Software initiatives
MG
development.
We in AD has found another initiative in France:
http://demexp.ouvaton.org/node/274
(Did you know of this echarp?), that we are testing currently.
And what about other soft, I know of the projects described here:
http://top.xwiki.com/xwiki/bin/view/Main/Network
But maybe there more, not yet aware of TOP and it's members?
We in AD will now try to unite as many as possible into a larger
project if possible.
In this way we all avoid inventing the wheel over and over again.
So, the first step would be to gather all projcts in this thread.
I don't want to discuss too much here about different principles but
rather to focus on common parts which we all can use.
Particular functons can be developed furhter in paralell or later when
needed.
The one demand as I see it is that all soft is made opensource, free to
all to use and improve.
What do you all say, would'nt this be a way of getting some action
finally?
If you do, your first step would be to invite people from all projects
that you know of, to this thread, thus forming a new community
consisting of programmers rather than debaters...
Best regards,
Magnus Gustavsson
Aktivdemokrati.se
illegale
Though, all programers I do know, I already invited to TOP
ATB,
Gale
echarp
and participated quickly to it before starting "parlement".
My troubles with it:
- voting method is "Condorcet", which is often considered slightly too
complex for most people
- special powers to some administrators whose role is to organise polls
- technology is a very good one, but sadly it is not used much in the
world and will have troubles finding programmers
- no possibility to use the whole system as a forum where every
question/answer is just one more post
- few considerations for security
But, they have a group of intelligent people involved in a cool social
idea/ideal.
> The one demand as I see it is that all soft is made opensource, free to
> all to use and improve.
That's one I also have.
echarp - http://leparlement.org
Abd ul-Rahman Lomax
>- voting method is "Condorcet", which is often considered slightly too
> complex for most people
"Condorcet" is not a specific method, it is a criterion by which
voting methods are judged. If a specific outcome wins every pairwise
comparison, then the Condorcet criterion requires that that outcome
be selected.
However, the Condorcet winner is not necessarily the best winner, in
terms of social utility. Range Voting is designed for that. Condorcet
is essentially a binary method, Range allows the expression of
strength of difference.
Condorcet-compliant methods are superior to standard plurality
voting, or STV methods, but not necessarily to more sophisticated --
but actually simpler -- methods such as Approval Voting combined with
deliberative process.
Deliberation, leading to consensus (or at least in increase in
consensus), is the foundation of functional democracy, not
Aggregation (i.e., voting methods).
echarp
> At 11:00 AM 10/2/2006, echarp wrote:
> >- voting method is "Condorcet", which is often considered slightly too
> > complex for most people
>
> "Condorcet" is not a specific method, it is a criterion by which
> voting methods are judged. If a specific outcome wins every pairwise
> comparison, then the Condorcet criterion requires that that outcome
> be selected.
"Voting System":http://en.wikipedia.org/wiki/Voting_system
"Condorcet method":http://en.wikipedia.org/wiki/Condorcet_method
Basically there is always the same Condorcet winner, but in case of
cycles with no such winner, then different variants propose different
outcomes.
> However, the Condorcet winner is not necessarily the best winner, in
> terms of social utility. Range Voting is designed for that. Condorcet
> is essentially a binary method, Range allows the expression of
> strength of difference.
Some studies have been done, which show that range voting generally
amounts to approval voting => people will tend to vote for the extreme
values.
(it's a combination of psychology and mathematics: do you want to have
only fraction of a vote?)
> Condorcet-compliant methods are superior to standard plurality
> voting, or STV methods, but not necessarily to more sophisticated --
> but actually simpler -- methods such as Approval Voting combined with
> deliberative process.
I in fact prefer approval voting, due to its simplicity and the fact it
tends towards consensus.
"Approval voting":http://en.wikipedia.org/wiki/Condorcet_method
The -1 / +1 votes are in fact a form of it.
BTW, let me vote for your post in http://leparlement.org/top-politics ;)
+1
> Deliberation, leading to consensus (or at least in increase in
> consensus), is the foundation of functional democracy, not
> Aggregation (i.e., voting methods).
Deliberation is most certainly vital, but so is some kind of decision
making process. A vote is the generally accepted kind, thus the science
of voting methods :)
echarp - http://leparlement.org/fr
MG
there should be more options at least.
Not all votes are about selecting a delegate or a president.
We have contacted them and they seems responsive.
The question is if they have been here at all.
We will try to broaden their views as much as possible.
But can it really be the case, that there are no more politically
interested programmers in the world than the ones already here?
Since the demexp team has not been here I assume that there are others.
How can we find them and bring them all together for some real action??
Abd ul-Rahman Lomax
>Basically there is always the same Condorcet winner, but in case of
>cycles with no such winner, then different variants propose different
>outcomes.
However, nearly all methods would pick one of the members of the
"Smith Set," i.e., the set of candiates who, individually, beat all
other candidates outside the set, pairwise. The Condorcet criterion
is quite interesting; what is clear is that methods which
unintelligently pick a non-member of the Smith Set are hazardous.
There is only one excuse for doing this: to pick a winner with
broader approval.
Technically, standard plurality is Condorcet-compliant. But it does
not allow sufficient information, that's the problem. That is, in
standard plurality a voter simply picks a favorite. The one picked by
the most voters, necessarily, beats all the others in pairwise
comparisons. Simple. Too simple. Full Condorcet methods allow all
pairs to be voted upon by the voter. However, this can get ...
onerous ... if there are many candidates. There are few practical
examples to point to.
> > However, the Condorcet winner is not necessarily the best winner, in
> > terms of social utility. Range Voting is designed for that. Condorcet
> > is essentially a binary method, Range allows the expression of
> > strength of difference.
>
>Some studies have been done, which show that range voting generally
>amounts to approval voting => people will tend to vote for the extreme
>values.
I'd appreciate seeing the studies. Yes, Range reduces to approval if
people vote the extremes. In my opinion, this would be superior to
the status quo in most places; but it is certainly far short of
optimum. Note that this is short of optimum in that the voters are
not clearly expressing their true opinions, so the result of such
"bullet voting," as it is called, would be lowered voter satisfaction
with outcomes. It is just as with Approval. If you refuse to vote for
any candidate other than your favorite, and then your least-favorite
wins, you will rue your vote. As you should. It was a poor strategy.
There is a standard Approval strategy, which requires some
understanding of the political situation (as does plurality): Of the
two front-runners, vote for the favored among them, then vote for all
candidates preferred to that front-runner. Or at least vote for your
favorite....
There is at least one study which shows that people do *not*
bullet-vote in Range, so I'm suspicious of the claim..... It
certainly is not true in the many contexts in which Range Voting is
used: Olympic scoring, for example.
>(it's a combination of psychology and mathematics: do you want to have
>only fraction of a vote?)
Range leaves you a full vote. Simply give at least one candidate the
full rating. This argument is familiar, and it is thoroughly
specious. It is similar to the argument that Approval gives people
more than one vote, and is thus unfair. The fact is that in every
pairwise election, Range methods, including Approval, allow the voter
one full vote. Range simply allows the expression of fractional votes
*as an option.* And this flexibility is essential for election
outcomes to reflect a broad consideration of social utility. It
reflects the real world, which is not black and white.
> > Condorcet-compliant methods are superior to standard plurality
> > voting, or STV methods, but not necessarily to more sophisticated --
> > but actually simpler -- methods such as Approval Voting combined with
> > deliberative process.
>
>I in fact prefer approval voting, due to its simplicity and the fact it
>tends towards consensus.
Right. It is *extremely* simple, in that implementing it simply
involves, typically, tossing out the single line in the election law
that requires ballots which are "overvoted" to be discarded. Voting
equipment can already count it, because it must be able to handle
multiple-winner elections, where voters are allowed to vote for more
than one (usually with the instruction "Vote for no more than N candidates.")
Approval Voting is quite good, in fact, in my experience, if followed
by a ratification vote, which is Yes/No on the question, "Shall the
result of the election be accepted." Voting methods suffer greatly
from a requirement that they must produce a result in a single poll....
I have seen Approval used at a meeting which began with severe
polarization of opinion. When the possible courses of action were
listed, and a poll taken on which of these courses were *acceptable*
to the members, it was clear that the status quo was not satisfactory
to a significant number of members, while other courses were
acceptable to nearly everyone. And when the Approval winner was
presented for a ratification, the vote was *unanimous.* This was in a
Free Association, by the way, after the AA model. Group unity is
generally valued in Free Associations, as it *ought* to be in society at large.
>Deliberation is most certainly vital, but so is some kind of decision
>making process. A vote is the generally accepted kind, thus the science
>of voting methods :)
Decision-making in traditional democratic organizations is quite
simple, when there is a single question. "Shall we do action A?"
Majority vote wins. It is with multiple options that it gets
complicated. Indeed, most organizations have a rule that a question
must *not* involve multiple choices, but typically elections are
exempted. That's a mistake, in my opinion. A more sophisticated
election process would involve, say, Range voting to provide
information to the electorate, then perhaps the Range winner is
presented for a ratification vote. It is also possible to present two
winners, i.e., the highest two Range winners, but in this case, as
the Libertarians would have it, NOTA should also be on the ballot
(None of the the above).
What is done instead is to assume that the organizational welfare is
best served by having a winner, even if that winner is less than
satisfactory. The determination of whether or not the proposed winner
of an election should actually be installed in the office should be
democratic, based in the *present* state of the electorate, not
predetermined by precedent or statute or constitution.
FA/DP organizations avoid the whole problem. But, of course, the
problem still exists and must be solved for society to function.
FA/DP organizations leave the solution to the public; the fact is
that if good communication and deliberation can be established -- and
FA/DP organizations could be quite good at this -- there is no need
for complex voting methods. Simple plurality, in the presence of
consensus, works well enough, though I'd think we'd want to make it
Approval, perhaps with a NOTA option. The advantage of simple
plurality (or, similarly of STV, which is plurality-based with a
twist) is that it is already in place, and it is thus not necessary
to change voting methods in public elections as a first step.
The first step is to set up communications mechanisms. Software can
help, but software is not the essential problem. Human habit is the
problem, and, most especially, an entrenched cynicism that deeply
believes that the problem of government is insoluble, that "they"
will prevent reform, etc.
Yes, "they" will prevent reform if it is attempted *through the
system.* It is practically a law, it is not person.
The *big* mistake that is so commonly made is to assume that the
problem is the people filling the positions of power in the existing
system. Get rid of them, "toss the bums out," and everything will be just fine.
Not. The system creates a vacuum which is filled by those people. Get
rid of them, others will take their place. And, look at history, the
others, if better, will not be better for long, or, at least, we can
see that the problem has not been solved.
Trying to reform society, we create reform organizations which
reflect the same kind of structures that are used generally in society.
We need something new, something that *overlays* society, as the
human nervous system overlaid previous messaging through chemical
diffusion. *It did not replace the previous methods.* It supplemented
them, made possible the infusion of intelligence.
>echarp - http://leparlement.org/fr
>
>
MG
different principles but
rather to focus on common parts which we all can use. "
If you don't want to concentrate on software develpment you are free to
it.
In this thread we should keep it about soft though.
(Plese answer my post No 9 here
instead..:http://groups.google.com/group/top-politics/tree/browse_frm/thread/e7c77e6d814a3d6d/d71909c5e9038477?rnum=1&_done=%2Fgroup%2Ftop-politics%2Fbrowse_frm%2Fthread%2Fe7c77e6d814a3d6d%2F%3F#doc_7214c0ab204d1cb3)
;-)
pether....@gmail.com
the discussions is because it is very little talk about actual
implementations. But I think it's more the lack of discussions about
software that make it look like it's the only objective of the group is
debating..
Haven't done much work on my project lately but preparing a alpha
release the next few month, already succesfully bundled my application
with jboss using hsql java database instead of mysql to reduce runtime
dependencies. Spring 2.0 was just released so will spend the weekend
upgrade some infrastructure, just waiting for hibernate 3.2 to be
released as well.
Also trying to look on the other projects regulary, thumbs up for
http://leparlement.org which seems to make steady progress with
regular new releases.. To bad I don't develop in Ruby..
Kind regards Pether Sorling
echarp
> I agree with you, and of one the reason I haven't participated much in
> the discussions is because it is very little talk about actual
> implementations. But I think it's more the lack of discussions about
> software that make it look like it's the only objective of the group is
> debating..
It can be fun ;)
But true, some agreements on common goal is required. Me it's freedom,
liberty, the definition of an individual's limits in this society.
TOP seems like a great concept to leverage in that research. But guys,
what mean O and P to you (T seems to be quite well defined in
comparison)?
O is the right to speak? P is also the right to speak?
> Haven't done much work on my project lately but preparing a alpha
> release the next few month, already succesfully bundled my application
> with jboss using hsql java database instead of mysql to reduce runtime
> dependencies. Spring 2.0 was just released so will spend the weekend
> upgrade some infrastructure, just waiting for hibernate 3.2 to be
> released as well.
Good infrastructure choices.
Did you take a look on JBoss's seam? I know that in my next J2EE
project, I'm going to recommend it.
> Also trying to look on the other projects regulary, thumbs up for
> http://leparlement.org which seems to make steady progress with
> regular new releases.. To bad I don't develop in Ruby..
Thank you very very much!
Originally I'm a J2EE guy, and am going to (again) find a job in that
domain, but Ruby and Ruby on Rails are so much nicer and simpler, it's a
joy!!!
echarp - http://leparlement.org
Serge
a
point of reference for the software system specifications that would be
desirable, based on Echarp's parlement and Magnus' AD - but needing the
input of all who have their vision of the software and its mechanisms.
http://top.xwiki.com/xwiki/bin/view/Main/TOP_System_Definition
Regards,
Serge
Markus Schatten
On Wednesday 11 October 2006 12:19, Serge wrote:
> Just to say a new page was created on the wiki so as to be used as a
> point of reference for the software system specifications that wold be
> desirable, based on Echarp's parlement and Magnus' AD.
>
> http://top.xwiki.com/xwiki/bin/view/Main/TOP_System_Definition
>
There's an requirements definition we developed in TiAktiv allready on the
wiki, so I put a reference to it on the page you created. Hopes this is OK
with you.
Best regards
--
Markus Schatten, dipl. inf.
e-mail: markus....@foi.hr
http://www.tiaktiv.hr
Markus Schatten
I forgot to say I really like the job you did, especially the page where the
voting method is described. Maybe this is an invitation to the other
voting/decision making methods to do the same thing on the wiki? Magnus?
Mark? Charles? Lomax? BrokenClock? Anyone else?
Nice to see the wiki growing ;-)
echarp
Anybody with a fast server to host another node? :)
(I would gladly do the setup/admin)
echarp - http://leparlement.org
Serge
I have written a draft about how we might be able to ensure a person is
who one says to be, while preserving the anonimity of voting while
allowing for a track record to appear (as transparence required). Turns
out what I wrote falls in quite obvious pitfalls after discussion and
review with a couple people here, and if the requirements stand, the
way to do it I tried to define isn't satisfactory. I was pointed to the
openID protocol, do any of you know this? It is open etc, so should
satisfy the TOP criteria. I am not sure how easy it is to implement or
if this is something that would be useful in our specific case.
http://openid.net/
please advise,
Best regards,
Serge
echarp
troubles!
How do you recognize one individual from the next?
* fingerprint
* adn
* appearance
* passport
* id card
* witnesses
* electoral registration
* ...
There is already no simple solution in the physical world. There is next
to zero chance we could ever find something better in the virtual world.
Thus, let's each group define its legitimate participants according to
the procedure it desires.
A small city could enlist each individual citizen on an electoral list,
using physical recognition and any kind of ID card and proof of
residence.
Or it could require the physical presence of someone already on the
list. To obtain a chain of trust.
An association could also require a PGP chain of trust *and* a
cotisation.
Me I'd rather not pick side, but open the choice. Basically anybody
should be able to set up any number of electoral list according to any
procedure of their choice. Then an organisation will choose or not to
use one electoral list to legitimize votes and calculate results.
In a democracy, control of that electoral list is an important power, it
must be constantly scrutinized.
In france one of the most regular fraud is one involving dead people!
Ain't that some participation?! :)
echarp - http://leparlement.org
illegale
+ one little notice. In politics, I am actually not interested into
anonymous decision making due to reason I already mentioned. Decision
making is allways based on power relations (it can be delebirated
process, but it is allways about power), so if one person is even
affraid to state publicly his own opinion, that what is the true power
such person has? I believe, TOP principle will actually build up
completely TOP power structure that will profilate and proliferate on
the prinicples of knoweldge sharing and responsibility towards common
good.
ATB,
Gale
MG
issue and representative voting in an particular issue.
On the individual level there can be threats stopping you from voting
at all, or on what you want.
This is seen all over the world in traditional elections so it's a sad
fact.
ketty .
And threats would be no issue for representatives? Since representatives can have so many more votes than a mere individual and there votes are not anonymous, it seems to me that it would be very effective to threat and otherwise trying to influence the votes of representatives. The only way i see around it is to have the _identity_ of representatives anonymous, to refer to a recent discussion in the swedish forum =)
Serge
Freedom of expression requires protection. Anonymity of voting seems
the best available protection at this point. One can hope that one day
we might be able to voice our opinion and cast votes in complete
openness without fear of retribution, but looking at a system to be
implemented here and now, i think we need to take voter's protection
with the utmost seriousness.
Adding a separate online identity to the equation would allow to create
a base for building trust in proxies and allow a system to be efficient
and remain TOP.
all the best,
Serge
Gordan Ponjavic
> On 10/15/06, MG <magn...@gmail.com> wrote:
> >
> >
> > Sure, but you have to differ between individual votes in an particular
> > issue and representative voting in an particular issue.
> > On the individual level there can be threats stopping you from voting
> > at all, or on what you want.
> > This is seen all over the world in traditional elections so it's a sad
> > fact.
>
>
> And threats would be no issue for representatives?
Indeed. In this way we might legitimate secret ballots of our
reprensetatives. To keep them safe from bad people. Yet, no
demonstration, no power.
> Since representatives can
> have so many more votes than a mere individual and there votes are not
> anonymous, it seems to me that it would be very effective to threat and
> otherwise trying to influence the votes of representatives.
:-)
> The only way i
> see around it is to have the _identity_ of representatives anonymous, to
> refer to a recent discussion in the swedish forum =)
And here comes up the problem. No transparency, place for discrepancy
among actions and declarations. Less trust in such structure. Place for
questioning of not popular decisions and system as whole.
If you have transparent system, than all of this becomes too obvious to
try to deny it.
Though, at internet organisations Ive monitored, people would just
realise there is no point to hide their opinion. After all, what is the
power I have if there is 10 people, 7 are claiming for one thing and 2
are not interested, if I gain 5 votes and other member who was widely
publicly supported gets 3 votes? So, what is the point than? Me
personaly would not trust such people to much. If there was
transparent process, it all obvious, no place for undmining hypocricy.
OK. Not all people are willing to go public. But what is the point
about them?
Do you want to undrmine legitmation process beacuse of they are
affraid? I believe that is the part they have to deal with. One more
thing that I have noticed- when people go anonym, they bitch much more
regularly then when thay go with ID. I believe it is up to
psychological (everybody is wathcing) effect where they can only turn
to what they find is really fair, loosing process of calculations that
might go against them sooner or later. So, why risk it?
In this very moment, I can hardly imagine such TOP organisation has
need to go secret voting. I even find it be contradiction that would
deny essence of TOP. Can anyone imagine some real picture that might
go in front of us, that would excuse such move?
> Sure, but you have to differ between individual votes in an particular
issue and representative voting in an particular issue.
Two classes of people. Do they have same rights, or what? Or should we
let them be secret and enable them be not attacked by their political
enemies? Why not?
>On the individual level there can be threats stopping you from voting
>at all, or on what you want.
>This is seen all over the world in traditional elections so it's a sad
>fact.
We can not compare to traditional systems. This what we are building is
new paradigm of politics.
ATB,
Gale
Gordan Ponjavic
Serge wrote:
> +1
>
> Freedom of expression requires protection. Anonymity of voting seems
> the best available protection at this point
Voting is expressing will, not opinion. That is the essence of the
vote power. And no power, no legitimation. No power, no politics at
all. Yet, you can act paternisticly and offer them to express their
opinion becuase you are good person that cares. But, than we are not
talking about power base behind you, but some imptent fun club that
wont be too influencive.
The same thing as petitions btw. You can send millions of signatures,
but if the goverment doesnt find these signature threatening, they wont
find them serios thing in a process of letting go their interests.
Even demonstrations /that is actually public principe as petitions/
are not too interesting if they are not a threat. And what can you
imagine with secret ballots? Hmh.
>One can hope that one day
> we might be able to voice our opinion and cast votes in complete
> openness without fear of retribution, but looking at a system to be
> implemented here and now, i think we need to take voter's protection
> with the utmost seriousness.
OK. How do you imagine Internet democracy be established? Maybe I
missed your key point?
> Adding a separate online identity to the equation would allow to create
> a base for building trust in proxies and allow a system to be efficient
> and remain TOP.
What I find out is that TOP gives that system efficiency.
ATB,
Gale
> all the best,
>
> Serge
ketty
And here comes up the problem. No transparency, place for discrepancy
among actions and declarations. Less trust in such structure. Place for
questioning of not popular decisions and system as whole.
If you have transparent system, than all of this becomes too obvious to
try to deny it.
[...]
What you are advocating is transparency of individual votes, right?
I understand it can sound a bit weird, but i see that as completely different from representaive votes.
Representatives is just individuals who other individuals puts trust in, right? Why should they have differnt rights from other individuals?
Wrong :)
As i see it "representative" should not be equated with "individual". An individual have vote power, an representative should have no vote power not orginating from individuals.
Assume the identity of a representative can not be tracked to a real life individual. (Maybe you can only track it to a public gpg key.)
Assume the representative, having his/her real life identity hidden, casts some really extreme votes.
So what? Being merly a representative (and not a real individual) the votes has no power. The only way for those votes to have power would be if real life individuals delegated their votes to the representative.
So, where is the transparency lost?
pether....@gmail.com
echarp wrote:
> TOP seems like a great concept to leverage in that research. But guys,
> what mean O and P to you (T seems to be quite well defined in
> comparison)?
>
> O is the right to speak? P is also the right to speak?
Think each word need to be put in context to be a good definition,
thinks the definitions on the xwiki will improve with time so not that
bothered to spend time on it.
> > Haven't done much work on my project lately but preparing a alpha
> > release the next few month, already succesfully bundled my application
> > with jboss using hsql java database instead of mysql to reduce runtime
> > dependencies. Spring 2.0 was just released so will spend the weekend
> > upgrade some infrastructure, just waiting for hibernate 3.2 to be
> > released as well.
>
> Good infrastructure choices.
>
> Did you take a look on JBoss's seam? I know that in my next J2EE
> project, I'm going to recommend it.
Just had a quick look at it, like annotations but already spent to much
time playing with tools so will stick with spring & hibernate for a
while. Finished the basic security implementation this weekend using
acegi security with was cool.. But been lazy and haven't commited the
code to subversion yet, supposed to catch up on test coverage.
> Originally I'm a J2EE guy, and am going to (again) find a job in that
> domain, but Ruby and Ruby on Rails are so much nicer and simpler, it's a
> joy!!!
Looked at Ruby, but don't want to move away from java/ open source
field. Currently working in a team using an agile approach with pair
programming using same technologies as my project so hopefully I will
learn something during my dayjob.
Best regards
Pether
Gordan Ponjavic
> On 10/16/06, Gordan Ponjavic <gpon...@gmail.com> wrote:
>
> > And here comes up the problem. No transparency, place for discrepancy
> > among actions and declarations. Less trust in such structure. Place for
> > questioning of not popular decisions and system as whole.
> >
> > If you have transparent system, than all of this becomes too obvious to
> > try to deny it.
>
>
> [...]
>
> What you are advocating is transparency of individual votes, right?
Yes.
> I understand it can sound a bit weird, but i see that as completely
> different from representaive votes.
>
> Representatives is just individuals who other individuals puts trust in,
> right? Why should they have differnt rights from other individuals?
They have to vote publicly, right?
> Wrong :)
> As i see it "representative" should not be equated with "individual". An
> individual have vote power, an representative should have no vote power not
> orginating from individuals.
>
> Assume the identity of a representative can not be tracked to a real life
> individual. (Maybe you can only track it to a public gpg key.)
Why? Though, I have to notice one more thing up there. The same
question as one for Serge actually. How do you imagine this whole
process goes and what is the moment we will say, OK, now, lets not be
that transparent any more. Lets hide some things in order of safety
because that is common good. What is the moment you are talking about?
Maybe it is too far from me, that it does not worry me too much, nor
makes me interested in going against principle of transparency out of
mere specualations based on current, instead of TOP system.
> Assume the representative, having his/her real life identity hidden, casts
> some really extreme votes.
> So what? Being merly a representative (and not a real individual) the votes
> has no power. The only way for those votes to have power would be if real
> life individuals delegated their votes to the representative.
>
> So, where is the transparency lost?
Its lost in not seeing his origin of power. An his origins of power are
Mirko, Marko, Pejo, Sanja, Branka, Mark and Emanuel. They are his true
origins. Not number 7.
ATB,
Gale
ketty
> Representatives is just individuals who other individuals puts trust in,
> right? Why should they have differnt rights from other individuals?
They have to vote publicly, right?
I am a bit confused, do you want:
A. individuals' votes are public, representatives' votes are public?
or B. individuals' votes are hidden, representatives' votes are public?
Either way we probably all agree that representatives' votes should be public. :)
Why? Though, I have to notice one more thing up there. The same
question as one for Serge actually. How do you imagine this whole
process goes and what is the moment we will say, OK, now, lets not be
that transparent any more. Lets hide some things in order of safety
because that is common good. What is the moment you are talking about?
Maybe it is too far from me, that it does not worry me too much, nor
makes me interested in going against principle of transparency out of
mere specualations based on current, instead of TOP system.
I don't visualize anything going in the direction of less trasparency. Just because a representative does not need to identify itself using dna and phone number does not mean it can't. It's all in the powers of voters. If they want to put their trust in some totaly mysterious person then that's up to them.
Please note that i am being a bit sarcastic. I don't think a gpg identified person is any more mysterious than a dna identified one. Both identifications are totaly meaningless if you have no past knowlege of the person. What i am advocating is leaving up to the representatives how to identificate, and leaving up to the voters to chose what identification to trust.
> Assume the representative, having his/her real life identity hidden, casts
> some really extreme votes.
> So what? Being merly a representative (and not a real individual) the votes
> has no power. The only way for those votes to have power would be if real
> life individuals delegated their votes to the representative.
>
> So, where is the transparency lost?
Its lost in not seeing his origin of power. An his origins of power are
Mirko, Marko, Pejo, Sanja, Branka, Mark and Emanuel. They are his true
origins. Not number 7.
Yes i agree, they are the orgin of power. They are also individual voters and not representatives(gatherering of votes). You are still advocating for the publicity of individual votes are you? When i said "where is the transparency lost" i was talking about identification of representatives. Assuming no special requirements on how and if representatives should identify themself are made, we have two scenarious:
1. Personal votes are publicly visible. Since also representatives' votes are visible you can trace the power from it's origin (the individuals) to the final position. No transparecy is lost.
2. Personal votes are not publicy visible. Since the origin of power is hidden to start with, there is no transparency to lose. So neither in this case is any transparency lost.
So in my opinion specifying how/if representatives should identify themselfs, or not specify, does not change the transparency in any way.
Serge
Ok so I should clarify that in my view of it there should be two
distinct identities:
1) Your physical, name surname verifiable identity, protected by an
adequate mechanism (nothing's ever 100% proof, but ways can be designed
for maintaining one's real identity private)
2) Your authenticated unique online identity, which is completely
transparent - ie votes and various posts/discussions are available to
anyone
Interestingly enough, should a small town experiment with a TOP system
as means of government, there would be a need for making sure each
eligible voting citizen gets one and one only one login - otherwise you
risk electoral frauds. Therefore it would be easy to take advantage of
this registration/authentification step to ensure eligible citizens
benefit from the same protections when they vote online as when they do
in a voting booth. The issue here is to shield someone from threats and
possible risks of harm that may arise from one's advocacy of an issue
or choice of vote.
There would be no issues of transparence as one would know anyone else
speaking/voting is an eligible citizen, and for example would be able
to see one another's records of opinion/posts/contributions and votes,
and subject it to scrutiny - and possibly choose to delegate his/her
vote on a given issue.
Hope this answers at least some of your observations.
Best regards,
Serge
ketty
Ok so I should clarify that in my view of it there should be two
distinct identities:
1) Your physical, name surname verifiable identity, protected by an
adequate mechanism (nothing's ever 100% proof, but ways can be designed
for maintaining one's real identity private)
2) Your authenticated unique online identity, which is completely
transparent - ie votes and various posts/discussions are available to
anyone
The tricky part is making the part where you assign an online identity to a physical person transparent without making the mapping between the two identities publicy visible. How do i know for sure no one sitting in a privileged position gives themself a whole bunch of online personalities?
Gordan Ponjavic
> On 10/16/06, Gordan Ponjavic <gpon...@gmail.com> wrote:
>
> > > Representatives is just individuals who other individuals puts trust in,
> > > right? Why should they have differnt rights from other individuals?
> >
> > They have to vote publicly, right?
>
>
> I am a bit confused, do you want:
> A. individuals' votes are public, representatives' votes are public?
> or B. individuals' votes are hidden, representatives' votes are public?
If its TOP than it is TOP. Transparent, open, public. You can not take
this in parts you like and in parts you do not like, do not take it.
Actually, this oportunistic mode of TOP is the mode that functions
today. So, yes. I am for everything to be public.
> Either way we probably all agree that representatives' votes should be
> public. :)
Of course :)
> I don't visualize anything going in the direction of less trasparency. Just
> because a representative does not need to identify itself using dna and
> phone number does not mean it can't. It's all in the powers of voters. If
> they want to put their trust in some totaly mysterious person then that's up
> to them.
Maybe I misunderstood you. You want to say that proxies might be
virtual identites? That is interesting thought. So, if ones choose to
trust virtual identity, that is his right? OK. Fine with me. Though, as
long as responsibility is big, big part of efficient political system,
in that moment we can state that DPs do not care no responsiblity but
virtual one. Can we do that? If we can, everything it is all right.
> Please note that i am being a bit sarcastic. I don't think a gpg identified
> person is any more mysterious than a dna identified one. Both
> identifications are totaly meaningless if you have no past knowlege of the
> person. What i am advocating is leaving up to the representatives how to
> identificate, and leaving up to the voters to chose what identification to
> trust.
I agree. Yet. Real identity means real attachment. In real identity
before you, you can be carmic whore only once, with virtual identity
you can be carma whore every day. So, if someones wants to trust
virtual identity, I asume it is his right and his *responsibility*.
> > Its lost in not seeing his origin of power. An his origins of power are
> > Mirko, Marko, Pejo, Sanja, Branka, Mark and Emanuel. They are his true
> > origins. Not number 7.
>
> Yes i agree, they are the orgin of power. They are also individual voters
> and not representatives(gatherering of votes). You are still advocating for
> the publicity of individual votes are you? When i said "where is the
> transparency lost" i was talking about identification of representatives.
OK. I understand now.
> Assuming no special requirements on how and if representatives should
> identify themself are made, we have two scenarious:
> 1. Personal votes are publicly visible. Since also representatives' votes
> are visible you can trace the power from it's origin (the individuals) to
> the final position. No transparecy is lost.
> 2. Personal votes are not publicy visible. Since the origin of power is
> hidden to start with, there is no transparency to lose. So neither in this
> case is any transparency lost.
Yet. In the same manner we can notice todays political party and
aplause it as long as there is no transparency lost. The merit is TOP
system, not current sitation. And in TOP system stuff go from
transparent, open and public political decision.
> So in my opinion specifying how/if representatives should identify
> themselfs, or not specify, does not change the transparency in any way.
So, the question is can virtual identity be part of TOP organisation?
OK. I agree that it can. Though, if that part is not problem to its
power base, than it is not problem to me neither.
ATB,
Gale
Gordan Ponjavic
> There would be no issues of transparence as one would know anyone else
> speaking/voting is an eligible citizen, and for example would be able
> to see one another's records of opinion/posts/contributions and votes,
> and subject it to scrutiny - and possibly choose to delegate his/her
> vote on a given issue.
>
> Hope this answers at least some of your observations.
I understand that being TOP means being exposed in public and in front
of those who are not so keen about your political ideas. Yet, you have
to keep in mind that this is global problem of TOP. There is no fog to
hide. And that is the problem every single person who enters TOP
politics is going to experience.
But.
The true power of TOP is precisely in the courage to stand behind your
political ideas. This gives you political power and influence. And not
just to you, but every single person who is willing to use this
paradigm in order of political success. No free lunch I am afraid.
So. What do we get from the other side? We can start empathysing with
those who are exposed, we can join them, we can earn respect and
position to realise our political intentions. No free lunch I repeat.
And no power in those who are afraid to stand behind of what they
think. If there is no power, than their vote is being only a wish,
nothing mandatory. And it cant be mandatory as long as authority can
not be someone who is afraid of the one to whom he is "willing"/wishing
to use force. That is contradiction that can be shortcutted.
So this problem you mention remains being open. And it needs new
mechanisms that will protect right to make decision. Yet, as in
opensource in software development, where hackers can read the whole
code (which helps them rather much), more eyes solve these problems, so
opensource as fully transparent source (it is not being closed not even
in security issues!!!) is many fields even more secure than closed
source.
Paradox it is.
ATB,
Gale
> Best regards,
>
> Serge
ketty
Took some time for us to understand eachother, but it looks like we are agreeing. Yay! :)
Gordan Ponjavic
Though, I am rather interested what do other things about this issue.
Markus?
ATB,
Gale
Gordan Ponjavic
How do you imagine this process of concensus building?
I read Emmanuels list of tasks. So, what can I do about it? To set
priorities, to add personal requriements?
And what is about others?
ATB,
Gale
MG
> Content-Type: text/html; charset=ISO-8859-1
> X-Google-AttachSize: 639
>
> <br><div><span class="gmail_quote">On 10/16/06, <b class="gmail_sendername">Gordan Ponjavic</b> <<a href="mailto:gpon...@gmail.com">gpon...@gmail.com</a>> wrote:</span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
> So, the question is can virtual identity be part of TOP organisation?<br>OK. I agree that it can. Though, if that part is not problem to its<br>power base, than it is not problem to me neither.</blockquote><div><br>Took some time for us to understand eachother, but it looks like we are agreeing. Yay! :)
> <br></div><br></div>
>
> ------=_Part_42673_25465795.1161030524383--
Welcome, Ketty! :)
I'm still confused upon what you are agreeing on?:
Orginal question from
Ketty:
"A. individuals' votes are public, representatives' votes are public?
or B. individuals' votes are hidden, representatives' votes are public?
"
What are you choice here?
ketty
ketty wrote:
> On 10/16/06, Gordan Ponjavic <gpon...@gmail.com> wrote:
>
> > So, the question is can virtual identity be part of TOP organisation?
> > OK. I agree that it can. Though, if that part is not problem to its
> > power base, than it is not problem to me neither.
>
>
> Took some time for us to understand eachother, but it looks like we are
> agreeing. Yay! :)
Welcome, Ketty! :)
I'm still confused upon what you are agreeing on?:
Orginal question from
Ketty:
"A. individuals' votes are public, representatives' votes are public?
or B. individuals' votes are hidden, representatives' votes are public?
"
What are you choice here?
Actually, i don't have a strong position on this yet. I think i need to think a lot about it first.. What are your choice? Is it B (as that seems to be the position of AD) ?
What me and Gordan where agreeing on was that representatives could be virtual identities. There is no need for them to be tied to a birth certificate - they could just as well be tied to a public gpg-key or similar. It is up to the potential people delegating their votes to decide what identification to trust.
MG
> Ketty:
> "A. individuals' votes are public, representatives' votes are public?
> or B. individuals' votes are hidden, representatives' votes are public?
> "
> What are you choice here?
>Actually, i don't have a strong position on this yet. I think i need to
think a lot about it first.. What are your choice? Is it B (as that
seems to
be the position of AD) ?
What me and Gordan where agreeing on was that representatives could be
virtual identities. There is no need for them to be tied to a birth
certificate - they could just as well be tied to a public gpg-key or
similar. It is up to the potential people delegating their votes to
decide
what identification to trust.
-OK, but indentification is one thing, the principle of publicity of
the votes something else.
I would consider B, with the addition that a representative (AD
delegate) can be a person or an organization.
In any case, all delegates have to be clearly identified as well as all
direct voters by the system in order to have a clear electors list (who
have the rigth to cast a vote).
But as discussed above, there is no need to have a direct voters votes
or delegations public, in contrast to delegates whos votes are really a
result of 1. how many delegated votes they have, 2. an intellectual
work by analyzing facts and coming to a conclusion.
So what's needed is that every direct-voter has an crypted account,
only accessible by himself, (not even an admin) where he can see all
votes and delegations he made and can make.
Only the anonymous account will then be part of the electors list.
For control reasons, the voter shall be able to see if his/her vote
really is part of the vote counting and shall have the possibility to
complain if this would not be the case.
Votecounting shall take place conquently on an unlimited number of
independent servers, all running the same certified software.
If any server reports different results in a vote it is easy to
identify the reason.
And a delegate will only see how many delegated votes he have, not
whos.
I personally think that a personal vote from a delegate should be
secret, just as it is today for traditional reps in the elections for
parliaments.
In the case of an organization working as a delegate, there is ofcourse
no personal vote..
echarp
> only accessible by himself, (not even an admin) where he can see all
> votes and delegations he made and can make.
Wouldn't it be easier to have all votes and delegations public, but the
relationship between a pseudo and the real life person private?
No need anymore to have an encrypted account.
> Only the anonymous account will then be part of the electors list.
> For control reasons, the voter shall be able to see if his/her vote
> really is part of the vote counting and shall have the possibility to
> complain if this would not be the case.
This trail is important for all actions.
> Votecounting shall take place conquently on an unlimited number of
> independent servers, all running the same certified software.
> If any server reports different results in a vote it is easy to
> identify the reason.
It might be interesting to have independent servers with *different*
software. Alike planes or rockets which are controlled by different
computers, to get _some_ independence from bugs and other weaknesses.
echarp - http://leparlement.org
MG
> only accessible by himself, (not even an admin) where he can see all
> votes and delegations he made and can make.
>Wouldn't it be easier to have all votes and delegations public, but the
relationship between a pseudo and the real life person private?
No need anymore to have an encrypted account.
-No, because then mapping of individuals might occur, in order to
figure out who's behind an encrypted account.
And I don't se why it would be easier.
In fact also each different vote from one account should also be
crypted with a second key only known by the voter himself.
These functions are easy to fix nowadays.
>> Votecounting shall take place conquently on an unlimited number of
> independent servers, all running the same certified software.
> If any server reports different results in a vote it is easy to
> identify the reason.
>It might be interesting to have independent servers with *different*
software. Alike planes or rockets which are controlled by different
computers, to get _some_ independence from bugs and other weaknesses.
-Well, AD envison very strict rules for upgrading and testing the
software to be used.
This software should be downloadable for any interested in running his
own vote counting server in order to check and/or find flaws in it.
For instance could a newspaper or sceptic of any kind run his own
server in order to find any errors in the soft and report it.
In order to maintain high credability for the system it is important to
also allways have full control in what soft is used and it should not
be frequent upgrades once a stable version is found.
But for development use, ofcourse, some servers could be running an
upgrade for sake of bug finding (beta-testing) before it is considered
safe and working.
Gordan Ponjavic
echarp wrote:
> > So what's needed is that every direct-voter has an crypted account,
> > only accessible by himself, (not even an admin) where he can see all
> > votes and delegations he made and can make.
>
> Wouldn't it be easier to have all votes and delegations public, but the
> relationship between a pseudo and the real life person private?
>
> No need anymore to have an encrypted account.
So, if we imagine some community that goes this way, than we have to
understand there is some commonly trusted body which states that
someones virtual entity present rl person in that community. That
commonly trusted body is by default non TOP. If people agree to that,
than I have to acklaim that either.
Even though, I do actually see no need for this body in political
projections I can notice.
ATB,
Gale
echarp
> > > only accessible by himself, (not even an admin) where he can see all
> > > votes and delegations he made and can make.
> >
> > Wouldn't it be easier to have all votes and delegations public, but the
> > relationship between a pseudo and the real life person private?
> >
> > No need anymore to have an encrypted account.
>
> So, if we imagine some community that goes this way, than we have to
> understand there is some commonly trusted body which states that
> someones virtual entity present rl person in that community.
There does not need to be only *one*. There can be as many as users
want. And each user can choose which one he wants to go through.
It's a third party trustee.
> That commonly trusted body is by default non TOP. If people agree to
> that, than I have to acklaim that either.
It would seem non transparent, yes.
echarp - http://leparlement.org
Gordan Ponjavic
acknowledgment of its participators.
Yes?
echarp
> acknowledgment of its participators.
> Yes?
Not at all.
- on the EL write yourself as anonymous and going through trustee T
- with a token from EL (to authenticate yourself) go to trustee T
- with a token from T go to EL in order to obtain a pseudo
El => trustee T => EL
The point is to remove the link between a real life person and its
pseudo.
The token could probably be replaced with the use of a PGP key.
echarp - http://leparlement.org/top-politics
Gordan Ponjavic
identities if these trusties do not share the base?
ATB,
Gale
echarp
> How can you prevent me from going to 5 trustees, caring 5 different
> identities if these trusties do not share the base?
The tokens are there for this reason.
echarp - http://leparlement.org
Gordan Ponjavic
than everything is fine.
ATB,
Gale
ketty
On Fri, Oct 20, 2006 at 06:41:17AM -0700, Gordan Ponjavic wrote:
> How can you prevent me from going to 5 trustees, caring 5 different
> identities if these trusties do not share the base?
The tokens are there for this reason.
So the real mapping is between individuals and tokens, and that mapping is public (because anyone can be a trustee?). And the mappings done by each trustee is completely hidden? How can i be sure no cheating is going on with the hidden mappings?
echarp
You are on the boat called EL. You have a nice seat which allows you to
participate.
You stand up, take a piece of paper which you put on your seat. On that
piece of paper you write the name of a boat T onto which you are going
to move.
You move to boat T, change your physical appearance.
You move back to boat EL, but at another seat.
In such a setting, it's rather easy for the EL captain to make sure you
don't move to 5 other anonymising boats.
echarp
> > > identities if these trusties do not share the base?
> >
> > The tokens are there for this reason.
>
> So the real mapping is between individuals and tokens, and that mapping is
> public (because anyone can be a trustee?). And the mappings done by each
> trustee is completely hidden? How can i be sure no cheating is going on with
> the hidden mappings?
*You* choose the trustee.
There can be any number of them.
*You* can be a trustee.
Of course it would be silly to have a trustee which only manages one
pseudonym :)
Oh, a trustee could be a physical voting station, with a physical ballot
and all that.
ketty
*You* choose the trustee.
There can be any number of them.
*You* can be a trustee.
How, to verify that the final id given by a trustee does in fact correspond to an orginal token? (Since the final mapping is secret..)
echarp
> > > So what's needed is that every direct-voter has an crypted
> > > account, only accessible by himself, (not even an admin) where he
> > > can see all votes and delegations he made and can make.
>
> > Wouldn't it be easier to have all votes and delegations public, but the
> > relationship between a pseudo and the real life person private?
> > No need anymore to have an encrypted account.
>
> -No, because then mapping of individuals might occur, in order to
> figure out who's behind an encrypted account.
What mapping do you have in mind?
How would that be different to my proposition.
Let me try to summarize:
* real life person is public, many secret actions
* real life person is secret, many public actions
> And I don't se why it would be easier.
In the first case, there are many secrets for one person. In the second
there is only one secret per person. This is why I consider it simpler.
Plus it allows to develop an online persona with a history and a
reputation.
> > > Votecounting shall take place conquently on an unlimited number of
> > > independent servers, all running the same certified software.
> > > If any server reports different results in a vote it is easy to
> > > identify the reason.
> >
> > It might be interesting to have independent servers with *different*
> > software. Alike planes or rockets which are controlled by different
> > computers, to get _some_ independence from bugs and other weaknesses.
>
> -Well, AD envison very strict rules for upgrading and testing the
> software to be used.
Strict rules will make the whole system brittle.
What is important is not that everything works along the same tune, but
that results are verifiable. It's a much lower target isn't it? And it
should be obtainable through different technologies.
> This software should be downloadable for any interested in running his
> own vote counting server in order to check and/or find flaws in it.
> For instance could a newspaper or sceptic of any kind run his own
> server in order to find any errors in the soft and report it.
> In order to maintain high credability for the system it is important to
> also allways have full control in what soft is used and it should not
> be frequent upgrades once a stable version is found.
> But for development use, ofcourse, some servers could be running an
> upgrade for sake of bug finding (beta-testing) before it is considered
> safe and working.
I'm using mails as my transmission protocol. I'm very low tech that way :)
With mails, anybody could verify the votes using a pen and paper (of
course, it might get tedious).
echarp - http://leparlement.org/fr
echarp
> >
> > There can be any number of them.
> >
> > *You* can be a trustee.
>
> How, to verify that the final id given by a trustee does in fact correspond to
> an orginal token? (Since the final mapping is secret..)
Who wants to verify that?
The EL manager will see some people marked as anonymous and using some
trustees. The only important thing for him is that the number of people
coming back from those trustees is equal or inferior to those who left.
Individual participants should trust the trustee enough to choose it. If
they don't, they can set up their own.
In case of large troubles, I don't know, let's say 10% of one trustee's
users are complaining, the EL manager could decide to reset everything
coming from it. Easy.
An individual user, which can authenticate for his real persona and his
pseudo, could decide to complain and to reset just those 2. Of course
then he will have to trust the EL admin because the relationship will be
known to him.
echarp - http://leparlement.org
ketty
Let me try to summarize:
* real life person is public, many secret actions
* real life person is secret, many public actions
> And I don't se why it would be easier.
In the first case, there are many secrets for one person. In the second
there is only one secret per person. This is why I consider it simpler.
Plus it allows to develop an online persona with a history and a
reputation.
I agree with this.
And i also agree that using only one software, even if the source of the software is public and tested by many, is a bad idea. Some bugs will not be found untill the have made their share of harm. The best way to protect against bugs is to simultanly use independent software.
ketty
Who wants to verify that?
I first thought that a trustee might give him/her-self several votes. But considering that the number of tokens going in and ids going out of the trustees is visible, i am not sure it is a real consern...
echarp
echarp
I think there is still a valid attack there. But the user will notice it
real quick, and it will be reported (he will notice it due to the fact
that his pseudo won't work).
Then it's all matters of reputation.
MG
shall be an option for individual voters.
I'll start a new thread about that.
Regarding different soft, sure, nothing stops the paralell use of
different versions in order to find bugs and security issues.
But one and only one will have to be the official when this system is
in production.
There should be a very trusted board, with immediate recall,
responsible as admins for this system.
echarp
> different versions in order to find bugs and security issues.
> But one and only one will have to be the official when this system is
> in production.
Planes and rockets use different softwares and technologies.
Why not also do the same with voting systems? Is that such a weird idea?
> There should be a very trusted board, with immediate recall,
> responsible as admins for this system.
That board is a single point of failure. Brittle.
Better to let all interested parties in the system, like it's already
the case in most elections where you have many boards with many
participants.
echarp - http://leparlement.org/security
MG
I'm not against different initiatives and developments.
I'm only saying that for every given vote casting, there shall be one
and only one soft counting and handling all votes casting.
This is obvous need for having trust in the democratical process.
Just as we today have only one way of haveing our votes in elections
counted, by a predetermined group of people handling the ballot boxes
etc etc.
The board I'm talking about is the only way to control that this is the
case.
It would be the parallell to todays voting authorities.
ketty
I'm only saying that for every given vote casting, there shall be one
and only one soft counting and handling all votes casting.
This is obvous need for having trust in the democratical process.
Just as we today have only one way of haveing our votes in elections
counted, by a predetermined group of people handling the ballot boxes
etc etc.
This is a trust by ignorance. You say different soft counting all comming to the same result will make people belive there is something fishy going on?! And in the case of different results, won't it make people aware of the danger of putting to much trust in soft counting systems?
Serge
else? Not to mention linking one's public statements to their actual
vote doesn't seem possible anymore in this setup (goodbye
transparency).
Most agree that having someone's real ID being linked to their voting
record and posts etc would be a real danger to the openness of any
debate. If everyone first weighs their contribution on the scale of how
much trouble they can land themselves in, you can kiss whistleblowers
and advocates of controversial causes goodbye. Which would be a
terrible thing for any meaningful democratic debate to happen.
The only apparent alternative to secret voting imo is moving the
secrecy onto one's real ID. Going to full anonymity brings right back
the problem of having a trail for trust-building so the logical
solution would be in my opinion a unique and authenticated online ID.
This way there is a clear trail of votes and opinions for everyone,
which actually allows one to choose and change delegates - this is not
possible with secret voting if we are talking of large scale system, in
which it is assumed a large majority of participants will have the
votes of others delegated to them for some issues so that saying that
delegates' records have to be public and not voters is saying that
maybe 20% of all voters might enjoy a measure of anonymity (and these
20% will be the ones probably delegating everything and participate
very little in the debates in the first place).
This seems far simpler and actually is transparent (which anonymity is
not - by definition it's a cloak). Also this discussion has been active
in 3 threads (among which leparlement and security) so apologies if
I've repeated some previously stated things.
Serge
Serge
Well I assume we will be able to enrich the wiki with the consensus we
are making way to reach on identity and voting. Otherwise yes of course
please contribute to putting your ideas on the desired requirements of
a system on the wiki (have a look at AD's system requirements document
for prospective - it's posted on the wiki).
Otherwise not quite sure what you meant by "this process of consensus
building". If you meant this discussion about identity and voting?
Discussion and debate.
Serge
Gordan Ponjavic
An issue about secret voting is not in my sphere of interests as long
as I have some honest belief in TOP that it will go fine without need
for "compromises" that deny its essence.
ATB,
Gale
MG
> Content-Type: text/html; charset=UTF-8
> X-Google-AttachSize: 988
>
> <br><div><span class="gmail_quote">On 10/23/06, <b class="gmail_sendername">MG</b> <<a href="mailto:magn...@gmail.com">magn...@gmail.com</a>> wrote:</span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
> I'm only saying that for every given vote casting, there shall be one<br>and only one soft counting and handling all votes casting.<br>This is obvous need for having trust in the democratical process.<br>Just as we today have only one way of haveing our votes in elections
> <br>counted, by a predetermined group of people handling the ballot boxes<br>etc etc.</blockquote><div><br>This is a trust by ignorance. You say different soft counting all comming to the same result will make people belive there is something fishy going on?! And in the case of different results, won't it make people aware of the danger of putting to much trust in soft counting systems?
> <br></div><br></div><br>
>
> ------=_Part_91397_29187093.1161563343521--
Well,you are a programmer...
My mind goes to the average citizen.
If we told them, hey, we will count your votes now and maybe we all
will come to the same result, otherwise we will agree later on which
result is the correct one.
Or we will launch a new vote if things seems too messy...
What trust do you think this will bring to media and public?
Instead, IF there will be any faults reported and IF this shows up to
be due to a faulty software or other computer related error. The resons
will be investigated thoroughly (by the committe and ofcourse by
everyone willing to contribute) and the error will be corrected in a
new certified version. Then I think trust can be built in the long term.
echarp
Maybe. But I think I do understand your point. Just I disagree with it.
> I'm not against different initiatives and developments.
Cool.
> I'm only saying that for every given vote casting, there shall be one
> and only one soft counting and handling all votes casting.
And I'm comparing it with planes and rockets, where there are *multiple*
softwares.
Do you see my point?
> This is obvous need for having trust in the democratical process.
Trust should be obtained through verifiability, transparency.
You have a database of votes, which can be replicated quite easily. You
let everybody obtain it, you let everybody count.
Wouldn't that be much better to obtain trust? Isn't verifying everything
by yourself much better than having a central organism whom you'll have
to trust?
> Just as we today have only one way of haveing our votes in elections
> counted, by a predetermined group of people handling the ballot boxes
> etc etc.
The group is not predetermined (in France anyway). There is generally
one way to count, but I'm not sure there could not be others. I could
try proposing it next time I do the counting.
The trouble with physical votes, is that you can't copy it and process
it multiple times in parallel.
But using internet you can.
> The board I'm talking about is the only way to control that this is the
> case.
This screams of "single point of failures". In engineering, you want to
remove them.
echarp - http://leparlement.org
echarp
> else?
It *is* an added complexity and a security risk. Which is why it is up
to each participant to choose *his* trustee or just to remain public.
Tokens are just one way to manage the technicality of it. What is
important if the handshake between an electoral list and a trustee.
And again, an anonymous pseudo is just an option.
> Not to mention linking one's public statements to their actual vote
> doesn't seem possible anymore in this setup (goodbye transparency).
This is the choice of each electoral list manager _and_ each
participant.
No obligation there.
> Most agree that having someone's real ID being linked to their voting
> record and posts etc would be a real danger to the openness of any
> debate. If everyone first weighs their contribution on the scale of how
> much trouble they can land themselves in, you can kiss whistleblowers
> and advocates of controversial causes goodbye. Which would be a
> terrible thing for any meaningful democratic debate to happen.
Very valid argument.
> The only apparent alternative to secret voting imo is moving the
> secrecy onto one's real ID. Going to full anonymity brings right back
> the problem of having a trail for trust-building so the logical
> solution would be in my opinion a unique and authenticated online ID.
+1
> This way there is a clear trail of votes and opinions for everyone,
> which actually allows one to choose and change delegates - this is not
> possible with secret voting if we are talking of large scale system, in
> which it is assumed a large majority of participants will have the
> votes of others delegated to them for some issues so that saying that
> delegates' records have to be public and not voters is saying that
> maybe 20% of all voters might enjoy a measure of anonymity (and these
> 20% will be the ones probably delegating everything and participate
> very little in the debates in the first place).
>
> This seems far simpler and actually is transparent (which anonymity is
> not - by definition it's a cloak).
I fear it is still a kind of opacity: the relationship between an
identity and a persona _is_ hidden.
But is it so different to the authentication mechanism used? You know,
the login and password most online systems will require of you. Or even
the private PGP key you can use to sign your actions.
> Also this discussion has been active in 3 threads (among which
> leparlement and security) so apologies if I've repeated some
> previously stated things.
No problem for me. You want to continue on http://leparlement.org/security ? ;)
echarp
MG
softwares.
Do you see my point?
-Well, no. In a 747 there is one and only one soft controlling the
right rudder of the wing as response to the signals from cockpit.
If there where several and one where coming to a different conclusion,
a light might go on in cockpit.
But still there should be only one soft doing the job until the pilot
says otherwise. (Written by a non-avation engineer..)
>You have a database of votes, which can be replicated quite easily. You
let everybody obtain it, you let everybody count.
Wouldn't that be much better to obtain trust? Isn't verifying
everything
by yourself much better than having a central organism whom you'll have
to trust?
-Sure, but still only one as regarded the choosen one. The others might
show errors in number one which will improve for next time or restart a
new vote.
The alternative you are suggesting, that we rely on mr Johns new fancy
soft, coming to a new "obvious" result is not to build trust for
internet democracy.
>The group is not predetermined (in France anyway). There is generally
one way to count, but I'm not sure there could not be others. I could
try proposing it next time I do the counting.
-The group can be choosen out of people of the street or whatever, but
their voting algortihm + method of counting will have to be
predetermined. =Parallell servers running ONE soft, not many
If there where money enogh, there could be other groups conting
differently and applying other algos but that would have been for
comparison and verification, not for legal purpose.
>> The board I'm talking about is the only way to control that this is the
case.
>This screams of "single point of failures". In engineering, you want to
remove them.
-Well, what you are suggesting seems like wild west in comparison..
Who will judge which soft that counted correctly this very time?
A new vote about that or??
There must be someone in charge for the pratical of running
votes/elections just as for the rudder controls in a plane, this is
basic and not an invention of mine.
Serge
Public voting records allow replicability of voting results in a simple
format which in turn allows everyone to verify the vote count for
themselves (and that their vote is what they did cast and hasn't been
altered)... This is simpe, straightforward and embodies the ideal of
Transparent, Open and Public. Echarp I agree wholeheartedly with your
approach.
Best regards,
Serge
Serge
I think your disagreement (echard and Magnus) stems from the voting
methods you advocate so that in essence I believe your arguments
actually complement each other. In the case of AD's continous voting
approach, there is a need for a much more specific piece of soft to be
integrated in the system as it determines the closing of a vote
dynamically. This need for integration and crosstalk is absent from
echarp's approach as he is thinking of vote verification after the fact
(if I am understanding both your arguments correctly), which indeed
could be done with something as simple as an excel spreadsheet
populated with the voting results.
One could imagine that different counting pieces of code could be
certified by delegates handling voting methods in the system
(trustworthiness solved, Magnus?) and used in parallel so as to ensure
that should one counting system fail or be compromised, other systems
may show the discrepancy and raise a red flag (satisfying mode of
operation, echarp?). This way you would have the certification needed
for results to be trustworthy while enjoying the added security of
having several counting options, discrepancies in which would be a
reasonnable basis for investigation into a possible manipulation or
irregularity.
Best regards,
Serge
Abd ul-Rahman Lomax
> > There should be a very trusted board, with immediate recall,
> > responsible as admins for this system.
>
>That board is a single point of failure. Brittle.
If what you are building is a power structure, as distinct from a
corruption-immune system like FA/DP -- which maintains its relative
immunity by leaving nearly all power at the member level -- then you
will almost certainly need a board, and officers. Yes, this is a
possible failure point, no doubt about that, but the problems with
boards happen when the members are not actively involved and there is
no means for a member recognizing the problem to effectively and
efficiently communicate with the rest of the members, the board can block it.
This is why I propose FA/DP as a communications structure, and
non-FAs, perhaps with DP structure, in power structures. And that
"power structure" might quite well elect and have the power of recall
over a board. Which then hires and has the power of firing employees.
Officers are employees.
It's the corporate model, folks, been going for hundreds of years.
Where it goes astray is where there are large numbers of uninvolved
and uninformed shareholders, because the structure was designed for
relatively small numbers of investors. And, you will note, it
incorporates proxy voting. Because those investors would not have
accepted less!
Delegable proxy is just an extension and not even a totally necessary
one, as far as the actual power structure is concerned. If you have
an FA/DP superstructure, the FA/DP proxy can recommend an appropriate
legal proxy to the member. And that can be a standing appointment,
revocable at any time. This is what a proxy is!
So it could be pretty safe, even with a board holding the immediate
reins of power.
*As long as they cannot control communication and analysis among the members!*
echarp
> > *multiple* softwares.
> >
> > Do you see my point?
>
> right rudder of the wing as response to the signals from cockpit.
Redundancy.
Modern aircrafts which rely on a software controller ensure that not one
software fault will bring down the whole thing.
http://en.wikipedia.org/wiki/Aircraft_flight_control_systems :
> Therefore virtually all fly-by-wire systems are triply or quadruply
> redundant: they have three or four computers in parallel, and three or
> four separate wires to each control surface. If one or two computers
> crash, the others continue working. In addition most early digital
> fly-by-wire aircraft also had an analog electric, mechanical or
> hydraulic backup control system.
Do you _now_ see my point?
> The alternative you are suggesting, that we rely on mr Johns new fancy
> soft, coming to a new "obvious" result is not to build trust for
> internet democracy.
Who is to *rely* on mr Johns? The point is *not* to rely on _one_ element.
> > > The board I'm talking about is the only way to control that this
> > > is the case.
> >
> > This screams of "single point of failures". In engineering, you
> > want to remove them.
>
> Well, what you are suggesting seems like wild west in comparison..
It is not the wild west, but good old engineering practices.
Redundancy. Verifiability.
> Who will judge which soft that counted correctly this very time?
"consensus":http://en.wikipedia.org/wiki/Consensus
You don't judge, you go see the person reporting a different result and
try to come to an agreement.
There are different steps for that.
Is the votes database the same?
How are votes deciphered?
What request is used to calculate the result?
If our current voting procedure allow every party to participate and
come to a consensus, why not do that again but using software and
internet?
> There must be someone in charge for the pratical of running
> votes/elections just as for the rudder controls in a plane, this is
> basic and not an invention of mine.
The _demo_ is in charge! ;-)
echarp - http://leparlement.org/security
MG
software fault will bring down the whole thing.
http://en.wikipedia.org/wiki/Aircraft_flight_control_systems :
> Therefore virtually all fly-by-wire systems are triply or quadruply
> redundant: they have three or four computers in parallel, and three or
> four separate wires to each control surface. If one or two computers
> crash, the others continue working. In addition most early digital
> fly-by-wire aircraft also had an analog electric, mechanical or
> hydraulic backup control system.
Do you _now_ see my point?
-Well, OK, forgot that there is so much redundance in a plane.., but,
Boeing would newer sell a plane without testing and certifying all
these redundant programs.This is my point, Boeing acts here as a
trusted board sorting out different redundant.
They don't leave software development to opensource community and just
bring them in as another redundance improver.
>You don't judge, you go see the person reporting a different result and
try to come to an agreement.
-I'm fine with that and such parallell running can be used.
But. for legal resons we cannot see this as test environment once using
it for making laws etc.
In that stage there must be a core soft with as little bugs as
possible.
All problems with it and better solutions found by competing soft shall
ofcourse be reported and afterwards corrected/improved.
But until a fix/improvemnet is fully tested and found OK, the old soft
must be the case.
And there must be somebody in charge for this process, just as in
Boeing.
Otherwise no one will sit down at takeoff anymore..
MG
With TOP applied on this board, no risk for corruption and misleading
of the users, the people.
ketty
-I'm fine with that and such parallell running can be used.
But. for legal resons we cannot see this as test environment once using
it for making laws etc.
In that stage there must be a core soft with as little bugs as
possible.
You seem to assume the bugs of a groups of parallel softwares is all bugs existing in any of the softwares. But infact the bugs of the group is only the ones existing in _all_ softwares. Do you see why it makes total sence to use not one but a group of parallel software for a prodution environment (making laws)?
MG
important vote?
And who will handle it?
ketty
echarp
> > just bring them in as another redundance improver.
There are plenty of ways to make software. But, for verifiability there
is no need for a complex and complete thing, as serge stated, a
spreadsheet should do the trick.
> > I'm fine with that and such parallell running can be used.
> > But. for legal resons we cannot see this as test environment once using
> > it for making laws etc.
We already use a decentralized and consensual system (polling stations).
Where would the laws conflict with how the laws are made?
The entity responsible for votes, in a democracy, is the demos... Isn't
that quite logical? :-)
> > In that stage there must be a core soft with as little bugs as
> > possible.
>
> You seem to assume the bugs of a groups of parallel softwares is all bugs
> existing in any of the softwares. But infact the bugs of the group is only the
> ones existing in _all_ softwares. Do you see why it makes total sence to use
> not one but a group of parallel software for a prodution environment (making
> laws)?
+1
echarp - http://leparlement.org/security
echarp
Or try to come to a consensus.
As already happens in all voting offices.
echarp - http://leparlement.org/security
echarp
> I think your disagreement (echard and Magnus) stems from the voting
> methods you advocate so that in essence I believe your arguments
> actually complement each other.
Hopefully.
> In the case of AD's continous voting approach, there is a need for a
> much more specific piece of soft to be integrated in the system as it
> determines the closing of a vote dynamically.
I also advocate continuous voting. But then I don't consider that votes
need to be closed.
> This need for integration and crosstalk is absent from echarp's
> approach as he is thinking of vote verification after the fact (if I
> am understanding both your arguments correctly), which indeed could be
> done with something as simple as an excel spreadsheet populated with
> the voting results.
+1
"After" is verifiability. But it can and should occur at all time, in
real time.
With luck every voter could be able to look up the results on different
nodes, and see if his personal votes are correctly accounted for.
> One could imagine that different counting pieces of code could be
> certified by delegates handling voting methods in the system
> (trustworthiness solved, Magnus?) and used in parallel so as to ensure
> that should one counting system fail or be compromised, other systems
> may show the discrepancy and raise a red flag (satisfying mode of
> operation, echarp?).
The mode of operation... I don't have anything precise in mind. The
point is just to have as many verification nodes as possible, then a
consensus to define the result.
If that was to work properly, that system would organise in real time
and wouldn't need anything formal.
> This way you would have the certification needed for results to be
> trustworthy while enjoying the added security of having several
> counting options, discrepancies in which would be a reasonnable basis
> for investigation into a possible manipulation or irregularity.
Investigation of course, and deliberation, conviction. Using computers
and the simplest procedures possible, it should be possible to quickly
determine what went wrong and how to correct it.
> Best regards,
>
> Serge
Sincèrement
echarp - http://leparlement.org/security
MG
-See?
>Or try to come to a consensus.
As already happens in all voting offices.
-Is it? And what even if so, if we call a discussion of a badly written
or torn ballot a "software problem", isn't the people in that voting
office a trusted board?
MG
Ofcourse!
MG
understand there is some commonly trusted body which states that
someones virtual entity present rl person in that community. That
commonly trusted body is by default non TOP. If people agree to that,
than I have to acklaim that either.
-No, It's only a thing between you and the computer(s). This secret
connection can be a pair of keys, only known by you, not by a board or
something.
But for all non-delegates, I think secret connections between the cast
ballots and the personal account is enough.
I only see need for VID when a delegate want the option of voting
differently than as delegate, maybe when the delegation is not only one
person but a party or Greenpeace or so. Teh VId would be used for the
delegating vote casting, and the personal for personal vote casting.
echarp
> corruption-immune system like FA/DP -- which maintains its relative
> immunity by leaving nearly all power at the member level -- then you
> will almost certainly need a board, and officers. Yes, this is a
> possible failure point, no doubt about that, but the problems with
> boards happen when the members are not actively involved and there is
> no means for a member recognizing the problem to effectively and
> efficiently communicate with the rest of the members, the board can block it.
Basically, we don't know what happens after democratic decisions are
taken. Board, government, administrators, commission.
It is open to all possibilities.
But, during the vote, any single point of failure ought to be removed to
strengthen the whole thing. Consensus is the tool of choice to agree on
what the expressed decisions are (as is currently the case).
echarp - http://leparlement.org
MG
taken. Board, government, administrators, commission.
It is open to all possibilities.
But, during the vote, any single point of failure ought to be removed
to
strengthen the whole thing. Consensus is the tool of choice to agree on
what the expressed decisions are (as is currently the case).
-Just like to add that what possibilities and rights a bord should have
ofcourse have to very clearly specified and it shall only be more or
less technical issues about the voting process in relation to the
design intent, nothing more.
So his has to be written clearly in a regulation document, otherwise
this board soon enough will contain old politicians seeing a way of
preserving their own power instead of acting simple clerks, working
more as servants to the voters.
echarp
>
Of course you _could_, but it is bad engineering.
> > Or try to come to a consensus.
> >
> > As already happens in all voting offices.
>
> Is it? And what even if so, if we call a discussion of a badly written
> or torn ballot a "software problem", isn't the people in that voting
> office a trusted board?
They are not a trusted board.
They are all willing people and parties. They reach a consensus.
echarp - http://leparlement.org
echarp
> > removed to strengthen the whole thing. Consensus is the tool of
> > choice to agree on what the expressed decisions are (as is currently
> > the case).
>
> ofcourse have to very clearly specified and it shall only be more or
> less technical issues about the voting process in relation to the
> design intent, nothing more.
The voting system has to be defined for the voters to cast their vote.
Anybody willing should be able to follow that through and, with the
votes database, be able to come to the correct results.
The voting procedure should be defined... democratically! ;)
> So his has to be written clearly in a regulation document, otherwise
> this board soon enough will contain old politicians seeing a way of
> preserving their own power instead of acting simple clerks, working
> more as servants to the voters.
Coming to a consensus is a matter of technicality. Otherwise it is open
to all sorts of other matters.
That consensus should become a widespread habit, where many will check
all results, and media would report their own. Then it's a matter of
reputation and outcomes.
echarp - http://leparlement.org/fr