And what online voting security features you should look for
Universities and various university groups, like alumni councils and the board of directors, often hold regular elections. These elections often require certain amounts of personal data from voters and participants, such as names and email addresses, and in the case of online voting, might be held using a university’s intranet, in which users log on with usernames and passwords. More importantly, in an online election, voters are casting their ballots over the internet, and their privacy and vote secrecy must be maintained. For these reasons, election security must be a priority when it comes to organizing a university election, and specifically an online election.
In fact, universities are often the targets of security attacks and breaches. Over three-quarters of all data breaches in the education sector occur at the higher education level, and recent studies have found that nearly 90% of universities do not have the security measures in place to protect their students, staff, and faculty. In the real world, these security risks can have damaging effects. In 2022, Lincoln College became the first to close as a result of a ransomware attack. Meanwhile, in 2019, malicious actors were able to gain access to sensitive information, including bank accounts, of Australian Catholic University staff members by sending a fake link to their emails. All in all, these security attacks come at a cost, with a recent report from the Ponemon Institute calculating the average cost of a university data breach to be $4.77 million.
Taking this into account alongside the fact that, as a response to the COVID-19 pandemic, many more university processes are now taking place online, it’s easy to see why cybersecurity should be at the forefront when planning an online election.
Luckily, with the right security features in place, your university can hold secure, private, and verifiable online elections with ease. Let’s take a look at which security features are a must for any online voting solution:
Encryption is of utmost importance in protecting sensitive university election data, like voters’ names, email addresses, and passwords, while they are stored on and sent over the internet. With encryption in place, if an attacker were to gain access to your data, such as in a ransomware attack, they would not be able to read it.
End-to-End Vote Encryption
In addition to encrypting election data and your voters’ personal data, every ballot cast through an online voting solution should also be protected by end-to-end encryption. This means that when a voter clicks on the “CAST” button, their vote is directly encrypted on their device (one “end” of the voting process) and remains encrypted until it reaches the voting server and is included in the final tally (the other “end” of the voting process).
An online voting solution should implement multiple factors of authentication to ensure voters are who they say they are. This means that eligible participants will have to verify their identity through a set of identifiers, rather than merely a password. These factors might include a code sent to a voter’s email or phone, in addition to the log in credentials your university members use to access your intranet.
Providing voters with receipts or confirmation codes after they have cast their ballots is a method of individual verifiability and allows voters to check that their ballot was included in the final results. Using voting receipts ensures that any possible tampering is identified, and also increases the transparency of and trust in your elections.
Experience and Expertise
While not necessarily a security feature, an online voting provider’s experience and expertise can tell you a lot about their solutions. A qualified provider should have years of experience helping organizations of all kinds and sizes, including universities. They should also demonstrate the importance research and innovation has in developing their solutions to meet the security challenges of today and tomorrow.
The best way to tell whether or not a potential online voting provider offers these features is to ask them. Implementing these features should not require any extra effort from your university or your voters, as they should all be managed and applied by your online voting provider and included directly within their solutions.