[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [atlarge-discuss] Election Preparation



Hello, all,

Since Sotiris addressed his message to me as well as the group,
I'm taking the liberty of responding.

At 23:10 -0400 2003/04/23, Sotiris Sotiropoulos wrote:
>espresso@e-scape.net wrote:
>> I don't think I can agree with that. Undoubtedly, some of the
>> names of the silent ones *could be* phonies but we have no
>> reason to assume most of them are - plenty of people who
>> haven't posted in either the mailing list or the forums are
>> a) upset at ICANN's abolition of the "At Large" constituency
>> and
>> b) likely to have found one or the other of the two Web sites
>> in the course of looking for news, and to have thought it a
>> good idea to sign up in case we manage to get this thing
>> off the ground.
>
>I do admit that such a situation is possible, however, after 5 years of
>experience in these affairs, I have good reason to be paranoid.
>Consider
>the 6000 original At-Large members Denise Michel recently announced she
>will be re-activating(?).  AFAIK the "original" AtLarge members
>numbered
>more than 76,000 (of which, I happened to be one).  See:
>http://members.icann.org/ for more info.
><snip>

I was one of them, too, and you may forgive me for wondering
whether ICANN will choose to include me in the select 6000
whose memberships they will "re-activate". On the other hand,
choosing to hand-pick from amongst the original 76000+ and
hoping to pass the results off as a step towards democracy is
*exactly* what I'd expect ICANN to do.

>> I also believe wholeheartedly that democracy *should be*
>> participatory, but that's not the kind of democracy most
>> of our democratic governments allow these days and I suspect
>> only people involved in political or social activism are
>> accustomed to playing an active role.
>
>So what exactly do you think our role here is, if not social activism,
>pray tell?  We're here to stand up and be numbered, Judyth.

Obviously, some of us are willing to stick our necks out
further than others, which is normal enough even amongst
social activists. Some people stand out front with megaphones
and get targetted by the police; others, though, are part of
the crowd and not all of them will stay put until they are
teargassed and handcuffed. But they are still part of the
movement ... as are some of the people who support them but
for various reasons prefer not to risk arrest or having their
faces show up on the TV news.

To put it simply, the organizers are those willing to take
some degree of personal risk but one doesn't need to take
maximum risks to be a real part of a social movement. In
practice, for example, the organizers of a recent peace
march here in Montreal numbered no more than 200 or so
but there were 250,000 out on the street -- numbered but
not named -- whose participation was very important, and
still more people who facilitated or suppported the effort
without being physically present at the march.

I'm a neck-sticker-outer from way back but my health isn't
great and my walking speed is such that I'd be blocks
behind the march anyway, so I concentrate on aspects that
require mind and heart and keyboarding rather than
good legs -- like making sure the word gets out to everyone
as to what happens where and whom to contact about what.
I miss being able to march myself but I'm still in the
movement although I can't.

>Anonymity among political equals is a no-no in true
>democracy, Judyth.

That rather depends on what you mean. In my opinion --
and I'm certainly not alone in this -- you cannot have
a true political democracy without a secret ballot.
Oddly enough, in places where everyone casts their
ballot while watched by prying eyes, voters tend to
get beaten up or even killed when they vote for the
"wrong" person.

Voters' lists, on the other hand, are usually not secret.
Not that many years back, the normal practice in Canada
was to post the voters' list for each district on the
telephone poles so everyone could see who was registered;
in fact, we didn't question its necessity in the 50s
and 60s. But times change and unscrupulous people were
misusing those lists, some to exert political pressure
but others to rob or harrass the voters. Now we each
receive by mail only the page on which our own details
appear or, in the case of the recent provincial election
here in Quebec, only a card confirming our own registration
and indicating which poll to vote at. More personal
privacy and security, at the cost of no longer knowing
which of your neighbours won't bother to vote or how
many votes should be turned in at your polling station.
It's a trade-off most people here find acceptable, though
I'm not entirely convinced it's the only way to go.

>In any case, for members of any civic body to have a say and a stake
>in the
>politics of the group, it is incumbent on members (anywhere on the
>planet, I believe) to fulfil certain conditions of entitlement.

In any case, for most of the 30+ years I've been a voter,
there has been no requirement that everyone know your
name and address in order to qualify as a voter, let
alone whom you'll vote for. All that was needed was to
be of legal voting age, a citizen, and a legal resident
of the riding. The enumerators checked that when you
were put on the list and the scrutineers at the polling
station checked a) that you were on the list; b) that
your name hadn't been crossed off as having voted there
already; if they weren't content with the registration
card, they could ask for some ID.

Again, there was a change for the last Quebec election: they
decided one has to show photo identification - passport,
driver's licence or Quebec Medicare card. There was probably
a lot more voter fraud in former elections but until
recently it was considered an invasion of privacy to
demand photo ID ... which is odd, given acceptance of
published voters' lists. It's a cultural thing, and cultures
change relatively slowly.

>I should
>think that merely registering for membership is hardly the best
>qualification for establishing the uniqueness of identity for an
>email
>address and a name.  Since I have called attention to it repeatedly
>over
>the years (you don't know, but you can look it up in the GA
>archives), I
>believe my point is as valid now as it ever was.

Sotiris, I've never disagreed with you and you can see in
this list's own archives that I don't think it's real
proof of anything much. In fact, I believe I supported
your idea of a WG to study better means of confirming
identity, though I did suggest that some provision should
be made for *public* use of a pseudonym (say, on the list
or forum) by people who might live in countries where
belonging to a foreign organization is illegal or where
having one's true identity exposed on the Web is likely
to cause unpleasant repercussions. That is to say, I'd
want the bylaws to lay out a procedure by which real
identity can be confirmed but personal details need not
be published if the person felt it was likely to cause
hardship.

>Practically speaking, I thnk a freemail email certificate available
>from
>Thawte free-of-charge would be a pretty good place to start with unique
>identity verification qualifications for our group.  I have attached my
>own to this email.  Simple and free to get see:
>http://thawte.com/html/COMMUNITY/index.html

Okay, Sotiris, I've just spent 1-1/2 continuous hours at that
site... which ended with "Lost track of sequence...please
start again". It's a nice, clean design with easy-to-use forms,
and (most unusual!) all the list-boxes work properly with a
Mac. However, after going through the whole multi-page process
without much difficulty, I was stymied at the end because I
was using neither MSIE nor Netscape when I started ... or
perhaps it just doesn't like iCab. However, switching to
Netscape (4.6) didn't get me a certificate either, which
leads me to wonder whether other people mightn't have similar
problems, especially working with dial-up rather than
highspeed broadband access.

Secondly, though I agree that the Thawte certificate might
be better than nothing at all (assuming it works better for
everyone else than it did for me), absolutely nothing in
the process would have prevented me from obtaining a
certificate using somebody else's identity. As far as I
can tell, I could use anyone's name and social insurance
(or passport, etc.) number with one of my own e-mail addresses
and receive a certificate -- in fact, it seems I'd have to if
I wanted to provide a certificate for messages emanating
from another e-mail account.

Their other form of identification certificate, which requires
verification of identity by a notary, would be rather more
confidence-inspiring but in practice, walking into a notary's
office with legitimate-looking documents doesn't mean the
person presenting those documents is the right person, either.
That's why we hear so much these days about including
fingerprints, retinal scans, etc. where identification is
crucial!

>Until that issue is addressed, you cannot adequately rebut my wariness
>about who is ad is not a real member of our association, and I will not
>let you (or anyone else) forget about it.

Let me assure you that I am (and always was) eager to address
the question, and not only within this group, AND not as a
form of attack on any individual member of it. It is true
that I don't share the conviction that this group's present
activities would justify paranoia about it -- in the greater
scheme of things, what would be the big payoff to infiltrating
a group with no status which represents no discernable
proportion of the Internet-using community and is unlikely
to be given any decision-making input into anything until it
and the world have undergone some serious changes?

Yes, we've got some phoneys and pranksters amongst us, as is
quite likely to happen with any more-or-less activist group.
It's something every group has to deal with. In my opinion,
the jokers in the deck are likely to be *less* of a problem
in the long run than the people with easily-confirmable
identities who are amongst us precisely because they want
to become part of ICANN's existing power-structure rather
than because they want to change it.

Yes, we've talked a bit about how one can authenticate a
member's identity ... but it should be obvious that neither
having access to a bank account or credit-card number, nor
providing a full name and address and so on, nor even
presenting the usual kinds of government-issued identity
papers is 100% secure. Furthermore, individuals may have
good reason to be careful about whom they give that sort of
information to these days -- identity theft is a multi-
million dollar business, and many of us (myself included)
have had wallets stolen, which although it happened of-line
means there is somebody out there who could have sold my
ID for a good price to any woman who looked somewhat like
me.

At this point - meaning now as the current election approaches,
not forever - we have neither the means to check people's
real identities nor their motives for registering as members.

I am guessing, though I cannot prove it, that the registered
membership of 900+ would probably conform to what the
statisticians call a "normal distribution" -- about 4%
really dedicated to changing Internet governance, about
4% at the other end secretly dedicated to preventing that,
and a whopping 92% spread out between those extremes, of
which the vast majority isn't strongly committed to anything.
That would mean we can expect around 72 people (36 on each
side with strong feelings) to be willing to commit real
time and energy to this project, and half of those would
in effect be working to derail the effort entirely. We got
a slightly higher number of members participating in the
last poll and the last formal vote but well within the
statistical range I'd expect -- i.e., a lot less than I
would have hoped for from a real activist group. I
haven't done a statistical analysis on the postings in
the forums or on this list but it's my impression that
they fit the bell-curve, too.

>> BUT, that being said, when we go to vote for our various
>> representatives in our governments, people don't just assume
>> we're fraudulent or bought-off voters just because we've
>> spent our time minding our own business instead of mouthing
>> off in public or via the Internet. If we're registered
>> voters, we have the right to vote no matter what anyone
>> may think we are voting for.
>
>In the real world here in Canada, voters remain generally assured that
>there are rigorous safeguards in place to ensure uniqueness and
>identity
>of their fellow voters, and that fraudulent voting practices are
>guarded
>against.  In the real world here on the Internet, Judyth, the same
>assurances do not apply, especially in our group's case.  I have every
>right and good reason to opine that the current practice is highly
>compromisable and therefore necessarily suspect.

I'm not disputing your (or anyone's) rights to want more
certainty in the process. The problem, Sotiris, is what one can
do about it now.

In the real world in which we live and work, most of our
transactions with other people are based on some degree of
trust. An employer trusts an employee to do a job;
the employee trusts that there will be a valid paycheque.
A shopper buys cornflakes and trusts that what's in the box
is what it's supposed to be. The bank trusts that the ID I
showed when I opened an account is really mine and I trust
them to keep my money safe. Some aspects are easier to
trust, and some are easier to authenticate if one needs to;
in general, though, we function as humans by taking it for
granted that the majority of our fellow-humans are not
especially evil or larcenous so we'll be reasonably secure
most of the time.

Over the Internet, as when one is dealing with somebody new
in the real world, one wants to be careful and check things
out beforehand if one can. There are a number of means of
doing so but they don't usually include access to the
government databases containing one's passport numbers, etc.
Most individuals are not listed in Dun & Bradstreet or
Who's Who or other directories of the kind. Some Internet
users -- you and I, for example -- can be checked out a
bit with a search engine or a look at WHOIS but many others,
especially those relatively new to the 'Net or those who
don't like exposing themselves to the risks an identifiable
presence on the Web entails, simply won't show up in the
search. You *might* find them in an online telephone
directory or something, but even that isn't guaranteed.
In fact, nothing I can find on the Internet really *is*
guaranteed -- even digital certificates have sometimes
been issued to fraud artists: the Thawte Freemail thing
essentially confirms that the party using the certificate
and a given e-mail address is the same party who registered
using that address ... but not that this was the person's
true identity, let alone what his or her motives were for
registering.

Besides which, of course, even if one made it one's policy
to do such a search for each prospective member, which
person or persons amongst this group would be universally
trusted to do it? The same problem would occur even if one
were to use a postal-mail confirmation system, or attempt
to call each prospective member's bank (on the unwarranted
assumption that the bank would actually know the person
and be willing to divulge any information), or check them
out with one of the credit-rating agencies or...

>> The onus is on us as a group to develop a voter registration
>> (membership) process which includes some form of identity
>> confirmation if we believe that those on the existing list
>> may not be real people. If I remember correctly, Sotiris,
>> you were very concerned about this earlier on and volunteered
>> to work on a method for us.
>
>I am working (in remote snatches, but I'm still far from being ready to
>reveal it) on a vote tabulator mechanism, not an identity-establishing
>facility.

Sorry if I was in error on this. I was quite sure you had
expressed your concerns about identity-authentication as
we were going into elections for the previous panel and
suggested you'd be willing to look into it.

>I recomend http://thawte.com/html/COMMUNITY/index.html for
>this group.  It's free and easy to use.  I have been recommending it
>for
>years, but every time I bring it up, the likely suspects don't want to
>talk about it, or they complain that's it's too involved for the
>simple(ton) internet users they think we ought to be representing or
>some
>such nonsensical repartee is offered as a refutation.  Pitiable,
>actually.

Tone aside, yes, you had mentioned this before and I believe I
suggested it was not the ideal solution. I still believe it is
not ideal for people with slower connections, less online time,
older equipment, or from other cultures. I also don't see it
as definitive identification, though I'm not sure anything
is these days. Call it "nonsensical repartee" if you like
but most security people would agree to the latter, and many
(if not most) people involved with developing countries have
concerns about usability, though I'm glad to see Thawte is
indeed preparing to deal with more languages.

>> Did anything come of it? If not,
>> perhaps you have some ideas about how it could be done ...
>> preferably without just expelling everyone who is not known
>> personally in "meatspace" by other members and without a
>> labour-intensive or costly kind of identity-checking.
>
>Oh yes!  http://thawte.com/html/COMMUNITY/index.html
>
>> Meanwhile, there is really nothing one can *legitimately* do
>> to disenfranchise people because they may side with somebody
>> one disagrees with, unless you're going to chuck democracy out
>> the window entirely. Given the nature of our group and its
>> raison d'Ítre, anyone who is a live human Internet user
>> should have the right to join and the right to vote.
>
>Not that simple, I'm afraid.  They must first satisfy the condition of
>proving they are a real person.  I think that's a pretty inclusive and
>fair standard, don't you?
>http://thawte.com/html/COMMUNITY/index.html

I agree that the condition of being a real, live human is
fair and inclusive. I'm afraid repeating the URL doesn't
persuade me that the Thawte method does that conclusively.
If I have the time to spare, I'll go back and see what it
does when I try to register as somebody else whose social
insurance number I have on file.

>Only those who can prove their unique identity ought to be able to vote
>PERIOD.  That's my position.  Any other vote is inter alia technically
>suspect, and therefore illegitimate until completely and sufficiently
>verified.

The problem I see is that, by your own logic, anyone registered
as a member of this group is automatically suspect unless they
are using a digital certificate, which means almost nobody is
eligible to say whether or not the Thawte certificate should
be required for people to cast their ballots in this election,
and no result from any election conducted by this group could
possibly be legitimate. Where does that leave you?

>> There are a small number on
>> this list who want things Web-based and another small number
>> concerned that this will prevent some members from voting,
>> so (to me, at least) it makes sense to hold that vote by
>> e-mail as part of the election ballot and then do whatever
>> the majority says it wants.
>
>No.  Not quite so fast, if your warrant is the expediency of such a
>process, I have to question the need for speed.  First things first,
>after all, we wouldn't want to end up with the wishes of a potentially
>suspect "majority", now would we?

Would it actually be better if the group were to

a) disband entirely to get rid of the suspect majority;
b) be re-started by yourself (the only individual you can
   *really* trust to be who he says he is), carefully
   registering only those people who obtain Thawte
   certificates (and perhaps meet your personal criteria
   for not talking nonsense or being plants or whatever);
c) conduct its first election at some point down the road
   when you and your new colleagues feel they are ready
   (perhaps your vote-tabulator is online, perhaps using
   the Polling Booth or something else).

That's certainly an option for anyone who chooses to take it
up. It's up to the other members to decide whether they'd
want to go that route.

My own decision is to withdraw and let you guys keep on
accusing one another, insisting that your way is the only
right way, and generally carrying on what has become "business
as usual" while I devote my time and energy to other projects
where people are willing to behave more maturely and treat one
another with respect while working towards a common goal.
Anyone who is interested in knowing what those are can
e-mail me off-list; however, I assure you that they will
in no way interfere with what's going on here.

>> >P.S.  Judyth, some of us are still waiting for your "proposal"
>> >for a voting mechanism, remember?  :-)
>>
>> Are you? I've been posting in some detail how I think an
>> e-mail ballot can be conducted to minimize the chances of
>> people voting in other people's names or tampering with
>> either the ballots or the counts. Had you missed those
>> messages?
>
>I must have.  Please do copy them, I'm sure it will allow for renewed
>discussion of the matter.

Hardly necessary, surely? It's all in the archives on the Web
for anyone to see if they care to. No, it did not include
foolproof confirmation of the real identities of all members
-- simply because I know of no foolproof and feasible method
of doing so. I did call for

a) a mechanism for periodically confirming membership and
   contact information (not to mention a change-of-address
   form on the Web site)
b) a permanent and confidential numerical ID randomly assigned
   to each member on joining (so nobody can guess somebody
   else's number and vote in their name)
c) a new password for each election or referendum, to be
   used in conjunction with the permanent ID
   [this last being done by whoever is delegated to run
   the election -- ideally, not the same person(s) who
   keep the membership roster and send(s) out the ballots]
d) a multi-stage scrutiny process whereby e-mail ballots
   received were
   - checked against a list for match of ID and password
     (so as to spot doubled votes or jokers in the pack)
   - stripped of name, e-mail address, IP number, etc.
     (so as to render the ballots themselves secret)
   [these two being done by the first-level scrutineer(s)
    who play no other part in the election
   - forwarded with only numerical identification to
     other scrutineers who would check the tabulation
     of votes and could publish the raw tabulation
     without indicating who voted which way)
   - open to each member being able to confirm that their
     vote had been received and counted correctly (via
     e-mailed raw data or publication on the Web)

Of course, if you don't trust anybody at all amongst the
membership, you probably won't trust anyone to perform
any of those steps. On the other hand, the process does
explicitly limit each of those involved to a specific
stage and prevent ballot-box stuffing (unless those who
chose not to vote conveyed their ballots to others to
vote in their place, and unless some clever blackhat were
routinely intercepting everyone's e-mail so as to get
their ID numbers and passwords).

It's obviously not perfect and there are other methods of
securing it further -- for example, having the whole process
conducted by some independent third party whose employees are
not members -- but the group as a whole didn't insist on it.
It seems some of my suggestions were incorporated into the
process which Bruce, Jefsey and Eric are overseeing now.

>> Anyway, at this point the question is academic since Bruce,
>> Jefsey and Eric are in charge of conducting the upcoming
>> vote and have already seen my thoughts on the subject.
>
>I propose that voers must also enter their votes in Joop's polling
>mechanism to double-check any results and to provide a back-up system.
>Do you have a problem with that?  Also, there's the matter of
>http://thawte.com/html/COMMUNITY/index.html
>
>Settle that before we settle anything else.

It is obviously not up to me what you guys decide to do.
However, it does seem to me that "what I say three times
is true" isn't a convincing argument.

>> Once we have elected a new Panel, I would hope that they'd
>> make sure the relative merits of the various systems
>> proposed were discussed and let the members choose what
>> they think best to be included in the bylaws for the group.
>
>This discussion must take place BEFORE any election, I'm afraid.
>http://thawte.com/html/COMMUNITY/index.html

Sotiris, as I said, I'm withdrawing from this project so it's
not me you need to convince.

Whether the rest of the gang will agree that the election should
be suspended or cancelled now is doubtful -- most people seemed
to agree that a new Panel election should be held as soon as
possible and were unhappy that these issues were discussed for as
long as they were. I wish you the best of luck persuading them.

Regards,

Judyth

##########################################################
Judyth Mermelstein     "cogito ergo lego ergo cogito..."
Montreal, QC           <espresso@e-scape.net>
##########################################################
"A word to the wise is sufficient. For others, use more."
"Un mot suffit aux sages; pour les autres, il en faut plus."
##########################################################



---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de