![]() | This is a
failed proposal.
Consensus for its implementation was not established within a reasonable period of time. If you want to revive discussion, please use
the talk page or initiate a thread at
the village pump. |
This page lays out a possible means to prevent fraud in elections conducted on Wikipedia using a system of secret ballot. While the benefits of secret ballots are favoured by a large number of editors, the disadvantages of moving away from open ballots are raised by a minority. These disadvantages centre around the risk of electoral fraud. The main aims of the proposal is thus to maintain transparency in the vote (compared to an open ballot) while introducing secrecy to the balloting process i.e. individual voters' ballots cannot be identified.
The method allows results to be verified as being valid through an open process involving any Wikipedian. The method does not depend on a select group of users overseeing the ballot to ensure its validity:
The method proposed here could be enabled through an extended version of SecurePoll, which already implements many of the features that it proposes.
The proposed method is a process that roughly corresponds to the following six steps:
Attempts at fraud that the system would identify include:
Allowing candidates to observe the list of ballots (minus the actual vote) as they are cast would allow for additional safeguards. Recording, but not publishing, voters IP addresses would allow for additional means of verification should serious questions be raised about the validity of the poll.
Voting is limited to a defined set of eligible voters according to prior agreed criteria and principles. This defined set may be as wide or as narrow as agreed necessary or beneficial. The purpose of limiting eligibility to a defined set is to facilitate later validity checking of the vote.
Every user that is eligible to vote is assigned a voter ID. Voter IDs must have three qualities:
Voter IDs should be generated anew for each election (to prevent voters being identified by voting patterns across several elections). Every user should be perpetually able to retrieve their voter ID for any given election that they were/are/will be eligible to vote (to facilitate verification of register of voters and results). Every voter's voter ID should be kept private to that user e.g. require a log in to retrieve.
A list is maintained that links voter IDs with actual user accounts. This list however should never be published except in the case of a serious suspicion of fraud. In that event, whether the decision to release the linking list publically or to an agreed set of users will be agreed at that time as the need demands.
Before the vote takes place the following two lists are published:
The two lists should be published separately (i.e. not in one table). The list of eligible voters should be alphabetised for ease of reference. The list of voter IDs should randomised so as to not be able to be used to match voters with their IDs. Both lists should be available for inspection for an appropriate period ahead of any election.
When a user votes they receive a sequence ID. This sequence must:
Sequence IDs should begin at an arbitrary point in the sequence so as to not allow voters to know how many voters have cast ballots before them the election (in order to maintain the secrecy of the ballot).
When the vote is over, a complete list of ballots cast is published. This publication lists all of ballots cast showing the following information for each ballot:
As the vote is taking place, candidates (or nominated supporters of options that are being voted on) and other agreed parties - possibly everyone - have access to observe the vote as it takes place. Observers are able to see the current list of ballots at any given time, less the votes cast by each ballot. Doing so will make it difficult to stuff the ballot with unattributed ballots that will filled in after the election has closed.
If this option is employed, candidates and other parties with access to this information should not reveal the number of ballots cast or other information, nor remonstrate publically about the voting process, while the vote is taking place.
The IP address of each vote cast should be recorded but not revealed publically or to candidates. In the event of serious suspicion of fraud, this data could be revealed to (probably a limited set of users) to facilitate investigation.
Using the list of voters and the list of voters IDs, all users can:
Using the published ballots, all users can:
All users will be able to use the publication of ballots to independently calculate the result.
Anomalies that will be able to be identified by users include:
If a voter ID is listed that belongs to a user who did not vote, it risks being identified as voter imitation. Additionally, if editors can identify suspicious patterns (votes, time stamps, etc.), these may also indicate fraud.
To facilitate verification of the vote, a forum should be set up to allow all editors to:
Instructions and vitiations on how to verify the vote should accompany the announcement of result (and voting instructions before the vote takes place). Other areas where the result of the vote is announced should link to these instructions and invite all editors to verify the result.
![]() | This is a
failed proposal.
Consensus for its implementation was not established within a reasonable period of time. If you want to revive discussion, please use
the talk page or initiate a thread at
the village pump. |
This page lays out a possible means to prevent fraud in elections conducted on Wikipedia using a system of secret ballot. While the benefits of secret ballots are favoured by a large number of editors, the disadvantages of moving away from open ballots are raised by a minority. These disadvantages centre around the risk of electoral fraud. The main aims of the proposal is thus to maintain transparency in the vote (compared to an open ballot) while introducing secrecy to the balloting process i.e. individual voters' ballots cannot be identified.
The method allows results to be verified as being valid through an open process involving any Wikipedian. The method does not depend on a select group of users overseeing the ballot to ensure its validity:
The method proposed here could be enabled through an extended version of SecurePoll, which already implements many of the features that it proposes.
The proposed method is a process that roughly corresponds to the following six steps:
Attempts at fraud that the system would identify include:
Allowing candidates to observe the list of ballots (minus the actual vote) as they are cast would allow for additional safeguards. Recording, but not publishing, voters IP addresses would allow for additional means of verification should serious questions be raised about the validity of the poll.
Voting is limited to a defined set of eligible voters according to prior agreed criteria and principles. This defined set may be as wide or as narrow as agreed necessary or beneficial. The purpose of limiting eligibility to a defined set is to facilitate later validity checking of the vote.
Every user that is eligible to vote is assigned a voter ID. Voter IDs must have three qualities:
Voter IDs should be generated anew for each election (to prevent voters being identified by voting patterns across several elections). Every user should be perpetually able to retrieve their voter ID for any given election that they were/are/will be eligible to vote (to facilitate verification of register of voters and results). Every voter's voter ID should be kept private to that user e.g. require a log in to retrieve.
A list is maintained that links voter IDs with actual user accounts. This list however should never be published except in the case of a serious suspicion of fraud. In that event, whether the decision to release the linking list publically or to an agreed set of users will be agreed at that time as the need demands.
Before the vote takes place the following two lists are published:
The two lists should be published separately (i.e. not in one table). The list of eligible voters should be alphabetised for ease of reference. The list of voter IDs should randomised so as to not be able to be used to match voters with their IDs. Both lists should be available for inspection for an appropriate period ahead of any election.
When a user votes they receive a sequence ID. This sequence must:
Sequence IDs should begin at an arbitrary point in the sequence so as to not allow voters to know how many voters have cast ballots before them the election (in order to maintain the secrecy of the ballot).
When the vote is over, a complete list of ballots cast is published. This publication lists all of ballots cast showing the following information for each ballot:
As the vote is taking place, candidates (or nominated supporters of options that are being voted on) and other agreed parties - possibly everyone - have access to observe the vote as it takes place. Observers are able to see the current list of ballots at any given time, less the votes cast by each ballot. Doing so will make it difficult to stuff the ballot with unattributed ballots that will filled in after the election has closed.
If this option is employed, candidates and other parties with access to this information should not reveal the number of ballots cast or other information, nor remonstrate publically about the voting process, while the vote is taking place.
The IP address of each vote cast should be recorded but not revealed publically or to candidates. In the event of serious suspicion of fraud, this data could be revealed to (probably a limited set of users) to facilitate investigation.
Using the list of voters and the list of voters IDs, all users can:
Using the published ballots, all users can:
All users will be able to use the publication of ballots to independently calculate the result.
Anomalies that will be able to be identified by users include:
If a voter ID is listed that belongs to a user who did not vote, it risks being identified as voter imitation. Additionally, if editors can identify suspicious patterns (votes, time stamps, etc.), these may also indicate fraud.
To facilitate verification of the vote, a forum should be set up to allow all editors to:
Instructions and vitiations on how to verify the vote should accompany the announcement of result (and voting instructions before the vote takes place). Other areas where the result of the vote is announced should link to these instructions and invite all editors to verify the result.