballot instead, they
can pick up the thread.

Regards,
--
MJ Ray - see/vidu http://mjr.towers.org.uk/email.html
Experienced webmaster-developers for hire http://www.ttllp.co.uk/
Also: statistician, sysadmin, online shop builder, workers co-op.
Writing on koha, debian, sat TV, Kewstoke http://mjr.towers.org.uk/