Sometimes, you need input you receive to be authenticated — in other words,you need to know who voted, and you need to be sure no one votes more than once.
Other times, it is essential that every vote be anonymous — so no one can tie a vote to the person who cast it.
Sometimes you need both. Why? Without authentication, your results may include double votes, not enough votes, or vote tampering. Without anonymity, an individual's vote is revealed to anyone with access to the database. Users will not give honest feedback if they fear that their feedback could be connected back to them.
BallotBox shines when you need both. BallotBox ensures voter authentication by recording the identity of the voter on the exact same database record as that voter's ballot. But then we simultaneously achieve voter anonymity by encrypting the ballot itself within that database record, using asymmetric (public/private key) encryption.
The private key to decrypt those ballots is then broken into pieces, encrypted with the passwords of the "poll officers" you designate within your organization, and stored with their respective BallotBox accounts. No one person has all of the pieces necessary to decrypt the ballots.
To reassemble that key so that the ballots can be read, a quorum of your poll officers simply enter their passwords into BallotBox. Your results are available immediately.
Does database-level encryption actually matter? Some online voting solutions say they are "secure" merely because they use SSL (https) encryption. Whether that is enough depends on whether your voters value anonymity and authentication at the same time. If they do, SSL is not enough.
Without database encryption:
• anyone with access to your database can simply watch votes as they are cast to see how each person voted. (In BallotBox, votes are encrypted gibberish until the poll ends and they are decrypted.)
• anyone with access to your database could list the "who voted" and "how voted" tables in the order in which records were inserted, and correlate individual voters with their votes.
• anyone with access to your database could change votes after they are cast. (By comparing cryptographic checksums, BallotBox detects tampering.)