On 12/10/2009 02:59 AM, Nick Ashton-Hart wrote:
There is no need for ballots to be forwarded to MdR or any other physical location; we have an online voting system which handles all voting automatically, publishes independently-verifiable results, and is widely used worldwide by institutions of all shapes and sizes.
Having been on the insides (literally) of Diebold and other voting systems I find that the argument that a system has been widely used tends not to be particularly persuasive. ;-) With STV the physical ballots need not be forwarded but the data on those ballots does need to be forwarded else processed using a distributed iterative calculation similar to what I described a few minutes ago needs to be used. I don't know who is that unnamed "expert" you are working with. I'd certainly like to know what criteria he/she is using - for example, in political elections it is a first order concern to prevent anyone, and I mean anyone, from being able to link a vote to a voter. In corporate/shareholder style voting systems, which I suspect is what you are using, that concern is of a secondary order and such linkages often can be made by those who operate the system - thus such systems require trusted operators coupled with procedural barriers. Is the election we are talking about to be held to the same standards of anonymity as a typical political election, or are we using the lower standards of commercial voting? Do we want verification by voters or are we willing to trust that the systems and machinery are not altering the voter's intent? I'm not speaking hypothetically - I spent a couple of years designing open source verifiable voting systems as well as a reference system to be used by the state of California. Trustworthy verifiable secure registration, voting, and canvassing systems are really, really hard. STV/instant-run-off counting is but one aspect of that difficulty. Nevertheless STV is a counting method that makes regional or precinct partial results a meaningless notion except to the degree that one might locally publish, in randomized sequence, the preference-choices of every ballot cast in that precinct/region. We had on the order of 200,000 votes cast in the ICANN election of year 2000. One of the issues about that election was that in some regions there were reports of voter coercion, in particular that voters were coerced to vote in accord with national or corporate directives. In order to prevent that kind of thing in political elections many jurisdictions prohibit the voter retaining any official record of what vote he/she cast and at the same time requiring that the votes be cast in place where the voter is guaranteed to be alone and in private. Given that my seat on the ICANN board was erased partially on the grounds that "ICANN elections were tainted by coercion" it seems to me that future elections should deal with this issue. --karl--