Data security
is among the most important consideration in any interactive
online information exchange. This online voting system has been
configured to include very aggressive security protocols.
Computer
Security
There are no third party
computers that have access to the voting database or any portion
of the computer network. The computer network is protected by 24 hour
alarm monitoring by an established alarm monitoring provider.
All computers that service the
online voting system are running a server that is equipped with
the most current service packs and most current security
patches. All computers are automatically updated with updates
each day.
All computers are protected by
the most recent Symantec Corporate Anti-virus Security System with
the most current updates. All computers are automatically
updated each day. Configurations for the anti-virus system has been
selected to include the most rigorous controls.
The Internet Server computer has
no Users assigned other than the Administrator. The
Administrator user name is modified from the default and the
password is at least 10 characters long using a combination of
upper and lower case letters and numbers. The password is
changed at irregular intervals.
Internet
Security
The website used to transfer
login information for voter verification is a Secure Socket
Layer (SSL) operation with an extended base of encryption. In
addition, passwords information entered is also encrypted by the
sub-server system which provides an additional layer of
security. There is no default HTML page of the Https URL which
requires that anyone trying to access the voting process knows
the exact routing. Actual voting pages require user name and
password in order to display the active voting page.
Users are prevented from using
the ‘Refresh’ feature of a browser to vote more than once. Once
a person votes, they are locked out from further access to the
active voting page. Voting individuals are offered the option of
printing out a hard copy of their vote for their records.
Data Integrity
Voting records are contained in
two separate files. The first file contains the User Name and
Password along with a field for the date of the vote and the IP
address of the computer from which the vote was executed. This
provides a hard record of who voted that is available for
certification and verification that they voted.
The second file contains the
actual voting results which are disassociated from the first
file thereby ensuring a secret ballot.
The hard copy of the vote
available to the voter compliments the system commitment and the
personal commitment to maintain voting accuracy. If there is a
question relative to the voting outcome, voting individuals can
be independently be polled as to their vote and then their vote can
be reconciled
with the information in the database system.
Data Recovery
During an active voting cycle,
the voting database is backed up in three separate files on the
Internet Serving computer each day. In addition, the voting
database is also backed up on an external hard drive in case of
a catastrophic hard drive failure.
Power Failure Recovery
The voting system is protected
from power outages through the use of a 15KW natural gas powered
backup generator. The generator automatically senses the loss of
electrical power from the electrical supplier. Within 6 to 10
seconds, the back up generator starts and the system
automatically switches the power to the computer facility. Each
computer is also protected by its own battery back-up system
rated to provide uninterrupted power for a minimum of 20
minutes. The backup generator system is automatically operated
for 20 minutes each week to ensure nominal performance.
