This year the 2009 British Business Awards (BBA) will announce the finalists for each category on 21st September and will allow their supporters to vote for them on the BBA website. In this post we uncover some of the concerns with creating an online voting system and describe our approach to creating our own Earnst & Young audited online voting system!
The Problems With Online Voting Systems
Any online voting system cannot be 100% full proof, if the user really wants to vote mulitple times, there is no 100% bullet proof way we can stop them doing that. But, in order to make it as hard as possible to cheat we have 3 lines of defense.
The Voting Process
Defense Line 1) Stopping robots or programs spamming the voting form
The voter begins the process by choosing the category of award they want to vote in, after this they get the list of options for who they can vote for.
Below the list is an input box for their email address, a message for the user and a validation vote input field. In order to stop a someone writing a script that fills out the form multiple times as if it is a human, we added a ‘Captcha‘.
What is a Captha? A CAPTCHA is a program that can generate and grade tests that humans can pass but current computer programs cannot. For example, humans can read distorted text as the one shown below, but current computer programs cannot.
Defense Line 2) Stopping people voting multiple times
When the user votes, they are required to give their email address. When the system recieves the vote, it generates a special URL that is emailed to the user. The user then must click on that link in their email to process the vote. Until the user clicks on that link, the vote will not be counted.
Each vote is collected into a database, the system will only allow one vote per email address. So once the user has confirmed a vote via email, the user cannot then make another vote using the same email address.
Defense Line 3) Recording the IP address
Another form of security is that the system also records the IP address of the user. This helps us to check whether there have been multiple votes from a single IP address. This may happen under a few circumstances, firstly the same user has persistently voted multiple times by creating new email addresses from which to confirm the vote. The second senerio is that a network of computers in an office goes through the same IP address to access the internet. In this case we could guess that perhaps a whole company has voted for the same person from the same office building.
Not 100% Reliable
It is not very wise to use an online voting system where there is no other form of analysis. The reason it works here for us, is that the final analysis and decision for the winners is made by judges, who actually meet the finalists. The voting is set to be a supplementary way to show the popularity of the finalists with the public, but as there are still loop holes, it is not a full proof method for getting a fair vote.