Online voting system: control panel
The system is written with security in mind, with multiple layers of security.
Each ballot is actually an 'instance' of BOB, which is an online voting system created by a member of the Computer Laboratory, and which has subsequently had various improvements made by CUSU's web developer over the years, working in conjunction with the original author. (Most recently, this has included integration of a counting facility.) The code for BOB is public and can be scrutinised by voters, or by anyone who downloads the public distribution of the code.
Each BOB instance is a stand-alone instance that is separate from other instances.
The user interface which lists the instances, on the high-security voting server, is separate code to the BOB instances and has no ability to write files or make database changes.
The high-security voting server pulls across ballot instance data on a regular basis, over an encrypted connection. It can 'ingest' only ballots in the future and not any that are in play or about to open. Indeed, it is the voting side which has the responsibility for obtaining new ballot data, rather than the setup side 'pushing' it across. Partly because the logic code of the setup and voting sides are on different machines, any potential vulnerability in the setup side exploited by a user attempting to amend an existing ballot cannot affect running or closed ballots.
Ballots cannot be edited/deleted from two-hours before opening. It is because of this pulling across of data (by the voting machine from the setup side) that this two-hour lock-out time exists.
Warnings about unavoidable BOB voting process risks
The main BOB software release page discusses unavoidable BOB voting process risks.
It is for the organisation running the vote to weigh up these issues, i.e. whether these aspects of online voting outweigh different issues relating to paper voting.
If you have questions on any points not mentioned in the documentation, do get in touch and we will update the documentation.