VotingPlace.net - secure online voting

Frequently Asked Questions

Q: I've heard that computerized voting is not secure. Is that true?

A: The fear, uncertainty, and doubt that is spread about computerized voting is probably largely based on fear of something new, and fear of something that might be considered too complex to be readily understood by many voters. This latter point is a legitimate concern. Certainly, if a computerized voting system operated using secret computer code, known only to its makers, one would have a good case for doubting the objectivity or honesty of the makers of the system, and there is no doubt that they would have the technical means to secretly influence voting results.

So how could we trust a computerized voting system? The best answer is that we might be able to trust a computerized, network-based voting system if the system architecture of the system were open for inspection, and all of the software of the system, including the network data-transport encryption layer, and the ballot collecting user interface layer, and the data storage layer and its encryption algorithm, and the vote tallying algorithms were all open for code inspection. Any party with a stake in a vote result should be free to employ whatever computer experts they wish to inspect the software code and the system architecture to satisfy themselves that the system is not disadvantaging them somehow.

It should be pointed out that traditional paper ballot voting systems are not very secure, nor very accurate. It is possible to "misplace" large numbers of ballots. It is possible to have bias in the interpretation of the voting marks made on ballot papers, or mis-counting. Also, it is relatively easy for voters to make ballot marking errors, resulting in significant percentages of unintentionally spoiled ballots. Since voters traditionally must congregate in a small number of places to cast their vote, it is possible for voter intimidation to occur. So the bar that an online, computerized voting system must surpass in order to have more reliable results is, it must be admitted on reflection, not that high.

Q: Can I have a programmer or computer security professional look at your system architecture and software code to analyze its security and anonymity provisions, and to analyze the correctness of its vote tallying algorithms?

A: Yes. Legitimate organizations considering using VotingPlace.net will be given access to inspect all VotingPlace.net source code, and will be given a precise description of the system architecture, upon signing a non-disclosure agreement.

VotingPlace.net is considering whether to release the source code under a Free and Open-Source Software (FOSS) license, but has not made this decision yet.

The code for encrypted network data-transport is the Apache2 http server in SSL mode using the OpenSSL library, also readily locatable and inspectable. The operating system is Ubuntu linux 6.06 server edition with an IPTABLES firewall.

Q: How do you ensure that no-one can find out which way someone voted?

A: The process of authenticating a voter and determining whether they have voted yet is kept completely separate from the process of recording the voter's ballot choices. The ballot choices are stored completely separately from voter-identifying records. All completed e-ballots are transported to the VotingPlace.net servers using SSL connections, and the ballots are hard-encrypted before being stored, anonymous, in our databases.

Q: I am concerned about uploading lists of my eligible voters (that is, my organization's members) to VotingPlace.net.

A: All voter records are transported to the VotingPlace.net servers using SSL connections, and the voter records are hard-encrypted before being stored in our databases.

Q: What encryption algorithm do you use to encrypt ballots, voter records, and vote results when they are stored in the VotingPlace.net database?

A: VotingPlace.net currently uses the Blowfish cipher designed by Bruce Schneier, supplemented by chaff and salt. The implementation is the pycrypto library.

Q: How do you ensure that the system is available throughout the time when our voters would want to vote, and that their votes are safely recorded?

A: VotingPlace.net uses redundant vote recording servers that cross-backup each other in near real-time using MySQL database replication. Should a server go down or become inaccessible, alternate servers continue to operate during the voting period.