“Provably fair” elections

When I read this article on BitZino (go ahead and take a look, I’ll wait…) I couldn’t help thinking about elections.

It does seem like it would be pretty easy for an online casino to rig the games. This is a really awesome use of technology to prove that something is fair (even if I think gambling is stupid; I try to stay out of games that are stacked against me).

So if we can do this for card games, why not elections?

Note: everything I thought about here came up in a night’s sleep-deprived insomniac musings. I know some people a lot smarter than I have been thinking about this for a lot longer. I didn’t consult their writings at this time.

Thought about in the abstract, a hash function is a way to destroy some information, while keeping a fingerprint so that the original information can be verified with high credibility later. It’s really interesting some of the uses this technology has; BitCoin and BitZino are just the latest examples.

So, how might we use this to prove that elections are fair? Well, to begin with, let’s start with the problem of knowing that your vote was counted (as opposed to being locked up in a back room, misread, altered, etc. when the count is made). Suppose that when you voted, you received a hash based on your choices, plus your name and address, plus a salt for anonymity. Then all poll results are published, but each ballot is only identified by a hash. Anyone can validate that the sums add up. You can easily check for your hash to see that your choices were included correctly. Bam, you know your vote was counted. You could even run a program (open source, of course, for verifiability) that would compute your hash independently, given your votes + information + salt. And then submit that result online as your vote.

There are a few problems with this.

First, what if someone wants to coerce you to vote a particular way? They can now demand that you show them the hash of your vote to prove that you voted the way they wanted, and check that it was actually included in the results. So coercion is enabled. I can’t think of a good way around this, as the goals seem contradictory: you want to be able to track your ballot after casting it, but you don’t want anyone else be able to know what is on your ballot. However, as I said, a hash destroys information while enabling verification of it. I think this just requires more cleverness. BitZino apparently has a plan for provably fair group poker, which strikes me as having a similar complication. The players do not want other players to know what cards they received in what order, as it would reveal too much about their strategy; poker players are notorious for concealing everything possible from each other. I am very curious to find out how this will work, and I bet it will be applicable to the elections problem.

Second, how do you know no one is stuffing the ballot box? I.e. voting in the name of people who didn’t actually vote, or casting additional ballots in your name even if you did vote, or just ballots for fictional voters? These are actually several variations on the problem, and each might require a different measure. For example, perhaps each precinct has a running hash of all results so far. As each person votes, their identification is added to the previous hash and hashed to a new value, and each takes home a copy of the value before and after. The entire chain is published (voting records are public now, aren’t they?) This way, anyone can validate their inclusion in the precinct voting and the inclusion of all the other voters, so we would at least know how many votes were cast in the precinct and who voted, and each link in the chain could further validate their records. If the number of ballots didn’t match the number of names, it would indicate a problem. This is far from perfect, but it’s a lot more accountability than we have now and I bet someone can do better.

I suspect the real impediments are not technical. The first problem is that no one but compsci/infosci majors are going to understand this hashing business. The second is, what do we do with disputes? I.e. I go home and check my hashes and votes against the official ballots, and it’s either not there or not what I voted – how do I complain, and how seriously is it taken (vs. telling me I just must have marked by mistake, forgot what I chose, etc.)? What if 10,000 people show up with the same complaint? These are people problems.

Maybe a more thorough solution looks more like BitCoin’s blockchain, with public history and public validation from multiple sources, if imperfect anonymity. Not sure.

So, maybe it’s a lot more complex than online poker. Still, it seems like a promising path to me. Perhaps when the USA inevitably collapses, what rises from the ashes will incorporate provably fair voting.


One Response

  1. Just want to shout out and commend you on your post and how realistic you are taking this, I’m actually working on a project for fair voting so this is going hand in hand with where I’ve studied. It says you are a programmer and you have been in the tech industry for awhile, are you able to take on a small start up project with fair compensation?

    The problems that you account for in “stuffing the ballots” solution is to pre-validate users at a higher ratio then people actually vote. For example: if George wants to vote he must validate Steven and Sally, eventually people won’t be able to validate people so they cannot vote, then this forces them to hunt for people that haven’t voted yet. Kindof like the “Six degrees of separation” and “hot potato”. Everyone will eventually be pulled in from their friends and family’s.

    Now the biggest problem is can voting be “validated, anonymous, secure, and trusted”?

    validated – meaning being able to go back and check that your vote was counted, and a step further what other specfific people have voted.
    anonymous – this directly conflicts with validation because you must identify someone to their vaction.
    secure – can the votes be tamper proof? can a person vote for another? (anyone can pretend to be someone else) – using heartbeat, fingerprint, password, username identification number all memiced, face recognition, facetime (where you can validate in person with someone that takes a picture of you and a qr code from someone that is already validated – qr codes can only be used x amount of time after generation and uploaded to the server for validation).

    trusted – can people trust the system off of

    I have to say no, because in order to have true all information must be opened, if there is just a little doubt, then there is no way to have a trusted system. I wish anyone to prove me wrong on that point, because it goes directly against our demographic voting social conformity.

    Hash chains can only finalize a vaction (a series of votes toward one comparison, I.E.: dogs or cats? by 10 people). Once free choice and control interfere with the vaction it becomes invalidated, so it must be absolutely impossible for there to be a conflict in the voting hash chain, so voting should open up and allow change, once voting closes the chain is then generated and will become apart of history forever, this allows users to change votes until the end, but who decides the end? another vote to determine vote duration.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: