Just a Theory

By David E. Wheeler

Posts about Voting

How Does One Protect Online Ballot Box Stuffing?

I need to set up an online voting system. It needs to be more robust than a simple polling system, in order, primarily, to prevent ballot box stuffing. Of course I realize that it’s impossible to prevent ballot box stuffing by a determined individual, but what I want to prevent is scripted attacks and denial of service attacks. The features I’ve come up with so far to prevent attacks are:

  • Require site registration. You must be a registered user of the site in order to vote in an election, and of course, you can vote only once.
  • Ignore votes when cookies are disabled, although make it look like a successful submission.
  • Update result statistics periodically, rather than after every vote. This will make it difficult for an exploiter to tell if his votes are being counted.
  • Use a CAPTCHA to prevent scripted voting.
  • Send a new digest hidden in every request that must be sent back and checked against a server-side session in order to prevent “curl” attacks.
  • Log IP addresses for all votes. These can be checked later if ballot box stuffing is suspected (though we’ll have to ignore it if many users are behind a proxy server).

Of course someone behind a well-known proxy server who wants to repeatedly create a new user account using different email addresses and deleting his cookies before every vote could do some ballot box stuffing, but I think that the above features will minimize the risk. But I’m sure I’m forgetting things. What other steps should I take?

Leave a comment to let me know.

Looking for the comments? Try the old layout.

MoveOn.org Voter Registration Party

We just hosted our first MoveOn.org voter registration party. (You are registered to vote, aren’t you? If not, register register here.) Julie did all the hard work of organizing the party, preparing the munchies, going through MoveOn’s rather overwhelming and confusing instructions to make things simple for the rest of us, and getting the lists of unregistered voters to call. She’s great at the organizational stuff, and that the party was a success is due to her hard work.

We had 10 participants, and each of us called 24-36 people, mainly women in Florida who didn’t vote in the last presidential election. We registered three voters. Yes, only three! Most of the phone numbers we called were disconnected or wrong numbers. We left messages on several answering machines. And when we did get through to people, we often got replies such as:

Click.

“I’m not interested.”

“I don’t believe that my vote counts for anything.”

“I don’t believe that women should be allowed to vote.” [Yes, a woman said that.]

“Please don’t call again.”

“I’m registered. I vote. I always vote!”

Rather incredible, really. So how was it a success, you ask? Well, MoveOn ran out of numbers for us to call. After we went through all the numbers we had, they had no more to offer. Over 15,000 people signed up to participate in today’s event. Probably more actually participated, since we, at least, had 2-3 people participate who hadn’t signed up. And we did manage to register a few voters, and leave messages on answering machines telling folks to visit the MoveOn PAC Web site or their local department of motor vehicles to register. We’ll know for sure what happened when MoveOn reports the results in the next few days, but if we managed to register only 5,000 voters, it could make a difference in the outcome in November. And that’s what we’re really hoping to achieve.

Looking for the comments? Try the old layout.