[Linux-aus] Preventing fake memberships (was: inappropriate response)

[Adam Nielsen]

> As you know Linux Australia uses electronic voting, and 
> with that style of voting it is in general impossible to detect if a 
> person to has registered many email addresses and cast a vote from each. 
>   Thus it is possible will a little preparation for one individual to 
> have undue influence on Linux Australia's governance.
> 
> It was well-nigh impossible to corrupt our voting in this way when AGM's 
> were held during LCA, and votes were a hand count of people present.  I 
> don't think we can return to that sadly, but we can do these votes at an 
> online meeting where we insist everyone's video is turned on.  I will be 
> pushing for Linux Australia to conduct its votes at general meeting in 
> that fashion from now on.

Even that won't be enough, since you can already have realistic enough
AI-generated video streams that you probably wouldn't notice in that
scenario with so many people present.

I think it unfortunately comes down to a choice between privacy or
accuracy.  The only way to really prevent one person casting multiple
votes is to require everyone to provide some form of identification
when joining the organisation, that can be used to verify their
identity.  The data does not have to be kept, just a record that each
member's ID was verified when they joined.

It could be government identification, or a PGP key signed by an
existing member vouching for the new one.

This relative lack of anonymity will likely put some members off, but
the alternative that a bad actor could unduly influence the direction
of the organisation is probably worse.

Maybe it's worth considering something like this at least for new
members?

Cheers,
Adam.