It's that time again. Few months ago the Italian government fell, and as a good citizen I am called to the right-duty of casting my vote for electing the new one.
There's a little detail, though: while in the past that meant taking a short walk through my scenic little home town and meet few old friends at the voting office, the fact that I am now a resident of the Washington state in USA makes the walk a little too long. Luckily, technology comes to the rescue: I can cast my vote via mail :-). Since it is an interesting exercise in transmitting sensitive data, regardless of the transport, I thought it would be worth to go through it.
Friday I received in the mail an envelope with all the stuff depicted below.
The two voting slips are the forms on which I can express my preference for our two government chambers. Both slips are realized in thick paper, covered by a lines pattern that prevents to see what was the vote even if held against a bright light. You may think that it is an attempt of guaranteeing confidentiality.
The two voting slips should be closed inside the voting slip envelope. Once closed, reopening it will irremediably ruin the envelope thus giving away the fact that the votes were seen or possibly spoofed. Again, you may think of this envelope as a mechanism of enforcing integrity.
The voting slip envelope goes inside a preprinted mailing envelope, addressed to the Italian consulate. In the same mailing envelope goes the Tagliando Elettorale, which I loosely translated with "voting certificate". This is basically a piece of paper which reports my subscription number (green) in the list of voters; I would guess that the purpose of that slip is to certify that I voted (so that I cannot vote twice, for example). The voting certificate can be checked by an intermediary, who can certify I gave my vote without the need of actually seeing for whom I voted: that assumes that the intermediary and who counts the votes are two separate entities.
If I imagine the above in term of web services tokens & information cards, it's not hard to come out with a good counterpart of it: it can actually be even better, since playing with bits awards us with the possibility of enforcing confidentiality and integrity at the cryptographic level rather than trusting thick patterned paper and paper glue. But there's one issue of the scenario above that would still be hard to solve with "traditional" cryptography: linkage. If the intermediary that records the act of voting and the ultimate counter of the votes collude, they can discover who voted for whom.
For what I've heard, the U-Prove technology can solve this conundrum: but I didn't have time to learn about it yet, so the explanation will have to wait until I do. Next week I'll be at RSA with Caleb and others whom, I am sure, already wrapped their head about this: I'll shamelessly piggyback on their knowledge and get back on this 🙂
In the meanwhile I close the envelopes and put them in the outbox; I look at the sleet that is still copiously falling here in Redmond, and I can't help but think that in Camogli they are already going around in short sleeves... ma se ghe pensu alua mi vedu u ma'...