Donate Now
 |
Board of Trustees1998 Board ElectionThe Online Ballot SystemISOC has received many inquiries and favorable reviews of the online voting system designed and written by Marty Schulman. ISOC would like to acknowledge his efforts and allow him to share some of the details below." History and Technical Details of ISOC's Online Ballot SystemThis page contains a brief history and some technical details of ISOC"s online ballot system - you need not read this to cast your vote! It's provided in the spirit of openness and to address some of the many queries we've received about the system. In all ISOC elections up to and including 1996, voting ISOC members received identical paper ballots via the postal service. Approximately six week were allowed to return them to ISOC's Virginia, USA secretariat in signed envelopes. To preserve voter anonymity, the ballots were removed from the signed envelopes and tallied separately. ISOC's first online board election in 1997 required a change to the paper ballots. Paper ballots would have to be mailed to each member since not everyone has access to the web, yet nobody may vote both paper and electronic ballots. So a file containing sequential ballot numbers along with random "Validation Numbers" was generated on a Unix workstation using a simple PERL script. (Several techniques for introducing randomness were used.) Another script printed each pair in ASCII onto adhesive labels that were manually applied to the ballots. A mailing house randomly sent one paper ballot to each voter so no record exists of which ballot number you receive - which preserve anonymity but makes it impossible to send replacment ballots. Online ballots were recorded by CGI-invoked PERL script on ISOC's main web server, info.isoc.org. The submitted form was checked and returned to the user either with errors or with a summary of their votes (ones without input fields) and the option to submit the vote. When a user submitted the summarized version (which passed the CGI values using hidden input fields), the same script recorded the user's ballot number and votes in unique file which ensured that multiple simultaneous votes would not be lost or corrupted. A nightly cron job and occasional checks of the system files verified that ballot submissions were being correctly processed. When it was time to tally the votes, another PERL script added the votes from the individual files and created a master list of used ballot numbers. Paper votes were recorded manually, and each ballot number was checked against the master list. Had any vote been cast twice, both the paper vote and the electronic vote as recorded in that ballot's file would have been discounted (because there's no way to determine which ballot the voter intended to cast.) The first year was quite successful - more people voted electronically than using paper - so the process was enhanced for 1998. The 1997 practice of mailing out web server passwords was eliminated, and the ballot serial numbers were printed using PostScript in both a regular and a Barcode (Code-39) font. An inexpensive barcode scanner that connects between a PC's keyboard and CPU (a "wedge" interface) was purchased, and another script will allow all paper ballot serial numbers to be scanned and checked against electronic ballots. This will speed the counting process (which must be done in about one day) and reduce the chance of errors. The script used to record the online votes was also improved significantly. Candidate names are read from a flat ASCII file (rather than hard-coded), and the ballot and validation numbers are kept in a GDBM database. The biggest change is that user's now receive a ballot that will be locally checked by a JavaScript enabled browser. Although the Apache web server could have delivered a different initial ballot to different browsers, there is no way to determine whether or not a JavaScript-supporting browser has it enabled. So the same HTML is delivered, but browsers with JavaScript enabled see different instructions and a "Total" box at the bottom of the ballot that is dynmically updated. For users the most noticeable change is that a valid ballot may be submitted in one step - non JavaScript users or ballots with invalid ballot/validation number pairs are required to submit the ballot again. The PERL code that generates this is a little difficult to read because of the multiple nested quotes, but it's fairly straightforward for people familiar with both languages. ISOC is also running Apache-SSL for the 1998 election, and logs already indicate the popularity of the secure voting option with ISOC members. The certification authority ISOC chose has been compatible with the vast majority of browsers on the web, but some users may have to download changes or manually approve the certificate before secure voting may occur. Some implementations of JavaScript may also pop up an error window, though this does not appear to interfere with voting. At some point, ISOC may share the source code with chapters or others wishing to conduct their own online votes, but it is not available at present. It will be interesting to see if digital certificates will increase group decision making and eliminate the need for paper ballots in our lifetimes. Marty Schulman |
