Schneier On Self-Enforcing Protocols

Hollow Being writes "In an essay posted to Threatpost, Bruce Schneier makes the argument that self-enforcing protocols are better suited to security and problem-solving. From the article: 'Self-enforcing protocols are safer than other types because participants don't gain an advantage from cheating. Modern voting systems are rife with the potential for cheating, but an open show of hands in a room — one that everyone in the room can count for himself — is self-enforcing. On the other hand, there's no secret ballot, late voters are potentially subjected to coercion, and it doesn't scale well to large elections. But there are mathematical election protocols that have self-enforcing properties, and some cryptographers have suggested their use in elections.'"

Re:Errrr, your suggestion is.....?

[Lord Ender]

Regular readers of his blog would be aware of such methods. He regularly discusses papers and theories regarding security systems, including the security of voting machines.

Re:Why?

[dk90406]

It was merely an analysis and introduction to self enforcing protocols - protocols that make cheating difficult. Bruce often writes such pieces on security related matters. As a security expert, he covers all aspects: IT, civil, banking, etc. of security and the psychological mechanisms behind the perception of security and risk.
He publishes the newsletter CRYPTO-GRAM once a month, that contain some good pieces. You can subscribe [schneier.com] if you wish.
And he is one of the few who, IMO, has the right take on the "security" upgrades done in the US / word after 9/11.

Yes, I admit it: I respect him, and have subscribed to the newsletter for years.

Re:Show of hands not self-enforcing

[maxwell demon]

More elaborate methods of letting people see your choice without seeing you could also be used.

You mean like, making a cross on paper and putting that paper in a box, and then counting afterwards?

Re:Schneier is a DOPER

[Thiez]

There was a single case. She was also drunk and depressed. Somehow the shrooms got blamed.

Re:You need trust

[Dishevel]

The problems with the system itself are minor. The real problem is not the hardware but the system itself. It dose not matter who you vote for. The politicians are representing either big business and the rich or trial lawyers and unions. After they are done serving those masters they move on to what is important to them. Pointless junkets in G5s. Either way the people are meant to be screwed.

Re:Errrr, your suggestion is.....?

[goodmanj]

It's more of a a teaching article, not a specific new proposal. Its goal is to describe an idea to people who're not familiar to it. Maybe you're an expert already, but I found it interesting.

Re:Why?

[mets501]

Furthermore, your signature is asinine for several reasons, not the least of which is because you put the inequality going in the wrong direction.

Check out p-values [wikipedia.org]. "p" in this case is not a regular probability. The equality is in the correct direction.

Re:Show of hands not self-enforcing

[CaptainOfSpray]

Here's some experience of "show of hands" votng.

It was widely used in trade unions in England in the 50's and 60's, typically in public meetings of all the members in a workplace. I heard of it both from a carpenter in the ship-building industry, a family friend; and from other insider reports on meetings in the car-making industry in Oxford, where I lived for a while. According to my sources, these meetings were often used to pass strike decisions of considerable financial importance to the members, but (a) you attended these meetings with your workmates, who saw how you voted, and made life hell if you didn't vote the Right Way (b) the committee appointed tallymen to count the hands - they reported whatever counts the committee had told them to report.

The result was the destruction of British industrial firms by self-centered self-appointed little dictatorial union leaders who werealways interested in making trouble, regardless of their member's interests. Vote them out? How? The elections were by "show of hands".

So "show of hands" voting is wide open to abuse if there are more people present than can be viewed and instantly counted by those present, or where those present are unable to challenge the count effectively.

related pet peeve

[circletimessquare]

voting systems should better reflect the people's actual will, by being a little more complex

you're never going to get the nuance of the people's will 100%, but you can do a lot better. for example: borda voting

http://en.wikipedia.org/wiki/Borda_count [wikipedia.org]

just rank candidates in the order you like them. then, in a divisive election is an opportunity for everyone's second best choice to become the winner rather than partisan first choices, that one half of the population hates, barely edging out the other

now take as an example the disgusting 2000 presidential election: if people were allowed to merely rank candidates rather than be forced to pick one, who would have won? john mccain. however you think of him as a choice in the 2008 election, mccain was certainly a better choice than gore or bush in 2000, and the nation actually thought so. if the people were allowed to rank a list of candidates, his name would have come out as the number 2 choice of everyone, and he would have won. but the system worked against mccain. instead, various undemocratic closed door machinations led the republican party to choose monkey boy bush over the more deserving mccain, and so the democrats who would have ranked mccain second best never would have been able to register their approval of mccain over bush. borda voting does away with the whole party primary nonsense: democrats field 4 or 5 presidential candidates, republicans field 4 or 5 presidential candidates. and the voters merely rank them. then the voting system better reflects the nuances of public opinion, and allows for the candidate whom people really like to emerge. who should really lead the nation? by better reflecting the people's affinity or dislike. no more divisive partisan bullshit

another good system: approval voting

http://en.wikipedia.org/wiki/Approval_voting [wikipedia.org]

easier to understand than borda voting with similar results: checkbox next to anyone you like. voting for no one and voting for everyone has the same effect. in between, are abilities to express approval and disapproval, and the winner is a simple tally of whomever gets the most votes

Rivest to the rescue?

[dawnpatrol1623]

The article is interesting, but Schneier is not the first person to consider such questions. Last year (I think?), Ron Rivest gave a couple talks at my school on the subject of voting. One of them was about auditing, and the other was about using crypto to achieve safer e-voting. You can see something similar to what he said here: http://people.csail.mit.edu/rivest/RivestSmith-ThreeVotingProtocolsThreeBallotVAVAndTwin.pdf [mit.edu] Some of the comments here have been arguing over the relative merits of verifiability and secrecy (as in having voting receipts or whatever). Cryptographic methods can be used to partly reconcile those ostensibly contradictory goals. Anyhows, have fun reading.

Re:Try authenticating before authorizing...

[the phantom]

You can't check for fraud by groups like ACORN (ACORN falsely registered the entire starting lineup of the Dallas Cowboys in Nevada and has been indicted in 14+ states)

Please, stop spreading misinformation. ACORN itself has not even been charged with any wrongdoing, let alone convicted. Rather, contractors hired by ACORN to get voter registrations have been charged. Rather than a conspiracy to fraudulently register voters, it appears that several lazy contractors filled out forms in order to get paid without doing any work. It should be further noted that, in many states, it would be illegal for ACORN to discard suspicious registrations submitted by their workers---instead, they are required to pass them along to the state, which is the only entity with the authority to discard registrations (as for the reason, imagine if ACORN decided that only people registering as Democrats should be allowed to register---they could discard all registrations with the Republican box ticked, thus committing another kind of fraud). In short, it is evident that some voter registration fraud did occur, but that it was almost certainly the result of laziness on the part of workers, rather than an intentional effort to commit fraud on the part of ACORN. Never attribute to malice that which can more reasonably be attributed to laziness, incompetence, or stupidity.

http://www.factcheck.org/elections-2008/acorn_accusations.html

Re:related pet peeve

[the phantom]

The system described above does tend to reflect the will of the people better. As an analogy, consider the GPA of a student. The current system is like only counting the As, i.e. you get credit for a class only if you get an A in that class. This is great for the students that always get As, but pretty much sucks for everyone else, and doesn't accurately reflect one's ability. The Borda system is more similar to the way that grades are actually averaged. You can be ranked on a scale from 0 to 4 (or 0 to 12 if you include pluses and minuses), which better reflects a student's ability.

To compare the two systems, consider the two following hypothetical students: student X took five classes last semester, got an A in one, and failed the other four; student Y also took five classes last semester, but got Bs in all of them. Under the first system, student X, who failed most of his classes, would still be ranked above student Y, because student X managed to get at least one A, whereas student Y did not. On the other hand, in the system we use, student Y would be ranked more highly.

A similarly brief overview of this idea (complete with this analogy) was published a while back by the AMS as part of their Mathematical Moments [ams.org] series. The relevant documents are near the bottom of the linked page, under the heading "Making Votes Count."