Loomio

How to vet potential software.

J Joum Public Seen by 88

We are an Australian Political Party and our software could be used to make decisions for our country. It is VERY important that the software is secure.

A number of people feel the web platform should be open source. Potential software providers must declare their position.

We need a platform that matches Australia's political structure. At the moment SOL is a Federal (all of Australia) political party. In Australia we also have State and Local government politicians, so would the potential platform be able to suit this situation?

In the Australian Federal Parliament we have 2 parliamentary groups. The Senate and The House of Representatives. This is where our initial interests lie. At the very least the platform must be able to meet these conditions.

J

Joum Thu 4 Sep 2014 7:25AM

I have written to a potential software provider and these were the questions I thought we should ask.

Another ideas? Thanks

OM

Oliver Minter Wed 10 Sep 2014 12:43AM

Good work Joum... I have nothing to add for the moment.

TO

Tom Oliveri Mon 15 Sep 2014 3:13PM

The software has already been written, its just needs to be modified, its bitcoin.

Its a verifiable ledger of transactions, each person will have x vote credits and they can deposit it into the account of the person/issue that they wish to vote for.
This absolutely MUST be a P2P system to ensure that the votes cannot be tampered with.

Obviously the current bitcoin system will need some tweaking and we will need to develop a web platform so that not everyone needs to install client software.

J

Joum Tue 16 Sep 2014 6:59AM

Thanks Tom. Looking forward to chatting with you.

DN

Daniel Nephin Tue 16 Dec 2014 5:08AM

@tomoliveri I respectfully disagree. bitcoin would be a good solution in a world where everyone was computer literate and understood security, but that is far from the reality.

You mention having web platforms (so that everyone doesn't run their own client), which means this is already inherently not P2P. You now some centralized nodes responsible for collecting "votes" from many people. The potential for fraud is huge. Would the average user really know if their client or web platform was compromised? I would guess not.

Not only that, but your ability to audit is greatly diminished (because accounts are tied to ids, not people). In the end you would need some centralized registry linking a bitcoin account to a citizen. Otherwise how do you know the votes are really unique, or not from an outside party?

Once you have a centralized registry you've once again lost all benefit of the distributed system. I think the primary reason bitcoin is not a good fit for voting is because it favours authentication over auditing. It's theoretically completely sure, as long as the users understand how it works.

I think an ideal system is actually the opposite. It doesn't have to be heavily distributed, it just has to be transparent and easy to audit. (open source is definitely a hard requirement)

In most traditional voting system, where a single anonymous ballot is cast, auditing is basically impossible. You don't have enough significant data (other than an approximate number of people per area, and a rough idea of which way they tend to vote).

Instead of these completely anonymous ballots, I would include demographic information (age, gender, occupation, area code, etc).

Instead of sending all of this data to a centralized location privately, each location publicly broadcasts the full data.

A centralized agent (or potentially multiple independent agents) can collect the data and not only count the results, but analyse it for fraud.

Citizens in a given area are also able to look at the data, and see if it matches their expectations for the neighbours and community.

I think this approach deals with the same problem (abuse of centralized authority), but in a very different way. Instead of (completely) removing the centralization, it removes most of the ability to abuse it. There is still some centralization (each area/community), but this is much easier to audit by the people in that community.

Use of hashes and block-chains could definitely be incorporated into this system, but I don't see them as sufficient on their own.