Skip to content

delegated democracy

Explodicle‘s been pondering implementations of a computer-assisted delegated democracy. As of his last post, he’s hit a stumbling block: login-based implementations are a pain. They start you thinking along the lines of centralized servers polling remote servers, and things just start to get cumbersome.

What if, during normal voter registration, you are free to register a public key (presumably one to which you have the corresponding private key)? Suddenly, the issue changes: all the polling authority has to do is verify signatures.

Here’s how it might work: when the issue is presented formally, assent and dissent strings would be noted. They would probably run along the lines of “I the undersigned vote YEA to Proposition 12345″ or something similar. You are free at any time before voting closes to send along an email to the polling authority with your signed assent or dissent statement, which will be automatically verified and logged.

That’s the simplest case, though, without delegation. Delegation isn’t very hard, though: you just ask your upstream delegate to CC you when they cast their vote. You can prove that that email comes from the delegate you designated via their signature. You then sign the appropriate assent or dissent string, and send in your own vote. This entire process would be very, very simple to automate.

If you’re concerned about the secrecy of your vote, all that’s necessary is to encrypt your vote with the (widely available) public key of the polling authority. However, this imposes a limitation: you cannot simultaneously keep your vote secret and act as someone’s upstream delegate. This isn’t a bug, though: it’s a feature. This is because one of the more important rights in a delegated democracy has to be the right to know on which side of the issue your personal vote was cast.


RSS feed


Comment by Explodicle Windows XP Internet Explorer 6.0
2008-05-28 16:03:19

I like where you’re going with this. However, I think the process you suggest could be tweaked a little to require a single passphrase and ensure a secret ballot even if someone is watching you from the moment you leave the registration office.

Instead of having the polling authority publish a single public key for everyone, I think it would be better if each voter got his own pair of keys at registration and kept both secret (except leaving the decode key with the voting authority). They could be generated by a passphrase that is run through a cryptographic hash function, so the voter never has to memorize anything too difficult or write anything down.

That way, even if a bad guy watches you vote, you can just type the wrong passphrase and he will have no way of verifying it.

Comment by coriolinus Windows XP Mozilla Firefox
2008-05-28 20:00:59

I think you may have misunderstood me. The public key published by the polling authority is only useful for encrypting messages directed to the polling authority; it is a single key, widely published and well-known so that people can trust that it is authentic (not subject to man-in-the-middle attacks). You sign your vote with your own, personal private key, so that it can be verified using your public key. Both of your own keys are generated by you, at your leisure, on a computer you trust. When you register to vote, you do not receive any sort of key or passphrase from them (except possibly a copy of its public key if you do not already have it in your possession). Instead, you bring to them a copy of your public key, which you certify to be yours (so that they can trust that your signed vote–signed with your private key–had not been altered by a man in the middle).

You vote from the privacy of your own home, or wherever you find to be most comfortable a place to compute, and email the vote in. Email is inherently insecure, but public key cryptography is not known to be insecure. Adding protections against people known to be spying on you seems an odd protection to add–all you have to do is refrain from voting while that person is hanging around.

Comment by Explodicle Windows XP Internet Explorer 6.0
2008-05-29 08:57:53

What if that spy is offering a bribe or threatening me? Refusing to vote wouldn’t always be an option.

Comment by coriolinus Windows XP Mozilla Firefox
2008-05-29 09:10:18

No, but those cases are more suitable for police intervention than a technological fix.

Comment by Explodicle Windows XP Internet Explorer 6.0
2008-05-29 13:19:47

Why is that? Someone could get hurt.


Sorry, the comment form is closed at this time.