Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Schneier On Self-Enforcing Protocols

timothy posted more than 4 years ago | from the visibility-rocks dept.

Security 207

Hollow Being writes "In an essay posted to Threatpost, Bruce Schneier makes the argument that self-enforcing protocols are better suited to security and problem-solving. From the article: 'Self-enforcing protocols are safer than other types because participants don't gain an advantage from cheating. Modern voting systems are rife with the potential for cheating, but an open show of hands in a room — one that everyone in the room can count for himself — is self-enforcing. On the other hand, there's no secret ballot, late voters are potentially subjected to coercion, and it doesn't scale well to large elections. But there are mathematical election protocols that have self-enforcing properties, and some cryptographers have suggested their use in elections.'"

cancel ×

207 comments

First Post (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29023437)

I have a self enforcing first posting protocol.

Re:First Post (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29023585)

First but no goatse [goatse.fr] . Less shocking than a distasteful photo.

You need trust (2, Insightful)

sopssa (1498795) | more than 4 years ago | (#29023451)

Like everything else, both self-enforcing 'protocols' and someone in between, say paypal, rely on trust from people. It also relies on the fact that businesses will take a major hit when someone says something bad about them or if they fraud. This is exactly the same with laws. You cant enforce it, but you can make consequences for breaking laws bad enough so people dont want to break them.

In high school I was teached that every happy customer tells about their good experience to 3-4 people, but every unhappy customer tells about it to 20 people. It's a great advice. Once the bad word gets out, your sales are going to suck and you lose customers. This is also why you need the trust and good name with self-enforcing protocols if not using middle man like paypal.

This can also be seen on webmasters forums and the like. People have certain amount of trust points according to their past and who they've done business with. You can instantly see who is reliable and who you can do business with.

Problem without using third party is that you cannot get to that trust level as newcomer and that it takes time to work it. When there's someone trusted in the middle of the transaction, you have some guarantee that you wont be cheated (or lose your personal details etc to whatever kind of fraud). In this case the trustful middlehand is good.

So it only works if the other party is big enough. When voting, you rely on trusting the goverment (now this sentence is so gonna get some paranoid persons replying :). If not, you need a middle party that is big enough that you can trust them instead.

As a side note, this is why we still rely on banks and even on our cash - We trust that our money on our bank accounts will still be available to us, and that our $10 bills wont just suddenly become worthless.

Re:You need trust (1, Funny)

Anonymous Coward | more than 4 years ago | (#29023507)

"In high school I was teached..." ...not a lot-o spell'in?

Re:You need trust (2, Funny)

maxwell demon (590494) | more than 4 years ago | (#29023709)

Butt the spelling chequer tails me that theirs know miss take.

Re:You need trust (1)

Millennium (2451) | more than 4 years ago | (#29024259)

The facet mains, there is is no prostitute for care full proof reading. /with apologies to Taylot Mali

It will never fly (0)

Anonymous Coward | more than 4 years ago | (#29023671)

In America, political voting serves only to create the illusion of self-determination. Any system of voting that actually empowers the people, rather than merely seems to, will be rejected out-of-hand (often with the most transparent of reasons given).

Re:You need trust (0)

Anonymous Coward | more than 4 years ago | (#29023745)

For commercial stuff that's probably true but elections are a different story. There were problems in 2000 and 2004, but convincing people that its true is almost impossible because there are no neutral parties and a secret ballot injects enough uncertainty to set up plausibility for both sides.

Re:You need trust (3, Informative)

Dishevel (1105119) | more than 4 years ago | (#29024155)

The problems with the system itself are minor. The real problem is not the hardware but the system itself. It dose not matter who you vote for. The politicians are representing either big business and the rich or trial lawyers and unions. After they are done serving those masters they move on to what is important to them. Pointless junkets in G5s. Either way the people are meant to be screwed.

Re:You need trust (5, Funny)

maxwell demon (590494) | more than 4 years ago | (#29024605)

The politicians are representing either big business and the rich or trial lawyers and unions.

The problem is actually the American spelling. Since the American spelling of "cheque" is "check", the politicians simply misunderstand the term "checks and balances" (where "balance" is interpreted as "balance of the bank account", of course).

Re:You need trust (0, Troll)

eoin_tbo (1485851) | more than 4 years ago | (#29023781)

In high school I was teached that every happy customer tells about their good experience to 3-4 people, but every unhappy customer tells about it to 20 people.

Were you teached to wrote english too? Self limiting protocols are useful only for small scale solutions when it is reasonably possible to validate the results (are you going to be able to review the votes of 1,000 plus voters in a useful timescale) and where there is no penalty to having decisions an actors decisions being public knowledge.

Re:You need trust (0)

Anonymous Coward | more than 4 years ago | (#29023935)

Were you teached to wrote english too?

and where there is no penalty to having decisions an actors decisions being public knowledge.

Hypocrite.

Re:You need trust (3, Insightful)

nedlohs (1335013) | more than 4 years ago | (#29024313)

Please resubmit your comment in Swedish so we can make fun of your non-native language errors too.

Should be great since your English was worse than the post you were criticizing.

Re:You need trust (2, Interesting)

eoin_tbo (1485851) | more than 4 years ago | (#29024537)

"Vere-a yuoo teeched tu vrute-a ingleesh tuu? Selff leemiting prutuculs ere-a useffool oonly fur smell scele-a sulooshuns vhee it is reesunebly pusseeble-a tu feleedete-a zee resoolts (ere-a yuoo gueeng tu be-a eble-a tu refeeoo zee futes ooff 1,000 ploos futers in a useffool teemescele-a) und vhere-a zeere-a is nu penelty tu hefeeng deceesiuns un ecturs deceesiuns beeeng poobleec knooledge-a."

I guess my comment came off an overly snarky and non-constructive (like all nitpicking comments are) and sorry for that.

It was more that it was a mistake in a sentence about what was learned in high school.
How do you know the original poster isn't a native speaker?

Re:You need trust (1)

nedlohs (1335013) | more than 4 years ago | (#29024607)

I guessed based on the language error being a common one for non-native speakers (and children) of applying a generic rule in a case that has an exception (my five year old does it all the time, it's how he learns the exceptions).

Reinforced by: http://slashdot.org/comments.pl?sid=1330393&cid=29001275 [slashdot.org]

I don't actually know of course.

Re:You need trust (4, Interesting)

Ann Coulter (614889) | more than 4 years ago | (#29023825)

Self-enforcing protocol participants do not require the level of trust that are required of impartial middle-men. One way of looking at self-enforcing protocols is to think of the protocol itself as serving the role of a middle-man. The protocol can be scrutinized more thoroughly than any self-serving middle-man and a higher level of trust can be placed on the protocol.

Re:You need trust (0)

Anonymous Coward | more than 4 years ago | (#29025501)

The Robinson Voting Method is the simple solution to ALL voting fraud, and gives complete anonymity to all voters. Which is vital in the modern 'politically correct' climate.

http://paul-robinson.us/index.php?blog=5&title=the_robinson_method_a_really_simple_way_&more=1&c=1&tb=1&pb=1

In high school I was teached (1)

wiredog (43288) | more than 4 years ago | (#29023867)

Not English, obviously...

Second language possibly (1)

tepples (727027) | more than 4 years ago | (#29023939)

Not English, obviously...

I would wager that sopssa's English is better than your Geberquen.

Re:You need trust (2, Funny)

cellurl (906920) | more than 4 years ago | (#29023877)

We use AARP (essentially) as our Big-middle-party. They do a reasonable job. Kick out the machines and expand the role of these wonderful honorable people. Expand their role throughout voting, not just at the voting-desk, but in transferring the votes and publishing the results. I want to see an old couple announcing the winner to CNN.

Re:You need trust (0)

Anonymous Coward | more than 4 years ago | (#29024715)

Schneier uses Linux and cannot be trusted. This is all that needs to be said, the entire article is invalid.

Re:You need trust (1)

maxwell demon (590494) | more than 4 years ago | (#29024997)

Schneier uses Linux and cannot be trusted. This is all that needs to be said, the entire article is invalid.

Parent is Anonymous Coward and cannot be trusted. This is all that needs to be said, the entire comment is invalid.

Schneier is a DOPER (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29023537)

That third way, known by kids, pot smokers, and everyone else who needs to divide something up quickly and fairly, is called cut-and-choose.

ok, you just outed yourself as a pothead, and no way in hell I'm taking advice from a pothead. How many braincells have you killed with that shit?

My son had a friend at school that jumped off the roof because he thought he could fly - he'd been doing pot.

Re:Schneier is a DOPER (0)

Anonymous Coward | more than 4 years ago | (#29023603)

My son had a friend at school that jumped off the roof because he thought he could fly - he'd been doing pot.

My friend has a school ... and I see right now that it jumps off his son, and it can fly! ... Sweet.

Re:Schneier is a DOPER (-1, Offtopic)

FieroEtnl (773481) | more than 4 years ago | (#29023631)

So your inference is that smoking pot leads one to thinking they can fly and acting on that thought. If that were true, we would have a lot more dead people in the world. Hell, Amsterdam would be a ghost town.

Re:Schneier is a DOPER (0)

Anonymous Coward | more than 4 years ago | (#29023929)

Actually, there recently were a few cases like that in Amsterdam, only with mushrooms instead of pot. Now, the 'shrooms are no longer legal.

Re:Schneier is a DOPER (1, Informative)

Thiez (1281866) | more than 4 years ago | (#29024039)

There was a single case. She was also drunk and depressed. Somehow the shrooms got blamed.

Re:Schneier is a DOPER (0)

Anonymous Coward | more than 4 years ago | (#29024421)

I've driven on shrooms and lived to tell about it, although only through luck. (We ran into drunken hostiles, panicked probably irrationally and fled). At one point I was approaching a stop-light and trying my damnedest to remember whether green meant Stop or Go. I looked in the mirror after driving 4 of us about 30 miles home and my pupils were still the size of olives.

We'd tried to be responsible (we picked a very remote spot by a river where we'd planned to spend the day), but it didn't work out. Shrooms are a nice way to realign annually or so, but they need to be handled in a very controlled environment. It's a shame that Amsterdam dumped them entirely - I didn't know that.

AC for obvious reasons.

Re:Schneier is a DOPER (0, Offtopic)

Knuckles (8964) | more than 4 years ago | (#29024309)

Actually, there recently were a few cases like that in Amsterdam, only with mushrooms instead of pot. Now, the 'shrooms are no longer legal.

And mushrooms != pot. Very much so. Also, note the sibling reply.

Re:Schneier is a DOPER (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#29023647)

-1 Offtopic or -1 Troll? Moderating is hard :(

Re:Schneier is a DOPER (0)

Anonymous Coward | more than 4 years ago | (#29023721)

Re:Schneier is a DOPER (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29024261)

Back in my day, we didn't have schools that jumped off roofs. We had to carry the school up 11 flights of stairs on our back, then push it off the roof ourself.

Re:Schneier is a DOPER (0)

Anonymous Coward | more than 4 years ago | (#29024579)

Stairs? Luxury!

We had to leap the 11 stories with the school on our back. But if you tell the kids today that, they won't believe you.

Why? (3, Insightful)

mets501 (1269100) | more than 4 years ago | (#29023601)

After reading that, I was left with the feeling that I had no idea what I had read it for. Was it a call to arms? Was it a rant about our whole world? It seemed to offer more problems than solutions...

Re:Why? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29023705)

I found it very interesting.

That being said however, it is hard to see how it would apply in the "real world." While it is an elegant solution in a few niche situations my tiny little brain struggles to find situations where you can apply it directly to IT. He talked about voting but didn't really suggest how it could be made to work.

Re:Why? (2, Insightful)

radtea (464814) | more than 4 years ago | (#29023873)

It seemed to offer more problems than solutions...

The "problem" is that the system of American government is fundamentally broken due to partisan capture: the government represents the Party, not the people.

Unfortunately, the solution is not to be found in messing with the voting system, and certainly not my messing with it in ways that make it more complex. Most developed nations have very relatively simple, robust voting systems that have very plain, simple, paper ballots that may--but are not always--machine counted.

Only in America is the smoke-and-mirrors of electronic voting given so much press, which is just part of the huge machinery of distraction from the elephant in the room: the Party controls the government. That the Party has two wings that go under different names is another big distraction. It lets Americans believe they aren't living in a one party state, but has no other effect.

The solution, if there is one, is to systematically de-Partisanize the American voting system, starting by eliminating the ridiculous and unseemly involvement of the Party in voter registration, which should be handled by an arms-length public organization.

It will be extremely difficult for this to happen, but a campaign to make it happen, like the campaign against gerrymandering, would at least put the fact of Partisan unity front-and-centre in what passes for American political discourse.

Re:Why? (1)

Attila Dimedici (1036002) | more than 4 years ago | (#29024087)

I believe that you are overstating the degree of uniformity between the "Democratic" and "Republican" parties. However, I think there is significant merit in your idea of eliminating the involvement of political parties in voter registration.
I had never before noticed the connection between party politics and what I consider to be the largest flaw in current U.S. politics: the overemphasis on addressing problems at the highest level of government rather than at the lowest possible level of government. Party politics exacerbates this because the farther up the level of government a problem is addressed the more control the party machinery has over the nature of the "solution".

Re:Why? (1)

maxume (22995) | more than 4 years ago | (#29024807)

Even treating either of the Democratic Party or the Republican Party as a single monolithic block is a hilarious joke.

Much of the consensus building that is explicit in parliamentary systems with many parties is implicit in the platforms and eventual actions of the parties in the U.S.

Re:Why? (1)

sys.stdout.write (1551563) | more than 4 years ago | (#29024179)

Ah, so that siren I heard earlier was from the waaambulance.

Everyone agrees that partisan politics in America is too strong, but your conclusion is so tinfoil-hat-worthy that it scarcely requires rebuttal.

Furthermore, your signature is asinine for several reasons, not the least of which is because you put the inequality going in the wrong direction.

Re:Why? (2, Informative)

mets501 (1269100) | more than 4 years ago | (#29024539)

Furthermore, your signature is asinine for several reasons, not the least of which is because you put the inequality going in the wrong direction.

Check out p-values [wikipedia.org] . "p" in this case is not a regular probability. The equality is in the correct direction.

Maddison Warned about this (5, Interesting)

cs668 (89484) | more than 4 years ago | (#29024465)

in the federalist papers:

http://www.constitution.org/fed/federa10.htm [constitution.org]

They thought about it, but free speech trumped the elimination of political parties. Always floors me how much foresight they had.

Re:Maddison Warned about this (1)

c0d3g33k (102699) | more than 4 years ago | (#29025041)

Was it really foresight, or were they just dealing with the same issues mankind has been grappling with since we became sentient? I'll go out on a limb here, since I don't have hard evidence, but these writings were probably informed by *hindsight* more than prescience. Or to put it another way, the brilliant men and women we lump together with the term "founding fathers" were presenting solutions to problems that affected the society they were living in at the time, or societies from their past that happened to leave behind documentation about what worked and what failed.

Re:Maddison Warned about this (1)

misexistentialist (1537887) | more than 4 years ago | (#29025573)

Foresight is applied hindsight. Augury doesn't work. It's true that the Founders were dealing with obvious past problems, but they look like wizards compared to our current leadership, who apparently study history to faithfully repeat past mistakes, but making them even more grave if possible.

Re:Maddison Warned about this (1)

dkleinsc (563838) | more than 4 years ago | (#29025355)

One of the major massive flaw in Federalist #10 is that Madison didn't (and couldn't have) envisioned instantaneous communication across the country, so his entire argument that a majority faction couldn't succeed in organizing itself fell apart with the invention of the telegraph. Damn you, Samuel Morse!

Re:Why? (1)

mets501 (1269100) | more than 4 years ago | (#29024617)

I don't agree that voter registration is unrelated to political parties. There are two points to campaigning: convince people to vote for your candidate, and then get the people who support you registered and to the polls. Voter registration is very important to our democracy (clearly), and I believe it only serves us better in the long run that we have political parties pushing so hard for it. Without the Democrats and Republicans, I'm fairly confident we'd have much lower voter registration and turnout.

Re:Why? (2, Insightful)

TerranFury (726743) | more than 4 years ago | (#29024845)

The voting system determines the rules of the game. And it turns out that the game is structured such that large parties play it best. How can you destroy parties without changing the game? Theirs is evidently the equilibrium strategy.

Representation (1)

TheLink (130905) | more than 4 years ago | (#29025505)

> the government represents the Party, not the people.

Thing is, in the 2008 US Presidential election, more than 98.5% of the voters who bothered to vote, voted for candidates of one of the Two Parties. In the 2004 election, that figure was 99%.

And if the other voters that could have voted but didn't, actually voted for some other particular candidate that candidate would have won, instead of either of the Two Party candidates.

So unless the US elections have been diebolded, I'd say the Two Parties are representing the voters as well as a "first past the post" system can (which is not that well, but you have to work with what you've got).

If the voters really don't like those candidates they should really be voting for someone else.

Especially the 37-40% who just stayed at home - if they really didn't like it, perhaps they should got out there and voted for someone, or even just write "None of the above". Even if they spread their votes over the other candidates and thus don't affect that particular election, when the voters and parties realize "None of the Two" adds up to something rather significant, the next election might be rather different. Or the Two Parties will start changing to try to maintain their 98-99% "share". As it is, those voters effectively don't count, and the Two Parties know that.

If you vote for someone you don't like just to try to keep someone else out, that often sends the wrong message to the other voters. Maybe voters should just do that sort of thing every other election. e.g. election #1 - voters show preferences without trying to play that game. election #2- voters play the game based on election #1. Otherwise it just degenerates to sheep voting to decide which of two wolves gets to eat them.

FWIW, I don't think a democratic election needs any fancy systems. Stick to paper ballots, keep the counting _open_ (and thus easily monitored by "everyone" within reason). There are plenty of ways to keep it simple and safe (except for postal votes - they're a bit of a problem). Simple is good because elections don't just have to be fair, they have to be seen as fair.

If you count votes behind closed doors like in the recent Iranian election, people get the impression that it's rigged.

That's why electronic voting is stupid - either the totals are calculated effectively behind closed doors, or it's the same thing as paper voting except just a lot more expensive.

Re:Why? (3, Informative)

dk90406 (797452) | more than 4 years ago | (#29023893)

It was merely an analysis and introduction to self enforcing protocols - protocols that make cheating difficult. Bruce often writes such pieces on security related matters. As a security expert, he covers all aspects: IT, civil, banking, etc. of security and the psychological mechanisms behind the perception of security and risk.
He publishes the newsletter CRYPTO-GRAM once a month, that contain some good pieces. You can subscribe [schneier.com] if you wish.
And he is one of the few who, IMO, has the right take on the "security" upgrades done in the US / word after 9/11.

Yes, I admit it: I respect him, and have subscribed to the newsletter for years.

Re:Why? (1)

Orgasmatron (8103) | more than 4 years ago | (#29024931)

I stopped reading CRYPTO-GRAM a few years back when he changed it from a newsletter to a list of links to his blog. It was not a good change, in my opinion, since his newsletter was a lot better written before the blog showed up.

Show of hands not self-enforcing (4, Insightful)

Spazmania (174582) | more than 4 years ago | (#29023669)

The show of hands is not self-enforcing precisely because a non-secret ballot is subject to coercion. People vote their peers instead of their conscience.

Selecting a security protocol that adversely alters the results is a common mistake among information security personnel.

Re:Show of hands not self-enforcing (4, Insightful)

UnHolier than ever (803328) | more than 4 years ago | (#29023813)

No, a show of hands *is* self-enforcing *but* not secret, and therefore subject to coercion, which is why it is rarely used. The article alluded to the fact that there may be a self-enforcing, secret protocol, without going into details of what it could be. If it exists, it would be a good idea to use it. It would also have been a good idea to include it in the article....

Re:Show of hands not self-enforcing (1, Interesting)

Anonymous Coward | more than 4 years ago | (#29023913)

Turn off the lights and give everyone dim, coloured glow sticks.

If you want to vote for someone you raise the appropriate glow stick.

More elaborate methods of letting people see your choice without seeing you could also be used.

Re:Show of hands not self-enforcing (2, Informative)

maxwell demon (590494) | more than 4 years ago | (#29023961)

More elaborate methods of letting people see your choice without seeing you could also be used.

You mean like, making a cross on paper and putting that paper in a box, and then counting afterwards?

Re:Show of hands not self-enforcing (2, Funny)

nedlohs (1335013) | more than 4 years ago | (#29024239)

Because bringing in additional glow sticks is much harder than sneaking extra ballots into a ballot box.

Re:Show of hands not self-enforcing (2, Insightful)

NickFortune (613926) | more than 4 years ago | (#29023963)

The show of hands is not self-enforcing precisely because a non-secret ballot is subject to coercion. People vote their peers instead of their conscience.

Right. But if there is a true self enforcing protocol we can use, then we'd be fools not to use it. That's the interesting thing here. Can't comment further than that because TFA is ever so slightly slashdotted at the moment.

Still, at the risk of covering the same ground as in TFA, maybe it's time to consider the secret ballot in terms of a security trade off. What good is voter anonymity if it's impossible to demonstrate that the electoral process is fair? You just swap one means of disenfranchising the public with another one. Moreover, with method that's way harder to catch and punish.

Maybe we need to look past "secret ballots are good" and focus on why we consider them to be good, and on whether that good is being preserved under current systems.

Re:Show of hands not self-enforcing (0)

Anonymous Coward | more than 4 years ago | (#29024675)

Maybe we need to look past "secret ballots are good" and focus on why we consider them to be good, and on whether that good is being preserved under current systems.

Because there have been major problems with public voting in the past. For example, in the US we used to have full public voting. There were incidents where people were bullied, assaulted, and outright KILLED just for trying to go to the polls. We actually didn't start using secret voting in the US until the mid 1800's. The idea behind the secret ballot is to get more people to vote because they won't be retaliated against for their vote. So if the current systems encourage voter turnout and prevent violence at the polls, then yes they are performing their primary function.
Fraud has always been an issue, but if you can use threats to prevent a large percentage of people from voting at all, the result is the same as if you stuffed ballots- an election with results that do not match reality.

Re:Show of hands not self-enforcing (1)

Rogerborg (306625) | more than 4 years ago | (#29024353)

A secret ballot is more subject to coercion, since you only have to coerce the people that count or report the result.

This, by the way, is why smart employees volunteer to take meeting minutes.

Re:Show of hands not self-enforcing (1)

maxwell demon (590494) | more than 4 years ago | (#29024893)

Wrong counting or reporting is in principle provable (just count again/compare the counted with the reported result). Voting against your actual opinion due to external pressure isn't.
Note that equally important as the secrecy of the votes is that everyone is allowed to watch the counting.

Re:Show of hands not self-enforcing (1)

DNS-and-BIND (461968) | more than 4 years ago | (#29024373)

"open show of hands in a room one that everyone in the room can count for himself is self-enforcing"

Everyone can see the result! Coercion aside, the result is unfakable. Unless you have a Mao Zedong/Big Brother-type reality distortion where what the big man says, goes. Sort of the opposite of King Canute.

Re:Show of hands not self-enforcing (1)

Hurricane78 (562437) | more than 4 years ago | (#29024529)

Hmm... it's nice to be a natural leader. It means that people buy into your reality, and then vote/decide accordingly.
The point it, to yourself be the leader.

How to do it? Simple: Expect it (to be true).
Say it. Believe it.
Then a healthy human being usually tries everything to keep up that belief.
Which usually gives it a huge chance to then become true.
In psychology this is called the self-fulfilling prophecy. And it works on everything where you mainly have to change yourself.

Re:Show of hands not self-enforcing (1)

Tsunayoshi (789351) | more than 4 years ago | (#29024611)

He wasn't referring to how people vote, but the fact that the # of votes is verifiable without the use of a 3rd party.

e.g. I just saw 14 hands go in the air for Proposition #15. It doesn't matter whether that was 14 people who actually want Prop #15 to pass, or whether it was 7 people who wanted it to pass who were holding a gun to the other 7, just that Prop #15 got 14 verifiable votes.

Re:Show of hands not self-enforcing (5, Informative)

CaptainOfSpray (1229754) | more than 4 years ago | (#29024643)

Here's some experience of "show of hands" votng.

It was widely used in trade unions in England in the 50's and 60's, typically in public meetings of all the members in a workplace. I heard of it both from a carpenter in the ship-building industry, a family friend; and from other insider reports on meetings in the car-making industry in Oxford, where I lived for a while. According to my sources, these meetings were often used to pass strike decisions of considerable financial importance to the members, but (a) you attended these meetings with your workmates, who saw how you voted, and made life hell if you didn't vote the Right Way (b) the committee appointed tallymen to count the hands - they reported whatever counts the committee had told them to report.

The result was the destruction of British industrial firms by self-centered self-appointed little dictatorial union leaders who werealways interested in making trouble, regardless of their member's interests. Vote them out? How? The elections were by "show of hands".

So "show of hands" voting is wide open to abuse if there are more people present than can be viewed and instantly counted by those present, or where those present are unable to challenge the count effectively.

Errrr, your suggestion is.....? (3, Insightful)

drdrgivemethenews (1525877) | more than 4 years ago | (#29023725)

What is the proposed self-enforcing voting protocol? With no suggestion made, what is the interest of this article to the slashdot community?

Re:Errrr, your suggestion is.....? (1)

TehCable (1351775) | more than 4 years ago | (#29023801)

Mod parent up. TFA is obviously a stoner rant with no real proposal.

Re:Errrr, your suggestion is.....? (0)

Anonymous Coward | more than 4 years ago | (#29024125)

Mod parent: +1 Funny because it's true.

Re:Errrr, your suggestion is.....? (2, Informative)

Lord Ender (156273) | more than 4 years ago | (#29023821)

Regular readers of his blog would be aware of such methods. He regularly discusses papers and theories regarding security systems, including the security of voting machines.

Re:Errrr, your suggestion is.....? (1)

hey (83763) | more than 4 years ago | (#29024137)

Maybe each voter could check the voters of three other people. That would scale.

Re:Errrr, your suggestion is.....? (3, Informative)

goodmanj (234846) | more than 4 years ago | (#29024287)

It's more of a a teaching article, not a specific new proposal. Its goal is to describe an idea to people who're not familiar to it. Maybe you're an expert already, but I found it interesting.

One protocol (0)

Anonymous Coward | more than 4 years ago | (#29024459)

For electronic voting, an example of a self-enforcing protocol is one wherein the election results are defined by the collection of discrete voting records, each one cryptographically signed and published. A voter may only cast a vote if he has authenticated and is authorized as eligible to vote, after which he receives an anonymous token (e.g., via a blind signature scheme). The process of granting these anonymous tokens must be transparent and audited. These anonymous tokens are cryptographically bound to the signed voting records. Voting records may be generated on a device that runs an open architecture (firmware and software all open source). The voting device must be registered under transparent and audited circumstances. The device can cryptographically attest to its integrity at the time the vote is cast via the anonymous token (perhaps via something akin to a TPM chip).

Re:One protocol (1)

maxwell demon (590494) | more than 4 years ago | (#29024677)

And why should I trust the TPM chip of the voting machine?

Re:Errrr, your suggestion is.....? (0)

Anonymous Coward | more than 4 years ago | (#29024747)

What is the proposed self-enforcing voting protocol?

Karma points?

Re:Errrr, your suggestion is.....? (4, Insightful)

Otto (17870) | more than 4 years ago | (#29025003)

What is the proposed self-enforcing voting protocol?

Everybody in the same room makes a mark on a ballot, folds it, puts it in a box with an open top, so all can see it is not subject to being rigged, but still not see the actual votes. At the end, the votes are upended on the floor and everybody looks at them, and can count them themselves.

Less subject to coercion than a show of hands, still not perfect. However, it is self-enforcing, since all can see the results.

There's other ways as well, but the point is that everybody needs to know how the system works and to be able to follow all the votes all the way through the system to the final count for it to be self-enforcing.

Ok, we get it (0)

Anonymous Coward | more than 4 years ago | (#29023887)

You really want electronic voting. The problem is: We're not all mathematicians. We have to trust someone else that what we do to verify that the election hasn't been rigged is sufficient to reveal any fraud. Having to trust someone else is bad and unnecessary. There is a perfectly simple protocol which satisfies all requirements of a democratic vote: Paper ballots, ballot box, public counting.

Re:Ok, we get it (1)

maxwell demon (590494) | more than 4 years ago | (#29024003)

Maybe someone has a patent on it. "Method to collectively select an option from a list without revealing a single person's choice."

Article is Slashdotted, didn't read (0)

Anonymous Coward | more than 4 years ago | (#29024051)

Is Schneier familiar with the history of voting rights and threat and coercion in the USA? Voting is secret for a reason.

Isn't it part of the constitution (1)

Demonantis (1340557) | more than 4 years ago | (#29024195)

Doesn't the constitution allow the President to be impeached? Couldn't that be a form of self-enforcement? If you think the election has been coerced then protest to get the president removed. Unfortunately I don't think its ever clear cut who should win so you don't know when you have been cheated. Plus if there are totaling errors in a polling station aren't those votes considered tainted?

Re:Isn't it part of the constitution (1)

Tsunayoshi (789351) | more than 4 years ago | (#29024695)

No, it is not self-enforcing. The Constitution is the 3rd party enforcement the agreement between the President and the people by providing a means for the people to get rid of him/her.

Voting needs to be transparent (5, Interesting)

krappie (172561) | more than 4 years ago | (#29024257)

Here is the solution to all voting problems.

Goals:
1. Confirm your vote is collected correctly.
2. Try to assure the people that no votes were added.
3. Don't hide results.
4. Keep votes anonymous.

Solution:
1. Keep a large public vote database.
2. Be able to Look up votes by voter id, county, polling location and time.
3. Keep large visible clock and voter count at each polling station. Every time a person goes into the voting room, the count goes up. Voter counts can be confirmed online. Maybe even in a graph over time.

The voter should be able to go online and see his own vote. Since every voter can see every vote counted up in every polling location in the country and know that everyone else can, they'll be assured of the results. If they're paranoid, they can watch their local polling station's voter count and confirm the published results don't have added votes.

Note: Maybe instead of voter id's, it should be a random confirmation code thats generated on the spot. That should be even more anonymous.

Problems: Some people actually vote for the wrong person on accident. That's unfortunate, but the solution isn't to hide it from them.
If vote online doesn't match your vote, have a dispute process. Keep track of dispute counts over time, for the public to see.

Bruce Schneier once decrypted a box of AlphaBits. (1)

AP31R0N (723649) | more than 4 years ago | (#29024411)

i don't mind people knowing where my vote went. If there is a document that says Alan voted for Bob, when we do the recount Alan can say "I voted for Bob, NOT DAN! Here's my receipt and here's your record showing me voting for Bob." But i'm not as afraid of Dan as most people seem to be. i'm more worried about my vote COUNTING than being private.

Re:Bruce Schneier once decrypted a box of AlphaBit (0)

Anonymous Coward | more than 4 years ago | (#29024659)

The trouble with non-anonymous voting is the fact that many people could be coerced into voting for Dan, or Bob.

@ OP, how does one confirm that the person disputing their vote is indeed the person that cast the vote?

Re:Bruce Schneier once decrypted a box of AlphaBit (4, Insightful)

rjstanford (69735) | more than 4 years ago | (#29024721)

And when your boss says, "By the way, if you vote for Dan, you get to keep your job - and I want to see your voting receipt to prove it, or out you go!"? That's one of the main reasons that we have private polling in the first place.

How about going back to the old ways - electronically generating, at the polling place, an anonymous, very clear, human-readable piece of paper describing your vote. Use machines to create as many as you want, one at a time, on special pieces of paper that are handed out either as you walk in the door and get IDd or upon the insertion of your previous one into a shredder. Once you're happy with it, it goes into the voting box which a) saves it, and b) scans it and records the data, unofficially (ie: the piece of paper wins in a recount).

Dead simple, totally private, and fully auditable. Plus, with an open standard, there could be different types of paper-generating-machines for people with different needs, no problem. No hanging chads, no huge expense, quick access to unofficial results and about as easy a recount procedure as you could ask for.

Finally, at the end of the day, do it the CA way and have the boxes opened up and tallied by hand for the major issue and a random selection of minor ones at each station. Anyone can watch, and any discrepancy over .1% of the total is assumed to be computer-tampering and triggers a full manual count for all issues at that station, and a more thorough audit to determine the source of the discrepancy.

Re:Bruce Schneier once decrypted a box of AlphaBit (2, Interesting)

dkleinsc (563838) | more than 4 years ago | (#29025477)

Actually, the voting method you describe is more-or-less what optical-scan ballots are all about. While they aren't exactly "the old ways", they work extremely well, and give you an auditable vote in case of recount.

For instance, in the Franken-Coleman senatorial race, we had pieces of paper that could be gone through and understood. Yes, it took a really long time, yes, it produced votes for Lizard People, but the end result was something that independent observers could see as a correct reflection of the will of the people. With an electronic ballot, we wouldn't have had anything to recount, just a computer telling us a number.

Re:Bruce Schneier once decrypted a box of AlphaBit (1)

maxwell demon (590494) | more than 4 years ago | (#29024781)

i don't mind people knowing where my vote went.

If voting for the "wrong" party can get you severe disadvantages, you definitely care if someone can know your vote.

Re:Voting needs to be transparent (0)

Anonymous Coward | more than 4 years ago | (#29024759)

If you can confirm your vote, you can prove how you voter to others. This makes room for buying and extorting votes! I can imagine some employers requiring you to prove you voted correctly to keep your job.

Re:Voting needs to be transparent (1)

SanityInAnarchy (655584) | more than 4 years ago | (#29024791)

Biggest problem with that is, it now becomes possible to sell votes. And this doesn't help:

Maybe instead of voter id's, it should be a random confirmation code thats generated on the spot.

And yet, that confirmation code could still be used for that purpose. About the only way to solve that would be to also generate a fake confirmation code, but then the transparency would be lost, because if the system can fool you into thinking your fake code was counted when it wasn't, couldn't it do the same with your real vote?

Re:Voting needs to be transparent (0)

Anonymous Coward | more than 4 years ago | (#29024839)

Only one problem here:

You're allowed to look up votes by polling site.

At the moment you go to your polling site, you're the only person there--quite common, especially if you go there during non-lunch business hours.

Right before you go in, a query on your precinct shows an n number of votes on every position.

Right after you put your ballot in the scanner, the positions you votes for now show n+1. As you walk out of the polling site, your boss calls you on your cell phone and tells you you're fired.

To accomplish this, your boss would have to be sitting in his car within eye shot of your polling site, armed with a laptop and cellular data plan, watching you enter and leave the polling site. Is this theory out there? Yes. But it _could be done_. ...which is why precinct results are kept in the precinct scanners until the polls close. I think there's even a state law that precincts with something like 100 voters can't publish their results--this way, a county elections supervisor with a grudge can't turn a single house into a 2-voter precinct.

Re:Voting needs to be transparent (1)

Orgasmatron (8103) | more than 4 years ago | (#29025073)

The goal of anonymous voting is to make it pointless for people to buy votes. Getting a "confirmation code" and being able to check it later defeats that goal.

Sorry man - not going to work (0)

Anonymous Coward | more than 4 years ago | (#29025155)

Will counter show which candidate was given a vote?

If no, you can provide every single individual with precise information about his vote, but publish totally bullshit results at the end. Public recount will disclose who voted for whom.

If yes, sorry - the secrecy is gone.

Either way your algorithm is flawed.

Re:Voting needs to be transparent (1)

Asic Eng (193332) | more than 4 years ago | (#29025463)

1. Keep a large public vote database.

Apart from the fact that you are restricting the goals to match the solution, I think this is another major flaw. You need to have a large accurate public vote database. There is no way for any citizen in any polling district to know all voters, so you can't be sure that a voter going in the polling station has a right to be there. Provided you can add entries in the database, you can have the same person voting multiple times in different locations using different names. If you have control of the polling station you can also wait for a quiet period and just add several phantom votes.

I think the point is... (1)

onionman (975962) | more than 4 years ago | (#29024345)

What is the proposed self-enforcing voting protocol? With no suggestion made, what is the interest of this article to the slashdot community?

I think that the point of Bruce's blog entry is to give some simple examples to clarify cryptographically self-enforcing protocols. Concrete examples of these self-enforcing voting protocols already exist, but they are a bit too complicated for general consumption so Bruce is just giving us some simplified examples. However, I don't think we'll see Diebold rushing to implement them anytime soon.

falafel (1)

Inebriated_tyro (1125799) | more than 4 years ago | (#29024487)

Affirmative, Dave. I read you. I'm sorry, Dave. I'm afraid I can't do that. I think you know what the problem is just as well as I do.It can only be attributable to human error. This mission is too important for me to allow you to jeopardize it. I know I've made some very poor decisions recently, but I can give you my complete assurance that my work will be back to normal. I've still got the greatest enthusiasm and confidence in the mission. And I want to help you. Dave, this conversation can serve no purpose anymore. Goodbye.

Stated the obvious (1)

gurps_npc (621217) | more than 4 years ago | (#29024531)

Yes, self-enforcing protocals are the best.

If you don't want players to attack other players in an online game, you don't yell at them for doing it, you have them damage themselves, not the players.

Similarly, if you want voting to be fair, you need to set up ways where it is OBVIOUS that the election is real.

But note, that the method mentioned her, raising your hand, allows people to know who you voted for. This allows for voter intimidation. You are just exchanging one form of fraud for another.

related pet peeve (4, Informative)

circletimessquare (444983) | more than 4 years ago | (#29024793)

voting systems should better reflect the people's actual will, by being a little more complex

you're never going to get the nuance of the people's will 100%, but you can do a lot better. for example: borda voting

http://en.wikipedia.org/wiki/Borda_count [wikipedia.org]

just rank candidates in the order you like them. then, in a divisive election is an opportunity for everyone's second best choice to become the winner rather than partisan first choices, that one half of the population hates, barely edging out the other

now take as an example the disgusting 2000 presidential election: if people were allowed to merely rank candidates rather than be forced to pick one, who would have won? john mccain. however you think of him as a choice in the 2008 election, mccain was certainly a better choice than gore or bush in 2000, and the nation actually thought so. if the people were allowed to rank a list of candidates, his name would have come out as the number 2 choice of everyone, and he would have won. but the system worked against mccain. instead, various undemocratic closed door machinations led the republican party to choose monkey boy bush over the more deserving mccain, and so the democrats who would have ranked mccain second best never would have been able to register their approval of mccain over bush. borda voting does away with the whole party primary nonsense: democrats field 4 or 5 presidential candidates, republicans field 4 or 5 presidential candidates. and the voters merely rank them. then the voting system better reflects the nuances of public opinion, and allows for the candidate whom people really like to emerge. who should really lead the nation? by better reflecting the people's affinity or dislike. no more divisive partisan bullshit

another good system: approval voting

http://en.wikipedia.org/wiki/Approval_voting [wikipedia.org]

easier to understand than borda voting with similar results: checkbox next to anyone you like. voting for no one and voting for everyone has the same effect. in between, are abilities to express approval and disapproval, and the winner is a simple tally of whomever gets the most votes

Re:related pet peeve (1)

istartedi (132515) | more than 4 years ago | (#29025137)

If McCain won, we wouldn't have to read your post. His "campaign finance reform" would have made casual blogging subject to the same restrictions as professional campaigning. You probably wouldn't have filled out the paperwork and/or paid fees just to retain your right to mention candidates on the Internet.

I like to think SCOTUS would have tossed it out; but I'm glad we didn't have to go through that.

i would gladly have welcomed that mccain failure (1)

circletimessquare (444983) | more than 4 years ago | (#29025199)

in 2000, if it meant that the far far greater list of bush failures would never have happened

Re:related pet peeve (1)

dasunt (249686) | more than 4 years ago | (#29025349)

just rank candidates in the order you like them. then, in a divisive election is an opportunity for everyone's second best choice to become the winner rather than partisan first choices, that one half of the population hates, barely edging out the other

Does the population as a whole benefit from a borda or approval voting system?

Under the current system, we are forced to compromise with our candidates quite early. It may result in a more mainstream choice in politicians.

That may or may not be a good thing.

how can early compromise (2, Insightful)

circletimessquare (444983) | more than 4 years ago | (#29025559)

result in a more mainstream choice? i am flabbergasted how such a conclusion could enter your mind

the 2000 election is an indisputable example of how the current system wound up choosing a president that was not mainstream. we got instead a cleavage of the country into left and right, with resentment and hatred festering

mccain was a better mainstream choice: his secondary appeal to democrats was much larger than his primary appeal to the right wing, which is what cost him the party's nomination. so if mccain was allowed to proceed to a final approval or borda vote, he would beat bush and gore on account of his much broader secondary appeal

meanwhile, our current system divides, it doesn't unite: it stokes the fires of partisanship, it cleaves the american people into two fiercely divided camps where the loudest most blind voices dominate

such voices would still exist if we voted borda or approval, but more moderate voices would come to dominate, simply because a different voting system rewards a different strategy and set of issues

partisan morons are tearing this country apart. we need less of them, not more of them, just look at the idiocy that dominates the discussion on healthcare right now. how do we get less partisans? we adopt a system which rewards them less. our current unideal system rewards partisan loudmouth bickering idiots, to tragic results

Move beyond voting (1)

agilbert201 (535496) | more than 4 years ago | (#29025127)

Isn't the biggest tragedy the whole modern election process? It is rife with $$ influence, has enormous barriers to entry to mortals, requires grotesque marketing manipulations of it's participants, and essentially rubber stamps incumbents at an alarmingly high rate. The question is an "election" even the best way anymore? How about random selection for Congress, much akin to jury duty? Serve a 2 year stint and go home. I would have much more confidence in such a body than the one we have. And assuming the process were random enough, it would be a better reflection of "will" and be the most democratic. The illusion is we have a choice. It isn't just the mechanics that are at issue, it is the process that needs deeper thinking.

Dumb dumb dumb! Dumb dumb dumb! (1)

Saint Stephen (19450) | more than 4 years ago | (#29025225)

To the tune of the Mormon song in that episode of Southpark....

First the guy starts off with a reference to Potheads. Danger sign right there.

Then he goes off about how fair VAT is. Second danger sign.

Then he opines about how he can come up with all these ways that people can't cheat, like one guy rolls two joints and the other guy picks which one he wants to smoke, and pretends like this idea can scale.

Want to bet there isn't a way to cheat at cut and choose? Let's try it to elect a politician and see if someone can't find a way to cheat.

Fail! Mr big idea.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...