Security Measures

Introduction

This page outlines the comprehensive security measures integrated into VoteClick, ensuring a safe and reliable voting experience.

We begin with our cutting-edge voter identity verification process, which streamlines authentication by eliminating the need for traditional codes or passwords.

From there, we’ll explore the steps we take to protect against identity theft.

Next, we’ll discuss how we guarantee voting confidentiality and prevent duplicate votes—two critical aspects that are closely interconnected.

We’ll also highlight the safeguards in place to prevent internal fraud by voting managers.

Finally, we’ll cover the advanced external tools we employ to defend against cyberattacks, including protection from DDoS, XSS, and SQL Injection.

One-Click Voter Identity Verification

Each voter is sent a secure voting link containing a unique, one-time voting key.

By clicking the link, the voter automatically transmits the key to VoteClick, allowing secure identity verification without the need for additional passwords or codes.

Preventing Identity Theft

Identity theft can occur when an unauthorized individual gains access to a voter’s unique voting key, potentially compromising the entire voting process.

There are two main ways someone might try to obtain the key: by guessing it or intercepting it during transmission.

VoteClick prevents this with the following strong security measures:

  1. The voting key has an * immense number of possible combinations, making it practically impossible to guess.
  2. SSL encryption secures the transmission of the key, ensuring it cannot be intercepted or accessed by unauthorized parties.

* The total number of possible combinations is 62 raised to the power of 10, which equals: 839,299,365,868,340,224

Secret Voting and Prevention of Duplicate Votes

Ensuring both voting secrecy and preventing duplicate votes is achieved through one crucial step: deleting the voting key immediately as the voter casts their vote.

This action guarantees the confidentiality and integrity of the voting process, assuring voters that their vote is secure and their identity remains protected.

Here's how it works:

Achieving Voting Secrecy

Once the voting key is deleted from the voter’s record (where their selections are stored), any link between the voter’s identity and their choices is completely severed, ensuring full anonymity.

Additionally, the deletion of the voting key and the storage of the voter’s choices happen simultaneously, so there is no moment, however brief, where the voter’s identity could be linked to their vote.

Preventing Duplicate Votes

Deleting the voting key makes it a single-use key, ensuring that the voter cannot use it again, which effectively prevents any possibility of duplicate votes.

Voting Key Deletion Illustration

Methods for Detecting and Preventing Internal Fraud

VoteClick allows monitors to detect any malicious interference by voting managers, whether during the voting process or when handling the results.

Below is an overview of the tools used to monitor the voting process:

1 Tags for Identifying Fake Votes

The system generates a unique tag for each vote, visible both in the voting invitation and on the results page.

Voters can confirm that they did not participate in a fraudulent vote (e.g., phishing) by verifying that the tag in the voting invitation matches the one shown on the results page.

2 Monitoring with an Automatic Voting Log

The system logs every significant action throughout the voting process, from start to finish. This includes the addition, deletion, or modification of voters.

The log provides a detailed record for monitors, ensuring full transparency of the voting managers’ actions.

3 Detecting Voter Information Forgery

The system logs the email addresses and phone numbers used for sending voting invitations, and this information is included in the results file.

This enables monitors to verify that voter information has not been tampered with or falsified.

4 Verifying the Integrity of Results

Voting results are available in two formats:

  • Digitally signed result files
  • Results pages on the VoteClick platform, where the integrity is assured as they are viewed directly on the system

Security with AWS Firewall and CloudFront

To protect against the wide range of internet threats in today’s digital environment, VoteClick uses advanced security tools provided by Amazon Web Services (AWS).

Our safeguards defend against Distributed Denial of Service (DDoS) attacks, as well as Cross-Site Scripting (XSS) and SQL injection attacks.

VoteClick achieves this strong protection by utilizing two key AWS tools:

  1. CloudFront
  2. Web Application Firewall (WAF)

AWS CloudFront Logo

Additional Security Measures

Additional security measures are in place, but they are not publicly disclosed for enhanced protection.