All computer systems are hackable. Part of determining whether you trust a system is knowing how it could be hacked. In this article, we will tell you how to hack BallotBox.
First, a little background:
When you vote in a BallotBox poll, our system stores your identity (tied to your email address) you’re your cast ballot in the same database record. That guarantees that no voter account can be used to vote more than once.
At the same time, BallotBox encrypts your ballot. As a result, we (and our customer) can tell who voted, but not how they voted*. It is like watching voters in a polling place – you can tell who has voted, but not what their ballots said.
The encryption uses asymmetric (public/private key) cryptography. The public key, which is the key that is not a secret in any way, is the key used to encrypt your ballot. The private key, which is the only way to see what your ballot says, is created by BallotBox when the poll is launched, immediately and automatically divided it into “chunks,” encrypted with the poll Officers’ respective passwords, and stored as cryptographic hashes in your Officers’ accounts.
That is why your poll Officers’ passwords are critically important: If a quorum of your Officers cannot remember their passwords, there is no way to reassemble the private key. And without that key, there is no way to read the ballots, or see the results.
To ensure that no single individual has the ability to decrypt a ballot and learn how an individual voted, your organization will designate at least two “Officers” for each poll, and will decide how many of those Officers will be required to unlock the ballots. The minimum number of Officers required to decrypt a ballot is called the quorum size.
The following diagram shows how BallotBox would divide the private key if there were a total of three Officers for a poll, and the quorum size was set at two:
Because of how the poll’s key has been divided, having the passwords of two of the Officers (in any combination) is sufficient to put the poll’s private key back together so you can decrypt the ballots. However, no one Poll Officer could do it alone.
Now, with that background, we can explain how to hack BallotBox and tell how an individual voted in an election or survey. You need two things:
First, you need direct database access -- either by forming a conspiracy with at least one person on the BallotBox staff who has that level of access, or by hacking through our security, overcoming all of our efforts to stop you, to gain direct database access.
Second, you need the passwords from a quorum of the Officers that our customer selected to protect the integrity and anonymity of the poll.
That's pretty secure.
*Our paid subscription plans have an option for non-anonymous questions. If a customer designates a question on your ballot as non-anonymous, you will see a conspicuous message next to that question, and the poll results will disclose how you voted on that specific question.