Just a Theory

Trans rights are human rights

Posts about Voting

How Does One Protect Online Ballot Box Stuffing?

I need to set up an online voting system. It needs to be more robust than a simple polling system, in order, primarily, to prevent ballot box stuffing. Of course I realize that it’s impossible to prevent ballot box stuffing by a determined individual, but what I want to prevent is scripted attacks and denial of service attacks. The features I’ve come up with so far to prevent attacks are:

  • Require site registration. You must be a registered user of the site in order to vote in an election, and of course, you can vote only once.
  • Ignore votes when cookies are disabled, although make it look like a successful submission.
  • Update result statistics periodically, rather than after every vote. This will make it difficult for an exploiter to tell if his votes are being counted.
  • Use a CAPTCHA to prevent scripted voting.
  • Send a new digest hidden in every request that must be sent back and checked against a server-side session in order to prevent “curl” attacks.
  • Log IP addresses for all votes. These can be checked later if ballot box stuffing is suspected (though we’ll have to ignore it if many users are behind a proxy server).

Of course someone behind a well-known proxy server who wants to repeatedly create a new user account using different email addresses and deleting his cookies before every vote could do some ballot box stuffing, but I think that the above features will minimize the risk. But I’m sure I’m forgetting things. What other steps should I take?

Leave a comment to let me know.

Looking for the comments? Try the old layout.

MoveOn.org Voter Registration Party

We just hosted our first MoveOn.org voter registration party. (You are registered to vote, aren’t you? If not, register register here.) Julie did all the hard work of organizing the party, preparing the munchies, going through MoveOn’s rather overwhelming and confusing instructions to make things simple for the rest of us, and getting the lists of unregistered voters to call. She’s great at the organizational stuff, and that the party was a success is due to her hard work.

We had 10 participants, and each of us called 24-36 people, mainly women in Florida who didn’t vote in the last presidential election. We registered three voters. Yes, only three! Most of the phone numbers we called were disconnected or wrong numbers. We left messages on several answering machines. And when we did get through to people, we often got replies such as:

Click.

“I’m not interested.”

“I don’t believe that my vote counts for anything.”

“I don’t believe that women should be allowed to vote.” [Yes, a woman said that.]

“Please don’t call again.”

“I’m registered. I vote. I always vote!”

Rather incredible, really. So how was it a success, you ask? Well, MoveOn ran out of numbers for us to call. After we went through all the numbers we had, they had no more to offer. Over 15,000 people signed up to participate in today’s event. Probably more actually participated, since we, at least, had 2-3 people participate who hadn’t signed up. And we did manage to register a few voters, and leave messages on answering machines telling folks to visit the MoveOn PAC Web site or their local department of motor vehicles to register. We’ll know for sure what happened when MoveOn reports the results in the next few days, but if we managed to register only 5,000 voters, it could make a difference in the outcome in November. And that’s what we’re really hoping to achieve.

Looking for the comments? Try the old layout.

Voting Irregularities

I voted this morning, but it wasn’t easy. I encountered a series of problems as I went about my civic duty. As a result, I was extremely disappointed with the election system set up here in San Francisco.

My wife Julie and I headed to the polls around 9:30 this morning. We’d read the (long) ballot, made our choices, and were ready to cast our votes. Since we moved into the neighborhood last February, we didn’t know where the polling station was, but I got the address off the sample ballot The City had sent me.

We walked the two blocks to the address, 360 Fourth Street, where we found the door locked. A sign outside notified us that, due to situations outside The City’s control, the polling station had moved to “36 Bluxome Street (Firehouse).” There were no directions, no cross streets listed.

This was the first problem we ran into. Although The City had sent out a post card notifying us of the new address, I had never seen it, and didn’t realize there was a new address. My wife knew about it, but didn’t realize that I hadn’t seen the card and got the address from the sample ballot. That was a screw-up on my part, but I wonder how many other people misplaced that card or never got it? How many people were going to show up at 360 Fourth Street only to find the address had changed, and have no idea where to find the new address? There are a lot of senior citizen residences in the neighborhood, so I wouldn’t be surprised if there weren’t a fair number of people who were confused about the address change and then didn’t know how or where to find the new polling station.

But that’s not the worst of it. Julie and I consulted a map in a bus shelter, and after studying it for a few minutes, saw that Bluxome was between Brannan and Townsend, near Fifth. So we walked up Harrison to Fifth, then the two and a half blocks to Bluxome. Here we encountered problem number two: There were no street signs for Bluxome! Neither were there signs indicating that there was a polling station nearby. On foot, we could see the name of the street imprinted into the sidewalk, but commuters in their cars were out of luck. There’s just no excuse for placing a polling station on an unmarked street – especially when it’s a new, last-minute location for a polling station.

Julie and I walked first one way down Bluxome, then the other, when we realized that we were going the wrong way. The firehouse, it turns out, is almost back to Fourth Street. We had gone a full block out of our way. Had there been directions (or even cross-streets!) on the sign at the old polling station address, we wouldn’t have taken such a circuitous route.

Once at the polling station, we encountered problem number three: They didn’t have our names on their list. The station workers, who were friendly though mostly inexperienced, started to tell us that we needed to go to another polling station at the Salvation Army on Shipley – right next door to 360 Fourth Street! In other words, if our names were on the lists at the Salvation Army, then either a) our sample ballot had listed the wrong polling address for us, or b) the sign at 360 Fourth Street was mistaken. The former seems likely, since the workers at the firehouse on Bluxome had worked at 360 Fourth Street last spring. But either way, we ended up sent to the wrong polling station.

Fortunately, one of the poll workers seemed a little more experienced than the others, and he had us fill out ballots and put them in special envelopes on which we wrote our addresses and he marked the box labeled “Claims to be registered” or some such. We filled out our ballots, turned them in, and he sealed them. I’m hoping that The City will successfully confirm that we are in fact registered and count our votes, but I’m becoming increasingly doubtful it’ll happen. Some ballots were found floating in the Bay last November, and that doesn’t set a very healthy precedent.

The last thing I did was to ask how to formally file a complaint regarding these voting problems. I was somewhat annoyed to have been inconvenienced by this ordeal, but far more concerned that others might have more difficulty – particularly those for whom English isn’t their first language, or for the many seniors in our neighborhood who might more easily be confused that I am. How many of them would simply give up and not vote? I wanted to make these issues known to The City, to at least alert them ASAP to these voting problems.

But then I was told that there is no formal process – I just have to contact City Hall directly. What?? That’s right, there’s no formal procedure to let City Hall know that there were problems – despite the fact that there have been serious voting irregularities here in the past. “That’s city hall for ya,” the poll worker told me.

What I think I’ll do now is send a letter to The Chronicle as well as to City Hall, describing all the problems I’ve narrated here. In this day and age, there’s simply no excuse for this kind of incompetence. It’s hard enough getting a good voter turnout each November without these kinds of logistical problems fouling up the process. In a city as liberal as San Francisco, where voting is considered so important, where high voter turnouts tends to push a liberal agenda, it’s simply reprehensible that The City has to make voting harder than it should be.

Originally published on use Perl;