A brief summary because I had to re-read this a few times to figure out what was going on.
Debian had a vote with 4 options:
Option 1 "Hide identities of Developers casting a particular vote"
Option 2 "Hide identities of Developers casting a particular vote and allow verification"
Option 3 "Reaffirm public voting"
Option 4 "None of the above" (NOTA)
The objection raised here is that Option 3 and Option 4 can be considered to be the same depending on how you interpret them (ie; "None of the above" vs "Keep public ballots" which can be said to implicitly suggest none of the above at the same time). If those two were represented as a single "NOTA" option, that option would have won the ballot in terms of votes.
> If those two were represented as a single "NOTA" option, that option would have won the ballot in terms of votes.
If the ballot were different, the results would be too. You can't take the results of one ballot and mush them around to support a hypothetical result; see also counting of the 'popular vote' for US president, a ballot which has never been tried, and whose results are unknowable.
A vote for 4 says (to me, not a qualified voter) I don't like the current voting, and hiding identities is also undesirable; if this choice is selected, the status quo must be continued until a new alternative is voted upon, but there's clearly desire to do so. If option 3 were selected, the status quo had clearly won, and the issue should be considered settled for whatever timeframe Debian considers appropriate.
> see also counting of the 'popular vote' for US president, a ballot which has never been tried, and whose results are unknowable.
I don't follow this point. I'm not an American, but my understanding is counting via simple popular vote vs "electoral college" doesn't change the ballot itself, you still vote for the president directly; it just changes the way the ballots are counted.
Are you suggesting either something on the ballot is different, or that people would making a different vote if it was counted differently?
or that people would making a different vote if it was counted differently?
Two changes would happen. A lot of people who don't vote today because their state either heavily favours the 'wrong' candidate or the 'right' candidate will already win by a massive margin, would start voting, since all of sudden their vote matters a lot more.
Secondly, and more importantly, candidates would campaign very differently. In todays system gaining 1-2 percentage points in swing states like Arizona, Georgia or North Carolina is worth infinitely more than gaining 5 percentage point in California, New York or Massachusetts, and politicians on both sides campaign accordingly. In a popular vote scenario those extra 5 points in California could swing the election which would change the entire focus of not only the campaign, but possibly even the type of policy and even candidates that the parties put forwards.
Stated differently, this makes states matter and rural voters matter in direct proportion to the number of people living there, because all people are equal.
It's not right that a voter in Maine or New Hampshire, which have 1.3 million people and are roughly even between the two major parties, has a high probability of changing the outcome with their vote, while a voter in California or Texas - which have 30 times as many people - is essentially irrelevant to the outcome.
This isn't so different in the EU is it? Smaller countries don't want their needs ignored by the bigger countries so they get more seats relative to their population than big countries.
Maybe it's hard to imagine the United States of American to become 50 independent countries but isn't the way you keep them united is by promising the smaller ones that they won't be trampled on by the big ones?
> isn't the way you keep them united is by promising the smaller ones that they won't be trampled on by the big ones?
Yes, but in the US, at least, it's gotten to the absurd opposite where the minority is more or less assured a majority of votes. In order to avoid tyranny of the majority, we've more or less codified tyranny of the minority.
What's your evidence behind the statement that "the minority" is assured a majority of votes? Both Democrats and Republicans have won the electoral college and each of them throw a big rhetorical fit any time the other wins with it. At some point you have to accept that being equal doesn't always look fair in a micro vs macro sense of time. In the moment it doesn't look fair, when you look at the longer timeline they've had their share of elections. The system seems to be working as intended.
It would be more helpful to describe what a state of affairs looks like that doesn't result in large population states, who already maintain the gift/grift of cultural hegemony, running the country.
This comment is confusing to read. It doesn't matter which party wins the election because the voting system itself is flawed. It's also not a particularly new thesis but an often acknowledged problem.
It might be that this was the intent of the system, that doesn't change the fact that nowadays significant portions of the population have gravitated towards a few very large metropolis, effectively giving disproportionate power to the people living in rural areas
The electoral college was set up to protect less densely populated areas from more densely populated areas, so the situation was always that way; it didn't "gravitate". It's not like "rural issues" are the ones dominating legislation or national conversation either.
To take a step back, I've lived in both rural areas and major cities (I currently live in one). Rural folks being represented in government is not an issue and I find it kind of odd that people try to make it an issue like this. I'm fine having my agenda compete with theirs.
I don't live in the USA, so i'm just repeating whats literally taught in school where i'm from.
there were no metropolis like we have them today back then. City were considered gigantic with with only a few hundred thousand people -- which is maybe a largish town nowadays
Nobody said that rural people being represented is an issue, its nonetheless a fact that they're overrepresented, as they have disproportionate voting power. That term doesn't mean that they shouldn't be represented, it means that they have proportionally more voting power then a person living in a city does.
> I don't live in the USA, so i'm just repeating whats literally taught in school where i'm from
You spoke so certainly about the subject that that was not apparent. Maybe it should have been a question instead?
> there were no metropolis like we have them today back then
In the US there were, and the early development of the US is the reason for the electoral college. You had sprawling cities like NYC having to vote next to people who took months to get to the East coast for voting. Their problems were very different and the electoral college helped balance the concerns of cities that have easy access to imports and labor with areas that had no such things. On the larger scale it helped protect smaller states and territories from the policy and influence of larger states and territories. Again, their problems are very different, and in current day translate to what we end up referring to as urban, suburban, and rural.
> Nobody said that rural people being represented is an issue, its nonetheless a fact that they're overrepresented,
In the US they're not and you still haven't answered my original question, which is how are they overrepresented. You're just stating that's a fact, but it's really not.
Isn't "overrepresented" another way of saying that each individual voter living in a rural area has effectively more voting power then it's counterpart living in a metropolis?
Thats why I'm stating it as a fact,as it sounds like very simple logical connection. It could be a misunderstanding on my part, but it always sounded like a very straightforward situation to me.
No, voting is much more complicated than that and the history of our voting system speaks to that. Purely popular voting, as in a pure democracy, is demonstrably flawed - that's why representative democracy came about. The foundation of your argument is also flawed; if rural areas are so overrepresented then we'd be seeing a lot more emphasis on the funding of rural schools, hospital systems, clean drinking water, and broadband. Instead, these issues are regularly underfunded and are even joked about on forums like this.
There's lots of issues in the US to solve. Voting, imo, is just the pet issue of the losing party.
> Purely popular voting, as in a pure democracy, is demonstrably flawed - that's why representative democracy came about
Every form of democracy is flawed, and it's important to be aware of them. Otherwise things tend to kinda spiral out of control, which they arguably already have in a lot of western nations with wanton corruption and completely insane people getting elected.
Nobody wants full democracy. Full democracy is what allowed Hitler to get away with gassing six million Jews, just because the majority of the population agreed it was a good idea at the time. Now Germany has very strict constitutional protections of certain rights to make it very hard for the majority to violate the minority like that again. State rights act similarly, protecting the populations of individual states to some degree from the arbitrary whims of the majority.
This wouldn't help Jews in WWII because Jews weren't grouped into a single German electoral region.
If you spread 49.9% of the population evenly in a system where states vote rather than individuals, you've insured that this minority gets no representation.
What election are you referring to where the Germans democratically gave Hitler power? His best "fair" election results saw his party get ~35% of the vote, and he only got the largely ceremonial chancellorship through backdoor deals. By the time he became president nobody could consider the elections fair.
The "intended" malapportionment to benefit small states[0] is a far smaller effect than the "unintended" effect of silencing local political minorities. If you wanted to retain the former, you could replace the Electoral College with just weighing votes cast in smaller states slightly more. Right now, neither large nor small states have a say in presidential elections at all - it's purely undecided states that play kingmaker, and it drastically warps the priorities of elected Presidents.
[0] Which is also a problem. You know how everyone says the EU is undemocratic? It's for the same reason why we have an Electoral College - the whole "federal government represents states instead of people" thing.
> You know how everyone says the EU is undemocratic? It's for the same reason why we have an Electoral College - the whole "federal government represents states instead of people" thing.
No, it makes votes in all states count equally. The current system makes votes in certain states orders of magnitude more valuable than votes in others.
States are abstract political entities; it's people who matter.
People are represented in the House by population (less so than they should be since we refuse to let the lower chamber grow in size) and in the Senate by state.
The President of the United States represents every United States citizen everywhere on the planet. The holder of that office should be elected by a majority, preferably with some form of expression of ranking preference, of those voters regardless of what political entity they are currently in or connected to.
The point about the American election is that if people knew going into the vote that it was a popular vote across the country, voting behavior would change.
Many people don’t vote at all because their preferred president has a 0% chance of winning their state and the vast majority of states are winner-take all with the electoral votes
Or they don’t vote because their preferred president has a 100% chance of winning, which is more often the case given their community is already deeply red or blue
> Are you suggesting either something on the ballot is different, or that people would making a different vote if it was counted differently?
That's clearly true, in addition to the obvious fact that campaigning would change dramatically. The OP's point however was that we don't know the extent to which it's true.
An obvious example of people making a different vote would be in California - I know more than one Republican who either didn't vote or voted for a 3rd party 'statement' candidate for president because they knew that all of the electoral votes in CA were going to the Democrat anyway.
Undoubtedly the same thing happens with Democrats in TX or TN or wherever Republicans hold a huge majority and Electors are winner-take-all.
I have done and will continue to do this too. It probably seems like a risk to people in other countries but there are generally very few surprises in the marquee races (I would never do this on down ballot candidates).
Specifically, they use the Schulze method[1] with ranked ballots, which is far better[2] than the IRV method popularized by FairVote[3] and currently making the rounds in the U.S.
> A vote for 4 says (to me, not a qualified voter) I don't like the current voting, and hiding identities is also undesirable; if this choice is selected, the status quo must be continued until a new alternative is voted upon, but there's clearly desire to do so.
That's a difference without distinction, though. If option 4 were to win, then, what would they then do? The exact same thing as if option 3 were to win -- keep the status quo -- no? The idea that an option 4 win might also get people to consider other voting systems isn't really relevant; you don't vote to consider things that you will then put to vote. You just consider them, and then have a vote. So the "legal" outcome of this vote would be identical if either option 3 or 4 had won.
IMO the DPL is correct that this election was constructed poorly: they should have had either option 3 or 4 in there, not both. But I think that might just be a "too bad" situation: since there are no provisions in the constitution for a "do over", I think the only reasonable thing to do is to accept the results of the election, change the voting system, and then propose a new vote to potentially change it back, but this time more carefully consider the options on the ballot.
Unfortunately, because of the supermajority requirement, this probably won't work as intended. Just because options 3+4 on the current vote (had they been combined into a single option) may have been enough to cause the supermajority requirement to fail, it doesn't mean that there will be a supermajority (in a new vote) to switch back to public voting.
I think they screwed up, but in order to preserve confidence in their system, they'll have to suck it up and live with it.
It's not about splitting the vote in that way; Debian's system is robust to that.
It's about the 3:1 supermajority requirement that was needed for Option 1 and Option 2.
It turns out that their rules for dealing with this work by comparing those options against NOTA only; the problem is that it's plausible that many of the voters didn't realise this.
>It turns out that their rules for dealing with this work by comparing those options against NOTA only; the problem is that it's plausible that many of the voters didn't realise this.
And that the super majority was achieved by 1 vote. So in some sense it was a cliff hanger.
But 3 to 1 is a large margin, which likely has a bit of fat. I'm not uncomfortable with it.
> It turns out that their rules for dealing with this work by comparing those options against NOTA only; the problem is that it's plausible that many of the voters didn't realise this.
Yet Another case for approval voting over like, all other voting systems.
Because this is a constitution change, which requires a 3:1 super majority to change, a concept the Schulze method doesn’t really provide for.
The issues arises from how the 3:1 ratio is calculated. Which is by comparing the number of “change it” votes to the number of the “None of the above (NOTA)” votes (this is my understanding of from the email thread).
As a result the number of NOTA directly impacts the number to approval votes needed to win, as a simple majority isn’t enough. Thus having a NOTA option, and an option that looks like a NOTA can create confusion which splits the NOTA vote, because voting “keep public vote” above NOTA, which reduces the number of counted NOTA votes, and increases the number of “change it” votes (as all non-NOTA votes are considered “change it” votes, regardless of practical impact, at least that my understanding from the thread). Thus reduces number of approval votes need to achieve the super majority.
As this vote was won by a single vote, voter confusion on how choice ordering regarding the NOTA option could have swung vote against the intentions of the voting members.
But NOTA and Affirm the Public Vote are not the same. Choosing ATPV would have changed the constitution. NOTA would not have changed the constitution. If this were an American election full of idiots and people who have no idea what they are voting for, then the argument would have weight. These are people who follow the Debian source code debate close enough to give a shit and vote. They knew what they were doing.
As far as I can tell the Schulze method does not satisfy the independence of irrelevant alternatives condition, and so adding an extra option can have an effect on the end result. However the upside is that you can actually recalculate what the result would have been if you remove one of the options, since the voting results are summarized as the number of people who prefer A to B, which shouldn't change if you remove one of the options.
The problem with this is that it is thinking in absolutes during a situation where people are often very willing to compromise their own beliefs just to be able to provide an answer.
In normal elections we see this with people who don't like any choice, but don't want to spoil their ballot. So they pick their next best favorite.
This means that if A is removed, people might pick B or C instead just because A isn't there.
People are tricky. Hard to pin down what's exactly going to happen every time. There are distinguishable patterns and such; but ultimately you can't rely on them as if they are infallible.
As long as you assume people aren't suddenly going to prefer A to B when C is there and prefer B to A when C isn't then you can safely recalculate the result.
Of course people might not necessarily act rationally but you've got to draw a line somewhere, otherwise elections are simply undefined behaviour and talking about properties of elections becomes meaningless.
Okay sure, you have to have some sort of baseline to go by. Some sort of assumption of truth as it were.
But, no, you cannot safely recalculate that result, because by and large people are the representation of chaos. undefined behavior is the norm, not defined behavior. Defined behavior is only present in any of our societies because of 'social norms', which is the only reason I relent and say that some assumptions might be possible. But I will not agree that you can 'safely' recalculate that result just using whatever assumptions some person arbitrarily has deemed 'good enough to trust'.
That kind of thinking is why most polls are actually wrong, but taken as good enough. (Yes, I'm one of those people who nit picks the randomness of their selection biases.)
P.S.
All it takes to swing an election in favor of the underdog is a single new revelation. All it takes is for people to suddenly question their previous choices. A & B might be their norm; but people can be swayed to choose C or D if the situation is right.
This is why we can't really trust assumptions without some sort of evidence to back them. At which point they stop being assumptions...
I agree that human behaviour is unpredictable and irrational, but as far as voting systems go I'm happy to argue that if some change wouldn't affect the result assuming people are voting rationally, then there is no cause to invalidate the vote.
Otherwise you're just arguing the vote is invalid because it would have ended differently in a rerun, and you have to stop somewhere.
I don't understand your point.
In ranking presidential candidates, most left-or-center-leaning voters would rank any and every Democrat above any and every Republican, with Trump as their very last choice. So the presence or not of any specific candidate doesn't change the outcome. They would have voted in whomever the Democrat Nominee was.
There was lots of reporting in 2020 about Democratic voters who preferred another candidate throwing their support behind Biden based on the idea that he was best positioned to win in the general election.
I think what GP meant that if you have two identical option A and B, we could remove A after voting and it would have the same result as not having option in the first place.
I think you got their intent in sharing their belief correct; but their belief is wrong.
If you remove A as a choice, or B, people might go with their next preferred option instead of just not voting at all, etc.
This means you can't know for sure that results would equal the same with or without that option, because you cannot actually assume all actors will vote the same every time. To even begin to think such a thing as true is just asinine when the world proves to us on a daily basis that people are willing to compromise on their beliefs all the time. (No offense.)
"The Schulze method selects a single winner using votes that express preferences. The method can also be used to create a sorted list of winners. Therefore, if several positions are available, the method can be used for this purpose without modification, by letting the k top-ranked candidates win the k available seats."
So IMHO if you wanted to retain transparency and they use ranked voting, I'd go with 4,3,2,1. Someone else might do 3,4,2,1. Either way the result should be counted against secret voting. There seems to be concern that people don't even understand how the voting process works and messed up their ballot. Oddly, this should be verifiable by asking them, since secret voting wasn't in place at the time of this vote.
If you wanted voting secrecy but were unhappy with the proposed implementations of option 1 and 2, you'd vote 4 > 3, leaving room for future alternative proposals.
If you were against any form of voting secrecy, you'd vote 3 > 4, shutting the door on future proposals.
Well, the claim here is that Option 3 and Option 4 are the same in essence so if they had been reflected on the ballot as a single option, then that option would have won out over Option 2, changing the outcome.
Assuming I understand this anyway. The way the votes are reflected is confusing to me
But it's deceptive and political to complain 3 and 4 are too similar but then not also state that 1 and 2 were too similar. 2 also lost votes to 1 being similar.
Also 3 and 4 were not similar. 3 would have changed the constitution to require public voting, 4 would simply do nothing and leave the issue an unanswered question.
This wasn't the general public. This was a few hundred people who carefully follow and care about the Debian project. I'm highly skeptical anyone who voted was "confused".
They use ranked choice voting so this shouldn't matter, as far as I understand RCV eliminates the lowest option one-by-one, passing the votes to the next option on each ballot as if the eliminated option never existed.
The discussion seems to be about ballots with 3 > 2 > 4, and when 3 was eliminated the votes went to 2, allowing it to pass. That's a bit strange because you'd expect a ballot to always have 3 next to 4 since they are so similar.
Debian's vote system does not use instant runoff voting (which is eliminating the lowest options one by one). Instead, it uses Condorcet voting, which picks the options defeating all the others in pairwise competition. (If no such option exists, it gets more complicated. Also, the NOTA option is special and is used to check majority or supermajority requirements before the actual Condorcet process starts.)
3 > 2 > 4 is very clear in that it means "I would most prefer to reaffirm public voting, but I do support secret voting so long as verification is allowed. I oppose secret voting without verification.". It's a meaningful vote. Why are people disagreeing about this?
Because public voting is the status quo, so 3 & 4 are identical in what they would (not) change in the procedures. 3 is just an additional statement of support. If you support public voting (3) you also support 4 over 1/2.
Not necessarily. As I understand it, 4 (NOTA) is special, because in a vote to change the constitution of Debian, you need 3 times more votes for a change than NOTA votes. Thus 3 > 2 > 4 would mean "I prefer 3, but if the majority supports 2 I will side with them instead of against them". In this case, I can imagine people thinking "I personally think public voting is fine, but if a lot of people think we should have secret votes, I have no problem with changing the constitution to allow those."
Public voting is not status quo outside of Debian. In the real world the only places that have public voting are places that are controlled by dictators.
Most (all?) US legislatures don't have private voting and are not controlled by dictators; not sure about other countries. Voice voting does happen in some contexts and doesn't leave a record of who voted how, but most contested votes are recorded.
To me, Debian Developer feels more like a position of responsibility and representation than a member of the public. But I'm not one, and I don't know what the expectations are.
Something else which hasn't been suggested yet. Basically it could be that you are not opposed to the secret voting in principle, but you think current proposed options are not fully baked yet and you also think that current status quo is sub-optimal too.
Maybe you want for some votes to be public and some votes to be private. Putting "all votes should be {public,private}" in the constitution prevents that.
What does "reaffirm public voting" mean in this context? Would "reaffirm public voting" have resulted in concrete action that would not have occurred had "none of the above" won?
Stopped using Debian a long time ago, and this is just making me glad I did exactly that.
What kind of hairbrained nimrod came up with that idea!?
You can't have mixed voting methods and still call it fair in any respect. Any chance there could be tampering should be considered not just to be happening, but to be assured to happen. "Secret ballots" of any sort when everyone else is not partaking in said "Secret ballots" just creates a skew towards unfairness and improper results. Assuming those ballots truly are secret and not just pseudo-secret. If true secret, then there is no way to track properly for sure if there is tampering...
I doubt anyone with Debian is going to be listening to me on this; but perhaps they should.
Debian crew: No. Normal voting methods only dammit.
Like they are going to listen though. In the meantime, I'll be using a different version of Linux. Debian has been dead to me for a long time now.
I stand behind Debian to do votes in secrecy. During the RMS issue, I've seen many people who did not have their ferocity under control. This went as far as people wanting to have the "others" removed from the Debian project.
People not being able to cast their vote without having to fear repercussions is justification enough for secret votes.
Is there a good rundown over what people were actually getting mad about with RMS? RMS has done a lot for free software, and while I think the whole GNU/Linux naming pasta is a bit silly, what RMS did with emacs, gcc, and copyleft is genuinely heroic in terms of accomplishment and impact.
So far as I can tell, it's "RMS defended Marvin Minsky" and "RMS said something about sex with teenagers not being super terrible many years ago".
Also, was the Minsky thing related to Epstein? Because if so, it's hard to blame Minsky for falling victim to a international intelligence operation that also ensnared presidents, financiers, and movie moguls, all of whom are far more shrewd and worldly than any mathematician has a right to be. And the right thing would be to blame the foreign power that was doing the ensnaring, IMHO.
I agree with you in spirit, but I believe open voting is a better "ideal" system; Debian as a group just doesn't have the time/motivation to deal with the issues inherent in open voting, and I can't blame them for that.
If you can't justify your vote, then maybe you shouldn't be voting. Anonymous voting should be enjoyed by the masses, never the ones representing them.
> If you can't justify your vote, then maybe you shouldn't be voting.
Sorry, wrong in every possible sense of the word. The only true way for an individual to be free from the consequence of placing their vote is for voting to be anonymous.
Any argument that a voter must face direct repercussions for their vote makes voting pointless.
> Anonymous voting should be enjoyed by the masses, never the ones representing them.
Well, since the debian voters are not, as far as a I know, elected by voters themselves, they are not representing anyone.
Debian developers are not representatives. They were not elected, and they are not representing anyone's opinion other than their own. The elected positions in Debian are mostly administrative and any decision requiring voting goes to the developers as a whole, not just the elected officials.
I'm not disagreeing with the rest of your reply, but these are nonsensical statements in context. It's presenting an assumption that the governance systems in other versions are better. I've seen a lot of projects with BDFL leaders and no voting whatsoever. Linux itself is famous for permanently keeping a BDFL in charge and not really having voting, so in some sense we might be able to say they all suffer from a lack of voting methods in some areas.
With secret voting you can deflect responsibility and not really hold anybody accountable, with a benevolent dictator... er, well it can't be anybody but Linus' fault as all decisions flow through him.
That is fundamentally different from what the parent reply is saying and that makes no sense either. The entire point of putting open source code out there for free with no warranty is to avoid accountability, in favor of more transparency. A BDFL is only legally accountable to those who pay their salary, and the companies that care about accountability will pay them in exchange for signing private long-term contracts.
I'm a long term Debian user, and while I'm not sure I'm super happy with this, which distro are you using that is is more transparent than Debian wrt their decision making process?
It goes without saying that all the commercial distros are disqualified. Anything with a (B)DFL is obviously disqualified. Anything run by a small cabal that could easily communicate in an out of band way is disqualified. What do you have left?
Apparently by a single vote and the legitimacy of the vote is in question due to some technicality I didn't care to reread until I understood. What I don't understand is why the project is NOT already secret voting? Do not most free democratic countries practice 'secret ballot' voting specifically because not doing so caused all kinds of problems like voter intimidation? I googled the first three that came to mind (france uk, usa) and they all seem to do so.
Anyone associated with the Debian project have any insight on why voting is not secret and/or any other large os projects doing the same that could chime in?
The US is not homogenous in the technology used to vote - running elections is left to the states, and different states use different polling technologies.
The systems we have for voting in Washington DC seem to be a best-of-both-worlds approach. There are touchscreen kiosks that you use to make your choices, then the kiosk prints out a properly marked paper ballot that it asks you to verify. Then you take your ballot over to the normal scanning machines. You can also request an unmarked ballot and fill it by hand if you prefer.
The kiosks can provide a wide range of assistive tech (larger fonts, instructions in a variety of languages, and headphone jack for audio prompts). They also help ensure you do not miss a question - you must explicitly choose "skip" - and they help ensure you select between 0 and N choices in choose-N questions. Also they print a clearly-marked ballot which helps avoid ambiguities like if somebody partially fills a circle by hand.
And best of all, the end product is still a physical, auditable piece of paper.
If you suspect a problem with the vote-counting machines, you can audit the paper votes with pen and paper. But in the cases where there isn't much reason to doubt the outcome of the election, you can save the cost of all that labor by letting a machine do something machines do really well.
I highly doubt the assertion that spending money on buying and maintaining voting machines will ever exceed the cost savings from not paying people to count paper ballots.
Electronic voting systems using zero knowledge proofs are superior to paper votes because it's possible to check for yourself that your vote was actually counted and not ignored.
Paper voting is extremely expensive to scale compared to a website that lets you vote. Everyone could get a notification on their phone when they are asked to vote on something as opposed to having to fill out paper and send it somewhere to be counted.
> it's possible to check for yourself that your vote was actually counted and not ignored.
That's a bug, not a feature. The point of not doing that with paper voting is that it makes selling your vote difficult, as nobody else can verify what you voted for. You on the other side know that you put the ballot in the box and can stay around to see if the votes in the box get accurately counted.
With electronic voting you lose that. You either have to blindly trust the system or by allowing vote verification make it easy for others to sell the votes.
It's a trade off. I want to be able to prove that my vote was counted. How can I trust that my voice was actually heard by the system?
>as nobody else can verify what you voted for.
You can mitigate this problem by giving people a way to fake any vote outcome. The voter knows how to verify their actual vote, but someone else would not be sure if what they verified was real or fake. Also I doubt this type of buying votes with verification is that big of an actual thing. You can trivially do it with paper voting to by just asking them to stream themself voting or by taking a picture of their ballot.
>You either have to blindly trust the system
Having someone else count votes without the ability for you yourself to count votes and check to see if your vote was included is the opposite of blindly trusting the system.
> Also I doubt this type of buying votes with verification is that big of an actual thing. You can trivially do it with paper voting to by just asking them to stream themself voting or by taking a picture of their ballot.
It's not so much selling votes, as to discourage voter intimidation: The husband forces his wife, the boss forces his subordinates, the local mafia forces their victims to vote a particular way.
I don't know the rules in the USA, but in the UK it is generally forbidden to stream yourself voting or take a photo in the polling station. Maintaining the secrecy of ballots is high priority.
Someone might still privately take that picture of their ballot paper, after all there's a private voting booth; the officials wouldn't know. You're allowed to say you made a mistake and ask for a replacement ballot paper, so you could show your boss the version they want to see, and then vote differently.
> I don't know the rules in the USA, but in the UK it is generally forbidden to stream yourself voting or take a photo in the polling station. Maintaining the secrecy of ballots is high priority.
Except we allow postal voting pretty much willy nilly, especailly in areas where intimidation can happen
I don't know how it's done in the USA, but in Germany voting by post has to be carried out before the day of the election. The actual postal votes are stored and only opened on the day of the election. After somebody send in their postal vote they can go to the public voting office and declare to invalidate their postal vote. The people counting the postal votes will get a list with invalidated votes and remove these envelopes before the votes are opened. The person who invalidated can then either do another postal vote or vote at the ballot box.
So in Germany postal voting is secured against selling votes.
If there is a way to invalidate a vote in the UK, I'm not aware of it, and as someone who's actively stood for election I've got a greater awareness of the average voter, and 50% of people have less awareness than the average voter.
It's not about selling, which would be easy to detect like all large conspiracies. It's about subtle coercion that postal voting can enable.
That's due to a trade-off of requirements, to maximise free and fair representation.
Lack of postal votes makes the ballot less fair and representative, because it affects people with systematic bias in relevant sub-populations (wealth, working conditions, age, health, etc) and areas.
In areas where intimidation can happen... for going to the polling station. (All the intimidator has to do is post menacing guards, soldiers, etc. outside the station or on the routes to it. There are plenty of news reports of this happening in some countries. I'm not aware of this in the UK though.)
So the question is whether you get a more fair and representative vote outcome by allowing postal voting, or by disallowing it.
The balance of trade-offs has led to UK policy allowing postal votes, encouraging each individual to fill out and seal their vote in private, and use statistical and other investigation methods to look for signs of fraud, while maintaining a high standard of secret ballots when voting in person.
That might not be the balance that works best in other countries. In the UK it is said by the Electoral Commission that there is no evidence that postal voting has changed electoral outcomes to date, but some attempts at large scale fraud were discovered and prevented.
I canvas in a rural ward, about half of voters are postal voters, many have adult children living with parents, and where one is postal, usually all are postal.
It's quite easy to see how a secret ballot can be not secret if the (typically patriarch) says "lets fill the forms out together and I'll take them all in"
> How can I trust that my voice was actually heard by the system?
Most vote countings are public. I can go to my polling place, cast my vote, check that nobody tampers with the box, watch how they count every vote correctly, ensure that the written tallies are correct, and then verify that the central system tallies match with those I counted.
Less work isn't the optimisation goal, though. Reliability, trust, verifiability, secret ballot, etc. is what it is about. If things can be made more efficient without sacrificing the primary goals ok, but if I as a citizen can't verify the results anymore (by watching the count etc.) the purpose isn't met.
With paper voting you can see that there are real people casting votes. With electronic voting it is trivial to add fictious voters and vote for them, especially in countries where voter lists are not published.
Tell that to the people who now, instead of just going to a polling place and placing a paper on an envelope, have to download and store digital certificates, possibly download and install new programs and deal with the troubles of all that, just so "verifying votes" is slightly easier for the minority of people with the knowledge of the system and ZK proofs.
Also, you're assuming the system is perfectly implemented. In reality, such a system will be complex, will have many more pieces than the ZK system itself (and those pieces will have vulnerabilities), and will require users to do more which will also be prone to errors and vulnerabilities.
I don't understand the insistence on electronic voting for elections. It's less transparent to laypeople, offers small benefits and adds significant complexity both in the implementation and use.
The problem is that it solves a problem that nobody actually has and provides tinder to make a problem that actually exists worse.
Political machines exploiting nursing homes, pushing absentee ballots on the elderly, etc are already problematic, and allowing field GOTV teams to collect this type of data in mass is would make expanding these operations in size and scope.
You’d also create the new problem of hyper-partisan people crying about voter fraud. You’ll have a bunch of lunatics running around with fake ballot receipts to push whatever narrative they are trying to push.
In my state, it’s illegal to take pictures of ballots at the poll, and there are bipartisan poll inspectors that will shut that down if it happens.
You also want to be able to check if your vote was falsely counted, lest an unscrupulous election operator simply reassign all but a handful of votes to its preferred option.
Vote selling is a pretty nasty problem to work around.
I would normally agree with you, but no voting system today can provide you an answer to this question.
The problem of unscrupulous operators can be circumvented if the votes are in a public ledger where the voter can backtrack their vote to the ledger "yes, its' my vote, nobody tempered with it", but the vote in the ledger can not be linked to the voter.
To be clear, the property we want is, broadly speaking, "hard to tamper with (at scale) without getting caught". Ideally we would also catch tampering at small scale, but that's darn close to incompatible with denying vote buying. (A possible resolution is, of course, "well, what's wrong with vote buying between informed consenting adults?" But the unfortunate history shows that our electoral systems must compensate for underinformed coerced voters, and their regulations are written in blood.)
Existing voting systems do have a countermeasure, if not a fantastic one: creating a trail of physical artifacts that can be manually audited to verify vote totals, and a roll of accepted votes to compare the count of said physical artifacts against. It's not fantastic because the error rates on those physical artifacts are stupendous, but tampering with votes at scale can then require (a) physical access, which humans are well-equipped to reason about, and (b) generating and destroying big piles of said physical artifact, which is expensive and expensive to hide. The gold standard of tampering with physical elections that we know of is basically denying observers the chance to audit, which is rightly considered suspicious.
Tampering with electronic votes at scale does not have these cost properties. We can magnify costs without giving voters the ability to prove their votes to a third party (I am aware there are probabilistic constructions), but all such constructions (a) are much harder for the average voter to reason about than monitoring physical access (humans are quite optimized for monitoring physical access), yet (b) requires voters to actually audit their own votes and report non-inclusion en masse. You can see why this is a non-starter.
I don't know if you realize, but you moved the goal posts a little. Yes I agree that an electronic system would be more difficult to wrap your mind around as a layperson, but if you go now on the street and you ask someone how paper ballots work in their district, I bet that even though they know the big picture, they will fail at the details.
So the common person will probably not understand the cryptographic underlayers of this theoretical new system, they need to have confidence "in the science". I know that doesn't sound as good, but we're heading towards a world where computing literacy is increasing, so in some years that could be possible.
Paper voting ensures privacy and voter verification, something even the best electronic solutions can't properly handle. No thanks, I can actually show up and vote once every few years.
I don't understand the argument of reducing cost of elections and scaling. The current paper system in place in most works (at least in European countries where I've witnessed the process) and doesn't need to scale more. If actors in a democracy can't afford such a system, and the occasional (once, twice a year) walk to the voting place, 15 minutes wait and fellow-citizen interaction, can't we accept they don't care for voting and participating and stop listening?
I'm all for accommodation of special cases (people with reduced mobility or unability to be in contact with other people) but we already have the necessary systems in place (mail-in or vote delegation).
Literally one of the last places I'd check for change or optimization. It works, leave it alone, I'll happily pay the 3 or 10eur a year.
> I don't understand the argument of reducing cost of elections and scaling.
How about if we could scale ballots to such an extent that a citizen can vote from wherever/whenever on all issues they're interested in[1], not just a head of state election every X years? Wouldn't that be a more democratic process ?
I believe it would, and that paper ballots won't get us there.
Well, I live in a representative democracy, and it mostly works. I don't think the vote is only way to express political power, just the most 'sacred' and extreme of all. The one of removing your ruler (or ruling party) from power.
And making people vote on issues they're interested in just makes me think only extremes will be heard and counted, and I would have to give my opinion on a bunch of things I don't really care about, or am not quite competent enough. To me, the democratic vote should be a precious rare thing, to elect a representative or a bunch of them, and trust them to do a non-too-shitty job of it.
Referendums, IMO are among the worst democratic moments in my republic, and I feel my concitoyens (from talking to some, and reading what they say in polls or public forums) don't really vote on the specific subject but on a global policy rant. It's a place to vent, not to decide ; when your elected ruler throws up his hands and gives you back the wheel at the last moment, with little context, FSD-style.
> I don't think the vote is only way to express political power, just the most 'sacred' and extreme of all. The one of removing your ruler (or ruling party) from power.
Indeed, the voting is less about getting people you want to have power, but more about preventing people you don't want from getting power (or retaining the power). Votes don't directly affect the actual policy decisions that representatives make afterwards, you're not legally bound to fulfill your campaign promises. What voting process does instead is telling the society, ‘See, the elected officials are not massively hated by the people, no need for a concern’.
The thing about representative democracy is that your representative is still your representative even if you didn't vote for them.
When the ballot process can be done in the morning with your coffee and toast, maybe more people would be inclined to apply judgement and vote in good faith.
And I think I speak a truism when I say that more deciding power for each citizen is a better kind of democracy than representative democracy. What I'm hearing from you are just hypotheticals that nobody can be sure of without actually trying a system like this. Basically that's all I'm saying, the current democratic process leaves a lot of citizens without proper representation and probably we need to move in a direction where that's not true any more. We need to look at alternative ballot systems which would allow that. If the current political strata are wrecked in the process, all the better.
American here and I have had to wait >2 hours to vote multiple times. In the worst instance someone tried to illegally close the polling place even though people were still lined up outside. This is in clear violation of state law. So long as you are lined up to vote before the polling place closes they have to take your vote. To the sheriff's department credit (they are generally terrible) the deputy who responded refused to make people leave and told the worker they had to stay open. When I lived in a more rural area of the same county I would just walk in and vote within a couple minutes. I'm sure it isn't broken by design though.
The American voting system seems broken in many ways that have not much to do using paper.
Elections taking place on tuesdays instead of weekends for some reason, low polling-places-per-voters ratio (though numbers are hard to find), ballots with multiple non-trivial questions, etc.
Before turning to voting machines, there's a lot that could be changed at every level. Moving Election Day to weekends would be a good start.
The American voting system is broken by design. There used to be reasons and conventions, and there is a somewhat excessive regard for states rights, but you could build a system that keeps that regard while being sane and fair. The fact that the US political classes would rather focus on gerrymandering instead, tells you all that you need to know about motives.
I don't even understand the concept of voting on workdays. WTF. This is a sacred thing! Especially if you want citizens of all horizons participating (and I want people from all sides to check on each other - without being too disruptive by default... I mean there's a process for reporting and all - doing it on a weekend is a minimum.
See, no need for fancy tech. Paid officials and unpaid volunteers manning everything.
What that means is that you don't live in a city in a republican state. For the past couple decades, the GOP has gotten increasingly brazen about reducing the number of polling places for the people they don't want to vote.
Assuming no vulnerabilities on the ZKP system, a perfect implementation and no information leak from other sources.
> What do you mean by this?
I assume that ensuring that the person voting is who they claim they are. If someone steals the certificates of that person, they could impersonate them.
> This is a lot of friction which prevents many people from voting.
In Spain (and I guess in a lot of other countries) voting in-person means walking to the closest polling center (99% of the time it's less than 10 minute walk) on a Sunday, picking up the paper, doing the queue (maybe another 10 minutes) and walking out. The alternative is mail-in voting, which usually takes a few minutes of walking to the closest post-office, signing some documents and waiting for the ballot to come. Compare that with getting the certificates, storing them securely, downloading the program to do the voting, installing it, praying it works, then using the program and cast the vote. Think of all the people who aren't good with computers, and how easy would it be for them to do all those steps correctly.
In the ideal case I agree that electronic voting systems would be better. But the world is not ideal, quite a lot of things can go wrong with them because of their complexity and detecting those issues will be difficult. On the other hand, paper voting is fairly simple, the number of things that can go wrong is low and easy to detect by anyone.
Government-issued certificates for electronic voting are a terrible solution because it is trivial to generate millions of certificates for fictious voters and vote in their name.
Friction to prevent people from voting is a US phenomenon where voting participation (i.e. turning up and declaring something, even if it is an abstention) is not considered a legal obligation - and thus, the lack of participation is not viewed as a possible attempt to interfere with democracy.
It costs $x to run an election and count the votes for Y thousand peple voting for a position, that scales pretty much linearly - have 1 ballot and 1,000 votes costing say $100, have 1 ballot and 1 million votes and it costs no more than $100,000
> Only if you're an expert cryptographer, else you're deferring to the authority.
At least it’s still provable, a plenty of people can afford to hire their own cryptographers to do verification. Foreign observers can also do the same.
> a plenty of people can afford to hire their own cryptographers to do verification
That's still deferring to the authority. The cryptographer I paid to says it’s all verified, these 1,000,000 people believe them, so naturally I must believe too because why would they lie – is that how it goes? Why not then just drop this whole voting thing, managing keys, checking proofs – why waste time on all this, just let cryptographers announce the results? You trust them, right? They're smart, they'll probably make good decisions.
Paper ballots which can be counted by hand reasonably efficiently enforce a low-tech process that is understood by literally everyone, is resistant to fraud at scale, and leaves massive amount of literal paper trail for audit with no extra provisions. If a citizen wants to be an observer – they just go and see ballots counted. If ZKP were used then what, why only qualified cryptographers are allowed to be qualified observers? Is this really a necessary requirement for a voting process?
Paper voting is provable too. Vote and then observe the counting which is usually public. You can take a look at the box to ensure that it hasn't been tampered with.
Paper voting is vulnerable to basic sleight of hand, and your ability to effectively monitor the count is somewhat limited.
Electronic voting can be much better, but it is of course not a terribly easy problem to solve.
For what it’s worth, I don’t believe that paper voting is particularly problematic. But I do think that electronic voting could make voting easier and more accessible.
I don't know how vote counting is done in other places, but I've seen it in my country and it's not vulnerable to basic sleight of hand, at least not for more than one or two votes. Poll workers are all citizens randomly selected, the president of each table takes envelopes from a transparent box, opens them, shows them to the other three or four workers of the table (plus any observers that want to be there) and declares the content of the vote.
> But I do think that electronic voting could make voting easier and more accessible.
I don't think so. Think of all the people who have difficulty with basic computer/phone tasks, either because of knowledge or accessibility issues. Do you think all the steps to securely cast votes with an electronic system are going to be easier and more accessible for them?
> I don't think so. Think of all the people who have difficulty with basic computer/phone tasks, either because of knowledge or accessibility issues. Do you think all the steps to securely cast votes with an electronic system are going to be easier and more accessible for them?
I don’t think an in-person electronic voting system needs to be any more difficult than current paper ballots.
Certificate management is more difficult than simply holding an ID card, going to a website/downloading a program is more difficult (and has more potential problems) than going to a polling station, and doing all the steps the program requires will hardly be as simple as "put paper in envelope".
> Electronic voting systems using zero knowledge proofs are superior to paper votes because it's possible to check for yourself that your vote was actually counted and not ignored.
Which means somebody can hold a gun to your head and force you to prove that you voted and that your vote counted.
That is not, to put it mildly, desirable in an election.
Well at least where I live (the UK), it's illegal to film in a polling station and the staff in the polling stations should be looking out for that and reporting it.
More importantly (with both postal voting and in-person voting) it's impossible to perform these attacks after the fact, but if you have a receipt of your vote it can be done at any time after you vote.
Unless they also demand that you film yourself continuously up to putting the envelope in a mailbox, they can't be sure you actually mailed the ballot or that you didn't invalidate the result later.
This would risk exposing yourself, and in turn, the intimidator.
But if only one ballot is mailed per citizen, they can be reasonably sure you didn't vote for the competition.
Electronic voting is very difficult to monitor and verify independently, especially when voter lists are not publicly available. It is difficult to verify whether turnout number is correct, and on the countrary it is easy to add millions of fictious voters and vote for them.
> it's possible to check for yourself that your vote was actually counted and not ignored.
Let's say you voted for candidate A and didn't find your vote. How can you prove that you really voted for A?
> Everyone could get a notification on their phone when they are asked to vote on something as opposed to having to fill out paper and send it somewhere to be counted.
Voting with such system is equivalent to publishing results without any actual voting.
> Let's say you voted for candidate A and didn't find your vote. How can you prove that you really voted for A?
With ZKP it would look something as follows:
1. Encrypt a vote with a commonly known public key and publish it to the bulletin board.
2. Shuffle the votes and producing a ZKP proof of correctness assuring that only votes from bulletin board where shuffled, no vote were added, removed or modified.
3. Tally the votes and produce a proof of correct decryption.
The argument is that since authorities does not know the choice of the voter they would accept the vote to the authenticated and public bulletin board which would prevent vote omission.
I didn't understand the algorithm completely (for example, whether you post your vote anonymously or under your name, and where is the private key for the public key you mentioned).
Let's say bulletin board software replaces the vote with 20% probability. You post your vote for candidate A and see that it didn't appear on the board (because the board replaced it with vote for candidate B, but you don't know about it). How can you prove that you tried to vote for A and not for B? The records show that you have voted, and as voting is anonymous it is impossible to know how you voted.
Of course, there are other ways to meddle with such election. For example, you see that the turnout is 99%. How can you verify this number? The government refuses to publish a list of voters because GDPR doesn't allow that. And even if the country publishes this list how you can verify that the list doesn't contain fictious voters?
> I didn't understand the algorithm completely (for example, whether you post your vote anonymously or under your name, and where is the private key for the public key you mentioned).
It's best to illustrate it with the ElGamal cryptosystem. Let's say that system officials have set up keypair `sk`, `pk = g^sk` and let everyone know `g, pk`. To submit a vote, the voter selects an option corresponding to a message `m` and encrypts it with a freely chosen randomization factor `r` and obtains a tuple `(g^r, m*pk^r)`. He signs this encryption under their name and sends it to the bulletin board.
The last bit is whether to allow everyone to see that you have or have not voted so whether the fact that you have participated in the elections. There seems to be the consensus in the literature that the signature should be concealed from the public and be allowed to verify only for independent auditors.
> Let's say bulletin board software replaces the vote with 20% probability. You post your vote for candidate A and see that it didn't appear on the board (because the board replaced it with vote for candidate B, but you don't know about it). How can you prove that you tried to vote for A and not for B? The records show that you have voted, and as voting is anonymous it is impossible to know how you voted.
One way to preserve the integrity of the bulletin board is that upon receiving a `vote <- ((g^r, m*pk^r), sig)`, the bulletin board issues a signature on the `vote` and returns it to the voter for the latter to assert for the vote to not be changed. Even when the signature is not present on the bulletin board, the voter can check the presence of `(g^r, m*pk^r)` as the randomization factor makes it unique for each voter.
> Of course, there are other ways to meddle with such election. For example, you see that the turnout is 99%. How can you verify this number? The government refuses to publish a list of voters because GDPR doesn't allow that. And even if the country publishes this list how you can verify that the list doesn't contain fictious voters?
The fictitious voters are indeed a thing if we can't trust the independent auditors of the bulletin board. Personally, I would never support an internet voting system where the result of the elections would lay on the integrity of a few trusted auditors who have special access to do so. Thus I would greatly prefer for the voter lists (the signatures) to be public in spite of losing participation anonymity.
Electronic voting does not require centralization. Elections are administered at the county level.
This isn’t a rocket science problem. Best bet is to set mandatory requirements that machines must meet to get federal funding, let companies compete.
Security people tend to hand wave about election tally machines because it gets eyeballs. The reality is they work mostly fine, and the risks associated with them are usually more about process than nerd stuff.
While not built for the purpose of voting, there have occasionally been some coin-weighted polls using the Zcash blockchain. The ability to post encrypted and immutable transactions, and selectively share viewing keys has interesting possibilities, certainly.
That said, we in the Zcash community have usually used another system when holding secret-ballot votes within our community: Helios.
I do not think that we have investigated electronic voting enough to be able to say it's not feasible with such certainty. I wouldn't start with national high stakes ballots, but I'm confident that if enough smart people put their mind to it, a solution is possible.
The problem isn't one of technology but one of procurement processes. Electronic voting is largely a solution in search of a problem (purely manual processes work fine for tallying votes), and so the field is dominated by bad actors selling whatever to clueless politicians.
Maybe because only Debian Developers can vote; the rest of us have no vote, so effectively the DDs are a sort of "college of electors", and it seems reasonable to me that users should at least have visibility into how the electors are voting.
I mean, I think it's OK that only DDs get to vote; but the Debian Project is supposed to be transparent, so I'd like to be able to find out how people voted.
FWIW, I'd like some kind of representation for Debian users.
Many DDs (most?) also work on other Linuxen, and are not particularly committed to "The Debian Way". My guess is that most Debian users use mainly Debian.
If users had had some representation in the systemd decision, I think it would have gone the other way. Package developers naturally don't want to have to target two init systems; I suspect a plurality of users are server admins, who would have been likely to vote down systemd.
It's hard to see how user representation could be made to work though; I don't want users to be able to tell DDs how to work. I just wish users had a bit more than zero voice.
> FWIW, I'd like some kind of representation for Debian users.
I'm very, very confident that that would be a bad idea. I, for one, would retire as a DD if (non-DD) users were given a vote. Listening to user input can of course be really great, but as soon as I have to follow rules made by outsiders, it starts feeling way too much like work and too little like fun. I maintain mostly very unimportant packages, so what I'd do isn't that big of a deal, but I suspect this attitude would be echoed in many other DDs.
> Many DDs (most?) also work on other Linuxen, and are not particularly committed to "The Debian Way".
Really? I doubt that. Apart from some overlap with Ubuntu (which is a Debian derivative anyway), I would definitely guess that it's not that many. But this is just as anecdotal as your statement, of course. I rarely see people say "in [insert distro], we usually do it like this" or the like on the mailing lists.
> If users had had some representation in the systemd decision, I think it would have gone the other way. Package developers naturally don't want to have to target two init systems; I suspect a plurality of users are server admins, who would have been likely to vote down systemd.
I refuse to get into a discussion about what "a plurality of users" might think about systemd, but you illustrate my first point really well: once we have to start doing things we ourselves don't want to do, by order of some outsider, it's no longer fun. It's work. I expect to be paid for work. And I expect outsiders to stay out of my fun.
The legitimacy was questioned by a single person, so far all replies indicate that said person was simply mistaken on multiple counts, and in the meantime, said person no longer sees a problem.
Reasons against secret voting were expressed in ballot option C:
Secret voting is done in elections, but voting in parliaments is not secret.
The politicians in a parliament should vote publicly, so they can be held accountable for their voting behavior. The people want to check if the politicians they elected actually vote for the things they promised in parliament.
(In the case of Debian: I have no idea if this situation is more like an election or voting in parliament, and I have no opinion on the topic.)
This is sometimes the case here in Germany, and one reason we do it is because our representatives are explicitly, by the basic law bound only to their own conscience.
Representatives toeing party lines is seen as an impoverishment to democracy.
Not really unless you think of democracy only as a glorified strawpoll. Inherent in the free mandate that representatives here have is the idea that they can and should exercise their own judgement independently. Sometimes this may even be against their constituents (or anyone else) so a degree of secrecy is important. In legislative in general to make independent decisions.
Excess transparency means representatives will pander only for votes/money/attention, it's for example why every televised American congressional session makes you lose braincells. Because they're only talking to the TV, they're not actually deliberating.
>Excess transparency means representatives will pander only for votes
That's how democracy works. Pandering for votes and then acting on behalf of your voters interests is kind of the point.
Im honestly kind of shocked to be reading this on HN in 2022. This is the kind of thing monarchists said in 1684.
>money
Legislative secrecy is a great way of letting money corrupt democracy since it eliminates the feedback loop between the legislator acting on behalf of monied interests and being democratically punished for it at the next election.
Then the question becomes: are we the DDs more like MPs or more like citizens? I'd say we're more like the latter. MPs work for the citizens, and therefore their work must be open to scrutiny. Secret votes of citizens, however, is the norm.
(Full disclosure: In spite of what I wrote above, I did vote NOTA above all other options. I am not confident that I'm ready to change the status quo.)
>Do not most free democratic countries practice 'secret ballot' voting specifically because not doing so caused all kinds of problems like voter intimidation?
Seems like you answered your own question right there. A faction inside the project want to intimidate and punish people who don't conform to group think and a larger faction wants to squash that possibility.
I was surprised too. You have to have secret votes to stop intimidation, and also collusion. If people can prove they voted a certain way then they can be bribed.
"Do not most free democratic countries practice 'secret ballot' voting specifically because not doing so caused all kinds of problems like voter intimidation?"
I would argue a software project and a nation state is not the same kind of organisation.
I am not involved in debian, so I would not judge what is the best system for them, but for example a group of friends making a decision on where to party, make sports, vacation, etc. - would secret voting here make sense? I don't think so. When people are not afraid to speak their mind - then a real consensus can be faster found. So I do not really think "secret voting" must be a standard. It depends on the organisation (and the size, people involved, etc).
> Or do you practice secret voting in decision making among your friends?
Now you are making a strawman. But I'll answer anyways. If I had a simple way to do anonymous polls with friends (e.g. an app) I would certainly use it because it would be a fun experiment.
But this is besides the point. Social pressure exists amongst coworkers, volunteers, friends, families and even couples. A lot of it.
That's why secret voting is useful in many environments even where people trust each other.
Maybe, but if you have those situations with friends/family, then there is probably something else horrible wrong in the first place. (even though it might be common)
Most software projects don't have the same threat models as "most free democratic countries". In fact, while we've settled on some level of democracy being a good thing in running our countries, we're very much open to other approaches in software development, often using methods closer to monarchy or centrally planned communism, and not ruling out complete anarchy.
With that in mind, it's not clear that just because Debian embraces some of the trappings of democracy, it should also insist on the secrecy of the ballot. Non-secret ballots have their advantages too - even your cited "free democratic countries" use them at the parliamentary level.
> What I don't understand is why the project is NOT already secret voting?
There was a debian poll that people were afraid to vote in because they expected harassment for their position[1]. That poll raised the question of secret voting.
In my mind, the best option for Debian going forward would be to have public voting records, but have each future poll include a single option at the bottom for "Redo this poll as anonymous".
If more than (for example) 10% of the votes are for redoing the poll as anonymous, then redo it as anonymous.
They way they are doing it now makes it an all or nothing way for every issue that will be voted on in the future. My simplistic proposal above allows polls to be anonymous based on whether a minority feel that they will be harassed by a majority.
[1] Whether or not their expectation was realistic or not is irrelevant.
> Do not most free democratic countries practice 'secret ballot' voting specifically because not doing so caused all kinds of problems like voter intimidation?
Because the voting developers are part of "governance". They are like senators. Nobody allows secret votes in government. When senators vote, their votes are public for many reasons.
Well, it depends. I was actually thinking most places weren't secret votes because while the vote of the general public is a secret, the vote of members of parliament is NOT a secret.
I wonder what the pros/cons would be for parliamentary votes being SECRET in a democracy...
For anybody wondering why you might want some sunlight to disinfect the voting process a look at how the NSA has previously managed to corrupt internet standards:
I'd be shocked if they didnt also have their claws into debian's operations for similar reasons.
I'd not be very surprised if they were indirectly behind this push either. The fact that this seems to be inspired by the people backing the very obvious hatchet job done on Richard Stallman only makes me more suspicious that its motives are anything but pure.
The biggest threat model here is probably the NSA using its assets to sway votes (probably unknowingly for most if not all, if they are influenced by a third party they dont know is fronting the NSA). Secrecy will make it that much easier to corrupt votes.
Tolerating a bit of personal abuse and cracking down on it separately is probably preferable to the existential threat to free software this presents.
> The fact that this seems to be inspired by the people backing the very obvious hatchet job done on Richard Stallman only makes me more suspicious that its motives are anything but pure.
From the outside looking in, it looks like another obvious SJW coup.
You're phrasing of "sunlight to disinfect the voting process" is rather disgusting personally...
You try to twist something that's quite horrible, namely voter corruption through public opinion as if it is somehow "disinfecting" anything. The mob mentality of the internet is best kept away from any voting base.
These people are making decisions that affect all of us on our behalf. Decisions that affect the security and integrity of the software we rely upon every single day.
It is not "disgusting" that we be allowed to question their decisions.
Every introduction of democracy or futherance of democracy has been castigated by autocrats as rule by mob.
The sickening irony here is that it looks like this was done to try and protect the identities of members of the mob who tried and failed to cancel Stallman.
> These people are making decisions that affect all of us on our behalf. Decisions that affect the security and integrity of the software we rely upon every single day.
Since when do Debian developers owe the public anything?
They don't represent you, they don't owe you anything and you are absolutely not in a position to demand anything from them.
If you're not happy with how the project is run, you're free to use something else. If you want developers to be accountable to you, you can hire them and make them sign a contract.
Individualised contracts wouldn’t scale well for Debian’s user-base. Luckily, there’s no need for that. The Debian project considers itself to be a community rather than a business. According to the Debian social contract¹,
> We will be guided by the needs of our users and the free software community.
> We will place their interests first in our priorities.
> These people are making decisions that affect all of us on our behalf. Decisions that affect the security and integrity of the software we rely upon every single day.
They're only "on your behalf" if you had a part in picking them. Did you vote for or nominate them? If not, no they are not working on your behalf and you have no right to see how they vote.
Will they inform us who voted for this? Just a little joke. Interesting how on one hand personal attacks can and are being weaponized when they have nothing to do with software, yet on the other hand you have the potential for nefarious, ignorant, or incompetent decisions to be made without quickly understanding why and if you want to go along with it.
Note that that still points to the dummy tally (a tally that lists who voted, but not what they voted for), but the project secretary usually publishes the real thing within a few days of vote ending.
This is good. Secret ballot empowers voters. Public ballot only makes sense if the voter is a representative of other people and they want their record public for continued support.
It's fine to say "OSS developers don't owe anybody anything" in general, but Debian specifically has quite a strict vetting procedure before accepting people as developers and they agree to things like the Debian Social Contract[1] which includes: "Debian believes the makers of a free software operating system should provide guarantees when a user entrusts them with control of a computer. [...] Not hiding problems with the software or organization. [...] Staying focused on the users and the software that started the phenomenon." and a document of Developer Duties[2].
Seems like there should be few things the developers cannot do openly, but can do secretly if 'empowered', and there perhaps ought to be a public record and transparency around any incidence or accusations of vote-bullying or vote-buying.
Does being secret not protect them from influence? If someone buys their vote, they can take payment and vote however they want? Or if they have an unpopular perspective any loud minority groups of devs would oppose them and cause backlash, they won't have to worry about it.
Look at systemd, if you voted against having only one init system back in the day, you would be subject to backlash or it could be understood as support for the Devuan forkers.
Debian is apparently bad at democracy despite putting a lot of thought into the matter. The entire problem has to do with conflating 3 questions with boolean answers as 3 sets of answers to those 3 questions.
1. Should we have a vote to amend yes no higher threshold to pass.
2. If yes should we hide identities of developers casting a vote yes no
3. If yes should we allow verification yes no
Arguably 3 is a ridiculous question so ought to be safely omitted.
Arguably it would be reasonable to require more than 10% to cast a vote as well.
All we know now is that a single digit percentage of Debian developers prefer to vote anon.
Given the low turnout there is little reason not to respect the present result but have another smarter vote.
If Debian didn’t want politics in their tech decisions, they should have focused their scope on tech decisions rather than politics.
Not that there’s anything wrong with an organization holding forth on “issues of the day,” per se. But there is an iron law, effective ever since GamerGate-style tactics of “collecting receipts” and cross-platform and offline hounding became normalized as righteous retribution rather than harassment and bullying: your organization can have at most two of (1) transparency, (2) candor; (3) broader social relevance.
If you don't want politics in your tech decisions, I implore you to find a nice commune in the middle of the desert where no language is used and only mute sustenance farming is practiced, no disease is spread, and violence of any kind is met with swift ostracism and/or death.
I think this is a great idea. Can't tell you how many times a very poor solution was implemented because a single person would flip out if you tried to ask them about alternatives because it was "their baby"
This at least let's those people know they are in the minority without people feeling like they might get blacklash.
I understand you, but you picked a strange hill to fight on.
Lwn is such a simple website, and the article is just one paragraph.
Also what is reader mode to you? Because in Firefox I clicked the little reader view icon in the url bar and it showed me a reader view with just the main content.
Oh you mean screen reader? That's confusing, but yeah screen reader is absolutely a vital accessibility feature. I have no idea how lwn handles that.
Back when I was still writing HTML I was actually very keen on making accessible websites. But the last 10 years I've used frameworks and sadly have no idea how accessible the output is.
Reader mode on mobile Firefox works fine for me on LWN. From my experience LWN has always been a very readable website that works pretty well on mobile too.
Do you mind sharing what exactly you disapprove about how the content is structured without reader mode?
I think it's misleading to claim that this came about due to "infighting".
It came about due to https://www.debian.org/vote/2021/vote_002 leading to DDs fearing being individually targeted due to how they did or did not vote. On technical matters, I support the idea that voters' reputations be affected by their voting record. On matters like this vote (please read it!), not so much. Maybe it's OK for the voting record to be public, but any individual harassment that might follow would be out of order and is a good reason to make such votes private.
This is but 1 example; but this alone literally is called infighting. Your example proves me right. Let's not forget how debian also went after Linus. How they have gone after how many other developers?
>On matters like this vote (please read it!), not so much. Maybe it's OK for the voting record to be public, but any individual harassment that might follow would be out of order and is a good reason to make such votes private.
I'm not sure that the threats of harassment actually came from Debian. Remember: Debian does (nearly) everything in public. People participating on the mailing lists aren't necessarily members of the Debian project.
>You are spreading FUD written by a notorious troll that has been expelled from FOSDEM, FSFE, Debian and other organizations as well.
I was asked for citation. I more than delivered with quite a few links there. All of which were unique folks with unique situations. It seems to me you are referring to one of these but I genuinely don't know which you are talking about.
Something abundantly clear to me is that there's some serious harassment going on at Debian. No question at all to me.
It also seems to me, the harassers are not gone. People are requesting secret votes to avoid harassment. So this "expelled" troll isn't the problem.
Debian's constitution says the Debian Developers may vote to publish "position statements about issues of the day", and some developers want to use those for the sort of political statement that might make people angry with them.
Maybe I used the wrong word? Another comment also disagrees.
infighting: Prolonged and often bitter dissension or rivalry among members of a group or organization. Example: Bureaucratic infighting.
>Debian's constitution says the Debian Developers may vote to publish "position statements about issues of the day", and some developers want to use those for the sort of political statement that might make people angry with them.
I would agree that they used to have a requirement for transparency and this change is an affront to the community.
The problem or reason why this is changing is the real big deal. They have a mass developer exodus. People don't feel safe having a public vote anymore. This is because they fear retribution. That is infighting.
It’s not, GP seems to have a Debian axe to grind. The secret voting came from the Stallman vote issue, not from infighting. People wanted a way to vote non-publically in certain circumstances, but the constitution did not allow for this.
This deserves a "Ask HN" thread of its own. I will even as why up and down vote user names are hidden from me?
I look a this behavior in myself and wonder why I use all these acronyms. I feel sometimes that if others are not anonymous the extreme responses when you have a new idea or say something wrong are part of the problem. Why expose myself when the people criticizing me do not? So it is kind of a race to the bottom.
I think being able to bear the responses which do not agree with yours is an important step in civil discourse, even if the tone of the responses doesn't agree with your tone, or especially kind. This is what HN has taught me over the years. It improved me leaps and bounds on that front, and it's invaluable in my eyes.
I'm not anonymous here, yet the most heated discussion never spilled over to my personal mail address, but I got some genuine questions and a couple of job offers.
So, other people's anonymity choice is not something I care about. They can be who they want. I'm here as a person, with my own choices, with my own tone. My choices brought me some great discussion, sometimes kind, sometimes not. Regardless of my correctness and knowledge level on the issue, I always came out improved from every single one of them. Either on the knowledge front, or the actual ability to discourse, or both.
So, it's not a kind of a race to the bottom. Other people's choices shouldn't bother anyone, unless the other party doesn't harass or cross some well defined lines of being civil and ethic.
Debian had a vote with 4 options:
Option 1 "Hide identities of Developers casting a particular vote"
Option 2 "Hide identities of Developers casting a particular vote and allow verification"
Option 3 "Reaffirm public voting"
Option 4 "None of the above" (NOTA)
The objection raised here is that Option 3 and Option 4 can be considered to be the same depending on how you interpret them (ie; "None of the above" vs "Keep public ballots" which can be said to implicitly suggest none of the above at the same time). If those two were represented as a single "NOTA" option, that option would have won the ballot in terms of votes.