Kicking off a thread about what requirements we think we should have for a PSF voting system.

The first requirement I can think of comes from the PSF bylaws:

IANAL, but I read this as stating that we need to be able to verify if a particular voted or if they did not, and we need to be able to verify when they voted. I do not read in this a requirement that we know *what* they voted for, only who and when. I believe this is a hard requirement, since not only is it in the bylaws, but it's required to support another part of the bylaws:

Beyond that, the bylaws don't make any other requirements on what a voting system looks like. To get us started I'm going to throw out some things to try and get a discussion going.

I think that any system we have should not make it available to the general public who voted for what. I think that if it's public information who voted for what then people will feel pressured to vote for what's popular or what has support than for what they truly want to vote for. I also think that it will cause some people to be a target for others who didn't agree with the way they've voted.

I think that any system we have should make it possible for the general public to verify the results of the election given only public information.

I think that any system we have should make it easy for the board, working groups and committees to also utilize this system for any votes they need to hold as well if they so choose to do so.

I think we also need to define a threat model we want to operate under and how important particular attributes are to us. For instance, do we consider a malicous election administrator to be something we need to protect against? What about a malicious system administrator? If we're OK with a malicous system administrator being able to de-anonymize then we don't need any system that's particularly complicated. A fairly simple web application that just lets people vote and doesn't display who a particular vote is for (but still records it) is a simple thing that gets us all of the above, assuming trustworthy systems administrators. If we want to consider these people within the threat model then we'll need to look at more complicated systems that rely on the ability to use cryptography to ensure certain properties.

Defining a threat model is probably the first thing we should do really, because our threat model is going to dictate what kind of system we're looking at, whether a simple solution that uses ACL and the software to ensure the properties we want or a more complex solution that uses math and cryptography to ensure it.

--- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA These are the hard requirements I think we need for the PSF:

All this under the premisses that we have trustful election administrators. We've operated under this premisses ever since the PSF was founded, and don't think that a malicious admin is a threat model to consider.

Soft requirements (these are nice to have, but not essential):

Ideally, I would like to see the "emailing links to ballots" approach go away, since this is really a completely insecure method of distributing ballot information. Having to log in to a website is not a big deal and makes the process of voting much more reliable.

-- Marc-Andre Lemburg

I found the mailing list email finally :)

Working group: please see my charter request below.

On Fri, May 22, 2015 at 3:22 PM, Ewa Jodlowska <ewa at> wrote:

> Hi Ian and Laura, > > I was not sure which email address you went with for this mailing list so > I am emailing you individually. Please feel free to send my request on to > the mailing list. > > As a PSF working group, there needs to be a charter in place. At minimal, > we need to know how you will operate (make decisions, vote, etc), how you > will communicate, and who is so far part of the group. > > There is a template available here: > > > Once you have this complete, please send it to me so I can get the board > to acknowledge the working group.

-- Best regards, Ewa Jodlowska


informing those who won that they have.

ElectionsWorkgroupPlanning (last edited 2015-06-02 11:37:30 by LauraCreighton)

Unable to edit the page? See the FrontPage for instructions.