|

 
|
| | Name : | Lillie Coney, et al. | Organization : | N/A | Post Date : | 9/27/2005 |
| Glossary Term : | Privacy | Definition : | | Comment : | We are writing regarding a few definitions in the glossary. We have suggestions for one change and for two additional definitions.
The definition we suggest changing is as follows in the glossary:
Privacy: Voting system is said to provide privacy when it makes itimpossible for others to find out how the voter voted. Association: security, voting Source: no attribution
We suggest that the definition should be broader. In particular, it should not be focussed on whether someone can know the vote or not, but on whether someone obtains enough information to make a better guess of the vote than they would without the information. An ideal definition would draw from Shannon's definition of perfect secrecy for a cryptographic method.
For example, in an election for two candidates A and B, an adversary might estimate that a voter is as likely to have voted for Candidate A as for Candidate B. But perhaps the voting technique reveals that voters who voted from 3 to 4pm were far more likely to have voted for Candidate A. This information does not enable the adversary to determine how a particular voter voted, and, by the current definition in the glossary, the system is private. The system has, however, leaked information that allows an adversary to be more confident about guessing Candidate A as the choice of a particular voter who voted between 3 and 4 pm, and hence, we believe, should not consider to be providing "perfect" privacy.
We hence suggest the following definition. Definition:
Privacy
A voting system is said to provide perfect privacy if it is impossible for anyone else, through information obtained through the election technology and poll place process/procedures, to improve their guess of how a voter voted.
| |
|
|