Secure, easy to install online voting system?
June 5, 2006 6:16 AM   Subscribe

How important is this election, and how secure does the ballot have to be? I cant think of any easy way to completely ensure each person can only vote once. Cookies are easily deleted, and IP address checking won't work for people with dynamic IPs (e.g. AOL users I think). There's no way to stop someone voting on their computer and then voting again (repeatedly, perhaps) from various internet cafe computers. The only reasonably secure way would be to mail some kind of password to everyone on the electoral roll. When each person logged in, they'd have to provide name/address and the password, and after voting the program would ensure they couldn't log in and vote again. Also, checking the electoral roll would ensure people from outside the council's ward couldn't vote.

That sounds like quite a big project though, so I'm guessing you are setting your sights a bit lower with regard to security. There are piles of scripts which allow voting with some form of weak security (cookies, IP) in various programming languages - check out aspin.com for ASP scripts, and php.resourceindex.com for PHP ones.
posted by matthewr at 6:35 AM on June 5, 2006

The only way I can think of avoiding multiple entries is to have them text their votes in. If the site has registration, could it also ask for their mobile numbers? Best would be to only accept texts from user's registered numbers.

If you accept them from any number you'll still have the risk of them telling all their mates to vote, though at least you can definitely weed out duplicates.

There is a ton of software out there for Windows to receive texts on PC; I don't know of much for Mac. People are using this with some success, but it's €99.

Once you have the votes (SMS List dumps to a .csv file) it's just text crunchin, and you can dump results to the site, and email people to thank them for voting etc.
posted by bonaldi at 7:17 AM on June 5, 2006

Somewhat similar to bonaldi's idea: I suggest that people register online, in the form they must give out their email address and their mobile phone number. After they validate their email address, the system sends an SMS to their mobile phone number with a password. Afterwards they log in the voting site with their email address and the password that was sent by SMS. This is more secure, because it verifies that the phone is actually yours (and not sent through an SMS gateway, for example). Moreover, some people will refuse to pay the cost of an SMS message for the right to vote.

If it needs to be more secure, then people must physically come to register with some sort of identification.
posted by Sharcho at 9:34 AM on June 5, 2006

« Older I'll be doing some voice-over ...   |   What coping strategies will he... Newer »