[Foundation-l] Election query

Anthony wikilegal at inbox.org
Sat Sep 23 21:26:21 UTC 2006 

On 9/23/06, Alison Wheeler <wikimedia at alisonwheeler.com> wrote:
> I didn't want to ask this actually while voting was open in case anyone
> got worried, but not that voting has closed I'd like to ask something.
>
> How are our votes actually counted and, more importantly, how can we each
> be certain that the votes we made are actually the ones which are being
> counted?
>
During the first election I asked this and what I got from the
discussion was that this can't be done.  The process used for
encryption generates random padding so that re-encrypting the exact
same message using the same public key will produce a different result
every time.  My "receipt" did not indicate any information about this
random string/padding.

Things might have changed, or maybe I was informed incorrectly about
this the first time.  In any case the message certainly seems to
contain more information than just your vote, as I'm pretty much
certain that someone else voted exactly the same way as me and yet my
encrypted vote is not duplicated in the list of votes.  (Doing a
google search appears to confirm that we all had the same encryption
and signing keys of 0x4E86F78C and 0xA12C1339, respectively.)

> I ask this because of the issues raised in the USA about election fraud
> (http://en.wikipedia.org/wiki/Diebold#Security_Concerns etc.) and wondered
> whether the same could happen with us, After all, the voting isn't being
> carried out on independent servers it is on Wikimedia servers and,
> presumably, a lot of people have access to those who could do things
> without leaving a trace.
>
If you copied your "resulting encrypted version" when you voted, then
you can look at [[Special:Boardvote/dump]] to ensure that it hasn't
been tampered with *since voting*.  Of course this doesn't ensure that
your vote wasn't tampered with *at the time of voting*.  If what I've
said above is correct, the only ways to do that would be to either
decrypt your vote with the private key or to obtain the information
about the random padding from someone who has access to the private
key.  That private key is almost surely not going to be released to
the public, though it could theoretically be used to spot check
certain votes.  As for releasing the random padding information to
anyone who wants to check their own vote, that's probably possible,
assuming there is no information in the raw (padded) unencrypted
message which is sensitive.

Anthony

More information about the wikimedia-l mailing list