On 9/23/06, Alison Wheeler wikimedia@alisonwheeler.com wrote:
I didn't want to ask this actually while voting was open in case anyone got worried, but not that voting has closed I'd like to ask something.
How are our votes actually counted and, more importantly, how can we each be certain that the votes we made are actually the ones which are being counted?
During the first election I asked this and what I got from the discussion was that this can't be done. The process used for encryption generates random padding so that re-encrypting the exact same message using the same public key will produce a different result every time. My "receipt" did not indicate any information about this random string/padding.
Things might have changed, or maybe I was informed incorrectly about this the first time. In any case the message certainly seems to contain more information than just your vote, as I'm pretty much certain that someone else voted exactly the same way as me and yet my encrypted vote is not duplicated in the list of votes. (Doing a google search appears to confirm that we all had the same encryption and signing keys of 0x4E86F78C and 0xA12C1339, respectively.)
I ask this because of the issues raised in the USA about election fraud (http://en.wikipedia.org/wiki/Diebold#Security_Concerns etc.) and wondered whether the same could happen with us, After all, the voting isn't being carried out on independent servers it is on Wikimedia servers and, presumably, a lot of people have access to those who could do things without leaving a trace.
If you copied your "resulting encrypted version" when you voted, then you can look at [[Special:Boardvote/dump]] to ensure that it hasn't been tampered with *since voting*. Of course this doesn't ensure that your vote wasn't tampered with *at the time of voting*. If what I've said above is correct, the only ways to do that would be to either decrypt your vote with the private key or to obtain the information about the random padding from someone who has access to the private key. That private key is almost surely not going to be released to the public, though it could theoretically be used to spot check certain votes. As for releasing the random padding information to anyone who wants to check their own vote, that's probably possible, assuming there is no information in the raw (padded) unencrypted message which is sensitive.
Anthony