That's right. As to what sort of procedure I ought to use to ensure that there is not rampant vote fraud from fake names (because even if I say you have to be a person and can only vote once, how am I to know without such absurdities as requiring identification), I'm open to suggestions.
Membership is not designed to be anonymous: Article II sec. 2 states that to be a free or paying member you must submit an application of membership to the Secretary agreeing to abide by the Wikimedia Code of Ethics, submission standards and policies. It can be online or via mail. Paying members could submit their application via the internet, i.e. if they have a verified paypal account,
That process would seem to indicate that you could require the application to be verified by a notary, thus ensuring that it is from a distinct individual. That is usually what NPO membership coordinators due is verify membership status, so it is not outrageous to ask someone to fill out a form, get it notarized and mail it to someone to be entitled to vote.
Giving every user account the right to vote is obviously not an option if you are looking for some kind of legitimacy because one person could open hudreds or thousands of user accounts and capture the voting process that way. Anyone who gets elected to the free volunteer position on the Board will be subject to public scrutiny.
Anyone who is on the board must divulge their identity as it will be on the annual tax return that Wikimedia must send into the government each year that is a public document so if someone later discovers that they stuffed the ballot box that will be civil fraud (and maybe even a crime).
Maybe Wikimedia could adopt something along the lines of that federal electronic voting program that has been in the news lately: http://www.serveusa.gov/public/aca.aspx
Alex R. (en:user:alex756)