Background*
Online voting as a process is much like that in so-called real life. One registers to vote. To do so, s/he proves his or her identity and eligibility to vote. Then when an election comes, s/he gets a ballot after s/he has shown proof of identity and appears on the list of eligible voters. The voter then votes using an authorized ballot and submits it to be counted.
In computerese this is registering to access a Web page form, getting an e-mail confirmation of registration with the address of the protected page, logging in by providing a user name and password to access it, accessing it, filling in the form, and submitting it.
Someone with access to the ballots (in a physical locked box or on a Web server) gathers the data, summarizes them, reports them, etc., including seeing that no unauthorized input is included. Or, this person gives the raw data to others to do with what is appropriate for indubitable results.
Admittedly, there is a difference between the online solution built for the Faculty Senate's study and that in real life in that a user name is associated with a ballot. In turn, that user name is associated with a person's e-mail address. If the e-mail address is "one eligible to vote," then the user name is accepted in its place as eligible. And if one wanted to see who voted which way or that, or wanted to rig the results somehow, that is possible, as it is using other voting procedures and media (e.g., paper ballots).
Who sees the file or files where user names are associated with e-mail addresses? The person with the permission to read that file on the Web server. This can be someone in Computing Services, or the election administrator, or the committee in charge of the election. Set it up one way or another and that will be who can read the different files.
The server makes three files in online voting:
1. A registrations file holding e-mail address, chosen or given user name, password, and date;
2. A user names file with encrypted passwords; and
3. A results file holding IP address, date, time, vote(s), and user name.
Whoever is authorized to examine these files for illegitimate votes (whether by ineligible voters or multiple voting) looks first at the registrations file to see if the e-mail addresses represent eligible voters. Next, s/he, or another person looks at the user names file to determine if only eligible user names have logged in to vote. Finally, the authorized person or election oversight body examines the results file to see that there is only one eligible user name per vote.
Those in charge of an election can set different levels of information access. In other words, the person charged with examining the registrations file only sees that and reports irregularities. The person or person charged with examining the user names file sees only that and reports these are the users (fictitious names, really) who logged in to vote. And the person or persons charged with examining the results file uses the irregularities reported above to weed out ineligible voters and deletes multiple votes by the same user name.
Checks and balances? You build them around what the technologies are capable of and provide you.
In lieu of a better mousetrap, this is the solution that has been built. Rapidly developing Web world tools and greater resources devoted to a more satisfactory solution bode well for WNCC's participation on the frontier of electronic democracy. For now, this is something to use, or not.
Secured Transactions, Medium-Tech Solution
A medium- to low-tech solution has been prepared to serve both online voting and logging evaluations. It is the result of developing a "voting/evaluation protocol" and then employing various Web technologies to actualize it. This is the protocol.
1. An administrator (in consultation with Web Support and a teacher or group interested in asking for a vote/poll) creates a transaction form;
2. The administrator announces the participation window and transaction procedures;
3. The administrator lists or receives a list of eligible users;
4. The user registers with his or her e-mail user name and any password;
5. The system (computing resource) distributes registration confirmation and the address (URL) of the transaction;
6. The user enters his or her e-mail user name and password;
7. The user accesses the transaction page, enters data, and submits them;
8. The system deters the user's return to the transaction page;
9. The administrator checks for duplicate transactions;
10. The administrator checks for unregistered users; and
11. The administrator collects and posts results.
Online voting as a process is much like that in so-called real life. One registers to vote. To do so, s/he proves his or her identity and eligibility to vote. Then when an election comes, s/he gets a ballot after s/he has shown proof of identity and appears on the list of eligible voters. The voter then votes using an authorized ballot and submits it to be counted.
In computerese this is registering to access a Web page form, getting an e-mail confirmation of registration with the address of the protected page, logging in by providing a user name and password to access it, accessing it, filling in the form, and submitting it.
Someone with access to the ballots (in a physical locked box or on a Web server) gathers the data, summarizes them, reports them, etc., including seeing that no unauthorized input is included. Or, this person gives the raw data to others to do with what is appropriate for indubitable results.
Admittedly, there is a difference between the online solution built for the Faculty Senate's study and that in real life in that a user name is associated with a ballot. In turn, that user name is associated with a person's e-mail address. If the e-mail address is "one eligible to vote," then the user name is accepted in its place as eligible. And if one wanted to see who voted which way or that, or wanted to rig the results somehow, that is possible, as it is using other voting procedures and media (e.g., paper ballots).
Who sees the file or files where user names are associated with e-mail addresses? The person with the permission to read that file on the Web server. This can be someone in Computing Services, or the election administrator, or the committee in charge of the election. Set it up one way or another and that will be who can read the different files.
The server makes three files in online voting:
1. A registrations file holding e-mail address, chosen or given user name, password, and date;
2. A user names file with encrypted passwords; and
3. A results file holding IP address, date, time, vote(s), and user name.
Whoever is authorized to examine these files for illegitimate votes (whether by ineligible voters or multiple voting) looks first at the registrations file to see if the e-mail addresses represent eligible voters. Next, s/he, or another person looks at the user names file to determine if only eligible user names have logged in to vote. Finally, the authorized person or election oversight body examines the results file to see that there is only one eligible user name per vote.
Those in charge of an election can set different levels of information access. In other words, the person charged with examining the registrations file only sees that and reports irregularities. The person or person charged with examining the user names file sees only that and reports these are the users (fictitious names, really) who logged in to vote. And the person or persons charged with examining the results file uses the irregularities reported above to weed out ineligible voters and deletes multiple votes by the same user name.
Checks and balances? You build them around what the technologies are capable of and provide you.
In lieu of a better mousetrap, this is the solution that has been built. Rapidly developing Web world tools and greater resources devoted to a more satisfactory solution bode well for WNCC's participation on the frontier of electronic democracy. For now, this is something to use, or not.
Secured Transactions, Medium-Tech Solution
A medium- to low-tech solution has been prepared to serve both online voting and logging evaluations. It is the result of developing a "voting/evaluation protocol" and then employing various Web technologies to actualize it. This is the protocol.
1. An administrator (in consultation with Web Support and a teacher or group interested in asking for a vote/poll) creates a transaction form;
2. The administrator announces the participation window and transaction procedures;
3. The administrator lists or receives a list of eligible users;
4. The user registers with his or her e-mail user name and any password;
5. The system (computing resource) distributes registration confirmation and the address (URL) of the transaction;
6. The user enters his or her e-mail user name and password;
7. The user accesses the transaction page, enters data, and submits them;
8. The system deters the user's return to the transaction page;
9. The administrator checks for duplicate transactions;
10. The administrator checks for unregistered users; and
11. The administrator collects and posts results.
See also the documentation and demonstration pages at:
http://www.wncc.nevada.edu/intranet/webdevelop
_____
* Prepared for discussion and consideration by the faculty of WNCC, about 2001 (e.g., for online voting, teacher/course evaluations).
