Forgot your password?
Security Government Math News

Schneier On Self-Enforcing Protocols 207

Posted by timothy
from the visibility-rocks dept.
Hollow Being writes "In an essay posted to Threatpost, Bruce Schneier makes the argument that self-enforcing protocols are better suited to security and problem-solving. From the article: 'Self-enforcing protocols are safer than other types because participants don't gain an advantage from cheating. Modern voting systems are rife with the potential for cheating, but an open show of hands in a room — one that everyone in the room can count for himself — is self-enforcing. On the other hand, there's no secret ballot, late voters are potentially subjected to coercion, and it doesn't scale well to large elections. But there are mathematical election protocols that have self-enforcing properties, and some cryptographers have suggested their use in elections.'"
This discussion has been archived. No new comments can be posted.

Schneier On Self-Enforcing Protocols

Comments Filter:
  • You need trust (Score:3, Insightful)

    by sopssa (1498795) * <> on Tuesday August 11, 2009 @10:38AM (#29023451) Journal

    Like everything else, both self-enforcing 'protocols' and someone in between, say paypal, rely on trust from people. It also relies on the fact that businesses will take a major hit when someone says something bad about them or if they fraud. This is exactly the same with laws. You cant enforce it, but you can make consequences for breaking laws bad enough so people dont want to break them.

    In high school I was teached that every happy customer tells about their good experience to 3-4 people, but every unhappy customer tells about it to 20 people. It's a great advice. Once the bad word gets out, your sales are going to suck and you lose customers. This is also why you need the trust and good name with self-enforcing protocols if not using middle man like paypal.

    This can also be seen on webmasters forums and the like. People have certain amount of trust points according to their past and who they've done business with. You can instantly see who is reliable and who you can do business with.

    Problem without using third party is that you cannot get to that trust level as newcomer and that it takes time to work it. When there's someone trusted in the middle of the transaction, you have some guarantee that you wont be cheated (or lose your personal details etc to whatever kind of fraud). In this case the trustful middlehand is good.

    So it only works if the other party is big enough. When voting, you rely on trusting the goverment (now this sentence is so gonna get some paranoid persons replying :). If not, you need a middle party that is big enough that you can trust them instead.

    As a side note, this is why we still rely on banks and even on our cash - We trust that our money on our bank accounts will still be available to us, and that our $10 bills wont just suddenly become worthless.

  • Why? (Score:3, Insightful)

    by mets501 (1269100) on Tuesday August 11, 2009 @10:50AM (#29023601)
    After reading that, I was left with the feeling that I had no idea what I had read it for. Was it a call to arms? Was it a rant about our whole world? It seemed to offer more problems than solutions...
  • by Spazmania (174582) on Tuesday August 11, 2009 @10:55AM (#29023669) Homepage

    The show of hands is not self-enforcing precisely because a non-secret ballot is subject to coercion. People vote their peers instead of their conscience.

    Selecting a security protocol that adversely alters the results is a common mistake among information security personnel.

  • Re:Why? (Score:1, Insightful)

    by Anonymous Coward on Tuesday August 11, 2009 @10:58AM (#29023705)

    I found it very interesting.

    That being said however, it is hard to see how it would apply in the "real world." While it is an elegant solution in a few niche situations my tiny little brain struggles to find situations where you can apply it directly to IT. He talked about voting but didn't really suggest how it could be made to work.

  • by drdrgivemethenews (1525877) on Tuesday August 11, 2009 @10:59AM (#29023725)
    What is the proposed self-enforcing voting protocol? With no suggestion made, what is the interest of this article to the slashdot community?
  • No, a show of hands *is* self-enforcing *but* not secret, and therefore subject to coercion, which is why it is rarely used. The article alluded to the fact that there may be a self-enforcing, secret protocol, without going into details of what it could be. If it exists, it would be a good idea to use it. It would also have been a good idea to include it in the article....
  • Re:Why? (Score:3, Insightful)

    by radtea (464814) on Tuesday August 11, 2009 @11:11AM (#29023873)

    It seemed to offer more problems than solutions...

    The "problem" is that the system of American government is fundamentally broken due to partisan capture: the government represents the Party, not the people.

    Unfortunately, the solution is not to be found in messing with the voting system, and certainly not my messing with it in ways that make it more complex. Most developed nations have very relatively simple, robust voting systems that have very plain, simple, paper ballots that may--but are not always--machine counted.

    Only in America is the smoke-and-mirrors of electronic voting given so much press, which is just part of the huge machinery of distraction from the elephant in the room: the Party controls the government. That the Party has two wings that go under different names is another big distraction. It lets Americans believe they aren't living in a one party state, but has no other effect.

    The solution, if there is one, is to systematically de-Partisanize the American voting system, starting by eliminating the ridiculous and unseemly involvement of the Party in voter registration, which should be handled by an arms-length public organization.

    It will be extremely difficult for this to happen, but a campaign to make it happen, like the campaign against gerrymandering, would at least put the fact of Partisan unity front-and-centre in what passes for American political discourse.

  • by NickFortune (613926) on Tuesday August 11, 2009 @11:18AM (#29023963) Homepage Journal

    The show of hands is not self-enforcing precisely because a non-secret ballot is subject to coercion. People vote their peers instead of their conscience.

    Right. But if there is a true self enforcing protocol we can use, then we'd be fools not to use it. That's the interesting thing here. Can't comment further than that because TFA is ever so slightly slashdotted at the moment.

    Still, at the risk of covering the same ground as in TFA, maybe it's time to consider the secret ballot in terms of a security trade off. What good is voter anonymity if it's impossible to demonstrate that the electoral process is fair? You just swap one means of disenfranchising the public with another one. Moreover, with method that's way harder to catch and punish.

    Maybe we need to look past "secret ballots are good" and focus on why we consider them to be good, and on whether that good is being preserved under current systems.

  • Re:You need trust (Score:4, Insightful)

    by nedlohs (1335013) on Tuesday August 11, 2009 @11:41AM (#29024313)

    Please resubmit your comment in Swedish so we can make fun of your non-native language errors too.

    Should be great since your English was worse than the post you were criticizing.

  • by rjstanford (69735) on Tuesday August 11, 2009 @12:09PM (#29024721) Homepage Journal

    And when your boss says, "By the way, if you vote for Dan, you get to keep your job - and I want to see your voting receipt to prove it, or out you go!"? That's one of the main reasons that we have private polling in the first place.

    How about going back to the old ways - electronically generating, at the polling place, an anonymous, very clear, human-readable piece of paper describing your vote. Use machines to create as many as you want, one at a time, on special pieces of paper that are handed out either as you walk in the door and get IDd or upon the insertion of your previous one into a shredder. Once you're happy with it, it goes into the voting box which a) saves it, and b) scans it and records the data, unofficially (ie: the piece of paper wins in a recount).

    Dead simple, totally private, and fully auditable. Plus, with an open standard, there could be different types of paper-generating-machines for people with different needs, no problem. No hanging chads, no huge expense, quick access to unofficial results and about as easy a recount procedure as you could ask for.

    Finally, at the end of the day, do it the CA way and have the boxes opened up and tallied by hand for the major issue and a random selection of minor ones at each station. Anyone can watch, and any discrepancy over .1% of the total is assumed to be computer-tampering and triggers a full manual count for all issues at that station, and a more thorough audit to determine the source of the discrepancy.

  • Re:Why? (Score:3, Insightful)

    by TerranFury (726743) on Tuesday August 11, 2009 @12:19PM (#29024845)

    The voting system determines the rules of the game. And it turns out that the game is structured such that large parties play it best. How can you destroy parties without changing the game? Theirs is evidently the equilibrium strategy.

  • by Otto (17870) on Tuesday August 11, 2009 @12:29PM (#29025003) Homepage Journal

    What is the proposed self-enforcing voting protocol?

    Everybody in the same room makes a mark on a ballot, folds it, puts it in a box with an open top, so all can see it is not subject to being rigged, but still not see the actual votes. At the end, the votes are upended on the floor and everybody looks at them, and can count them themselves.

    Less subject to coercion than a show of hands, still not perfect. However, it is self-enforcing, since all can see the results.

    There's other ways as well, but the point is that everybody needs to know how the system works and to be able to follow all the votes all the way through the system to the final count for it to be self-enforcing.

  • by circletimessquare (444983) <circletimessquare@gmail. c o m> on Tuesday August 11, 2009 @01:09PM (#29025559) Homepage Journal

    result in a more mainstream choice? i am flabbergasted how such a conclusion could enter your mind

    the 2000 election is an indisputable example of how the current system wound up choosing a president that was not mainstream. we got instead a cleavage of the country into left and right, with resentment and hatred festering

    mccain was a better mainstream choice: his secondary appeal to democrats was much larger than his primary appeal to the right wing, which is what cost him the party's nomination. so if mccain was allowed to proceed to a final approval or borda vote, he would beat bush and gore on account of his much broader secondary appeal

    meanwhile, our current system divides, it doesn't unite: it stokes the fires of partisanship, it cleaves the american people into two fiercely divided camps where the loudest most blind voices dominate

    such voices would still exist if we voted borda or approval, but more moderate voices would come to dominate, simply because a different voting system rewards a different strategy and set of issues

    partisan morons are tearing this country apart. we need less of them, not more of them, just look at the idiocy that dominates the discussion on healthcare right now. how do we get less partisans? we adopt a system which rewards them less. our current unideal system rewards partisan loudmouth bickering idiots, to tragic results

  • Re:First Post (Score:3, Insightful)

    by Anonymusing (1450747) on Tuesday August 11, 2009 @01:22PM (#29025777)

    Maybe it's merely a self-fulfilling protocol?

  • Re:You need trust (Score:5, Insightful)

    by SleepingWaterBear (1152169) on Tuesday August 11, 2009 @01:22PM (#29025795)

    Self limiting protocols are useful only for small scale solutions when it is reasonably possible to validate the results (are you going to be able to review the votes of 1,000 plus voters in a useful timescale)

    This idea seems to come out of nowhere and with no justification other than that the most naive possible method of scaling one particular protocol up doesn't work well. There is no fundamental reason that a well designed self enforcing protocol can't scale very well. As a simple example, let voters gather in groups of 100 or so and tally their votes. Then send someone to report the votes to a larger group (this can happen multiple times to allow for exponential scaling), and make sure the report is publicized (in a local newspaper or on a website designed for the purpose) so that voters can confirm the numbers were reported right. By spreading the work over many people no one person has to do an excessive amount of work, regardless of the number of voters.

    Anonymity is a little trickier to do efficiently, but here's the first idea that comes to mind. Gather your 100 voters in a room with a vote count visible to everyone, and give each voter a private terminal. In a random order ask each voter to make a choice, then to confirm the updated count. Each voter will know his own vote was counted correctly. If 100 voters doesn't seem like enough to ensure anonymity you can use a larger group.

    Obviously there are all sorts of flaws with the plans above, but with proper time to work through the details a workable plan of some sort exists. Just because you don't know a solution to a problem doesn't mean that someone actually willing to think can't come up with one.

Vax Vobiscum