Re: [atlarge-discuss] Panel Mandate options

[espresso@e-scape.net]

At 14:10 +1300 2003/02/26, Joop Teernstra wrote:
>Hi Judyth,
>
>I did not realize that web access is so difficult for you that you
>could
>not quickly read the Poll Watcher basics put up in the Forum
>http://www.icannatlarge.com/forum/viewtopic.php?t=309

Hi, Joop,

Unlike some of the folks here, I don't have an IT industry job
or a globetrotter's budget. As a freelance editor/translator
who spends 40-50% of her time on volunteer efforts, I live
simply and make do with a limited-hours dial-up connection.
That means when my work requires more online time, I have
less available for other activities. (It also didn't help
that the polling period coincided with my ISP's decision to
change their IP numbers and server configuration without
explaining that they were eliminating the proxy server I
was set up to use. They're nice guys but they are not
exactly great at customer service...)

>I'll copy them here for you.:
>quote
>Pending the election of a Polling Commission, Polls can be undertaken
>as a
>private initiative in a bottom-up fashion.
>
>To add to the credibility of their results, neutral and broadly
>respected
>Watchers need to be engaged.
>
>These watchers need to be able to answer email within 24 hours.

That shouldn't be a problem.

>These watchers should have the following rights:
>
>1. Get the outgoing Ballot message in advance (for comment and
>amendments)
>2. Get copy of all correspondence with voters
>3. get Polling Options and background story 24H in advance before it
>goes
>on the PB website (for comment and improvements)

I presume this means somebody (namely you) will set things up
so those messages are sent to us?

>4. Get list of all the voters names or email addresses (strictly in
>confidence) as soon as the Ballot goes out.

This presumably has to come from Vittorio, who seems to be the
only person with the full current list of ICANNATLARGE.ORG members.

>5. Get copy of all actual raw voting results from the database
>(strictly in
>confidence) as soon as the voting closes.

Will you be sending this by e-mail, or providing instructions
on how I should get them directly from your database?

>6. Get list of all bouncing addresses.

Is there a procedure by which bounces will be forwarded to us?

>The Watcher's duty will be to report on the Poll and declare the
>Polling
>results reliable or unreliable within 4 days after the closing of the
>>Polls.
>unquote

I would certainly be willing to tabulate results quickly and
compare them with the results obtained by the other "watchdogs"
but I'm not entirely sure how I could certify them as reliable
except insofar as all the separate counts should match. Would
that be sufficient? I'm be in no position to know how many members
might have tried to vote without succeeding, or assess the technical
reliability of the Polling Booth itself.

>I have much experience with poor people in parts of the developing
>world
>(Philippines) and web access is actually easier for most than
>email-only
>accounts.  Poor people do not have computers with email clients.
>They access the internet via Internet cafe's (average cities have
>HUNDREDS
>and most small towns have a few that are packed with people)  and have
>an
>email account through a web interface (Hotmail, Yahoo, etc.).  Many
>think
>that the web is all there is.

That's certainly true in many places. On the other hand, there
are more and more places where people can get their own e-mail
accounts through a community centre. As you point out, though,
the time issue is often significant: they can't spend long
periods online or get access every day, which is why I think
it is less than realistic to require them to read a lot of
material online quickly and then cast their votes.

Even here in Montreal where some people do indeed use Webmail
accounts accessed through a free terminal at a public library,
they are often limited to 15-30 minutes at a time and have to
book up to two days in advance for a time-slot. That is not
conducive to extensive use of forums, etc., though it is
often enough to download e-mail to read offline.

>Many do not have telephone connections at home. Many poor people now
>use
>cellular phones, but still do NOT have landlines. (We waited 11 years
>for
>our landline)

That's certainly true, and in many places it appears that
landlines will never be the answer. Eventually, one hopes,
there will be adequate satellite coverage of the areas
where cabling is not an option.

>I think your proposal for a two step verification is excellent and it
>can
>be practiced when handling Booth votes as well.
>I would be more than happy  to let the watchers help me in sorting out
>the
>final full voters' list.
>Should we send ballots to members who indicated that they don't want
>announcements? In case of bounces, should the corresponding names be
>listed
>on the website with a request to update to a working email address?

The only way to hold a democratic vote is to make sure that the
call to elections, call for nominations, ballots and results are
sent to ALL members. The first message can contain a notice to
the effect that those who do not wish to participate in the
organization can resign (by e-mail or using a Web form) and
thereby have their addresses removed from all future mailings.

There should certainly be a reminder on the Web site(s) that
people need to update their contact information if they want
to continue as members, as well as means for them to do this.

>Maintaining vote anonymity is a much harder thing. If I run the polls
>without watchers, it is only 1 person who has theoretically access to
>confidential data.  To analyze raw results is not easy, but in theory
>database query scripts could be written.

This is precisely why I recommended the two-stage process,
whereby one person who is *not* a vote-counter receives the
ballot and checks it off against the membership list, then
removes the identifying information and passes the ballot on
to the people doing the actual count. In fact, my original
recommendation was for the assignment of unique membership
numbers as identifiers, which means the person doing the
checkoff need only have numbers and e-mail addresses, not
necessarily names, and the full membership database remains
confidential.

If the actual votes cast are delivered automatically to a
database, that would presumably strip off the identifying
data without human intervention. All one would need is to
be sure that the system will allow only a single vote per
member and that each member will receive their own, randomly
generated number as "password" to authenticate his/her vote.

>The more watchers there are, the more anonymity can be compromised.

Not necessarily. In a physical vote here in Canada, the voter
goes to a table where at least three people from different
political parties are sitting. The voter presents identification
and is given a ballot paper. All three workers cross that
voter's name off their copies of the list but have no means
of seeing what is marked on the ballot when the voter comes
back to put it into the box. At the end of the day, the last
shift of workers and any observers from other parties can
see the physical ballots but have no means of telling who
cast which ballot. Anonymity is "compromised" only to the
extent that one could determine which voters actually voted
and which didn't show up.

If an electronic vote is set up such that authentication
information is checked automatically but not included with
the information transferred to the database, no human need
see the identifying data and having several people receive
and check the database contents separately should be
enough to prevent tampering with the results. Of course,
the person we **really** need to trust in that setup is
the person who does the programming; we might want, in fact,
to ensure that the programmer is not the same person as the
one who has administrative access to the hosting server.

>If you use Elisabeth Porteneuve's (Kent Crispin's?) email  votebot,
>you do
>not know how many people will get the confidential data. How
>watertight is
>ICANN's  GNSO secretariat?

I have no idea whatsoever... but if there is reason to avoid
trusting our own members to handle ballots properly, I'd
think there should be similar reservations about anyone else
with a possible stake in the results. If we turn to outsiders
because we don't trust our own, I think they should be *real*
outsiders -- people who have nothing to do with Internet
governance as such.

>An email address, from where the email votes are distributed to
>watchers is
>dangerous, as you cannot know for sure who else is on that
>distribution >list.

At some point, I think, we need to recognize that a degree of
trust is essential to all collective efforts. While I'd much
prefer that each voter e-mail their ballot to the watchers
directly, rather than to one address from which it would be
forwarded to them, there are precious few people whom I would
expect to deliberately arrange that confidential information
be forwarded to others for nefarious purposes. Also, if the
identifiers are stripped from the ballot contents, the only
effect of such a manipulation would be to let an unauthorized
person get an advance peek at the tally.

>I regard email voting as less secure than sending votes to a single
>webserver, because emails can be spoofed but  login to a server can be
>made
>secure.

Spoofing the address of a message would not, in my scheme,
allow an unauthorized person to vote. One would need *both*
the correct (unspoofed, since this can be spotted in the
message headers) e-mail address *and* the unique identifying
number of that member. The only way one could expect to have
both is to intercept the message notifying the member of
his/her ID number. And if one could do that, one could just
as easily intercept the message which provides the URL and
password for a Web-based poll.

>The Booth does the counting and displaying automatically, so that
>saves
>work and mistakes.
>For verification the PD administrator  sends the raw database output
>to the
>watchers.

In fact, then, the human watchers do need to do the counting
to check that the automated count displayed is accurate ...
and the human administrator could theoretically alter both
what the automated count shows and the raw data the watchers
get. The more suspicious among us might not be entirely
happy with that approach ... which is why I'd be quite
willing to continue with a system where no individual has
access to both the untreated ballots and the publication
of the results.

>Anyway, I can understand that you don't want to commit, but I will
>include
>you in my emails to the watchers anyway, so that you can judge the
>system
>for the next time.
>The members have asked to be polled frequently, so there will be a
>next >time.

By all means, do. Still, although I have no problem with
using your Polling Booth for informal information-gathering,
I am still not convinced that it is preferable to an e-mail
balloting system which does not depend so much on a single
individual.

>> From our little test-run of the Polling Booth, during which I
>>myself was unable to vote due to technical difficulties and
>>other members were not even invited to cast their ballots,
>
>That had nothing to do with the system. Abel Wisman, Thomas Roessler
>and
>David Farrar were not on my list, because they had publicly requested
>to be
>removed. This time, I will add them back, unless they protest now.

At the risk of repeating myself, I must say that to me the only
valid membership vote is one in which ALL members are invited
to cast their ballots and NO non-member has the means of doing so.

We are now in a situation where it seems you consider as members
only the people who registered at your site and did not ask to
be removed from your list, whereas there is another, non-identical
list of members of ICANNATLARGE.ORG all of whom are theoretically
members of this group and who should be eligible to vote. It's
the latter list which should be used, and its members should
receive all official notices -- unless we choose to send a
preliminary message asking them to confirm their memberships
before we ask for nominations.

>The process this time is that I ask appointed  Watchers for their
>approval
>and for amendments, simply in order not to be acting unilaterally.

Surely it's not just the volunteer watchers who should be
consulted about the questions on ballots! We've been talking
about using the Polling Booth as a means by which members can
pose their own questions, so we need a process which is a little
more transparent and democratic than Joop proposing questions
and a couple of other volunteers approving them. At least, I
believe we need that process for the real votes of the
future organization, though perhaps not for informal polling
at icannatlarge.com for its own purposes.

>The *proper* process should be that there is an elected Polling
>Committee
>who will jointly decide on all text and options  used in the Booth and
>in
>the Polling  Notices.

Actually, the proper process for elections is usually described
in an organization's bylaws. The periods and forms of notice
are defined, along with how one chooses a "President of Elections"
and scrutineers. It is stated whether and how a resolution of
the membership will be distributed and voted on, what types of
resolutions need more than a simple majority to pass, etc.

Informal polling methods are usually not defined in the bylaws:
they are often adopted by a simple resolution of the Board or
Executive Council, and sometimes initiated by a working committee
that needs information from the members in order to do its job.

We are, I think, at the point where a distinction must be made
between something official -- an election, a vote on the mission,
etc. -- and something unofficial like the famous "trust" question
on the previous poll. It may sound somewhat heretical but there
is a saying about the rules being made by the people who show up
and I'd venture that this list is the proper place to discuss
the content and wording of any questions to which we want an
official answer, as long as the voting is then open to all
registered members whether they read the list or not.

Regards,

Judyth

##########################################################
Judyth Mermelstein     "cogito ergo lego ergo cogito..."
Montreal, QC           <espresso@e-scape.net>
##########################################################
"A word to the wise is sufficient. For others, use more."
"Un mot suffit aux sages; pour les autres, il en faut plus."
##########################################################



---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de