SAS Election Software
Voting In An Election
The SAS Election software can be accessed by using the following link:
https://secure.sas.rutgers.edu/apps/poll
This link will take you an election chooser that will allow you to select from the elections you are eligible to vote in. If you know the number of the individual election you can access it directly by using the following link:
https://secure.sas.rutgers.edu/apps/poll?election=#
(Where # is the election number)
Once you have selected an election you will be presented with your ballot. At the very top of the ballot you will see a message telling you how long you have to complete the ballot. If you exceed this time limit, your session will be cleared and you will need to start over as you vote will not be recorded. This time limit also serves another purpose; If you should lose your network connection or close your browser for some reason (e.g. program crash), this is the amount of time you will have to wait until you can login back into vote.
There are several features you should be aware of when voting:
-
The system can be configured to randomly reorder the answers to questions. If you click on REFRESH in your browser, you may notice that the questions are in a different order. Any choices you have made in a question that was reordered will either be maintained or cleared. In no case will your vote be changed because of the reordering of the choices.
-
If you fail to answer a required question or otherwise violate the rules for the questions (e.g. selecting four choices when you are only supposed to choose three) the system will notify you of your error and highlight the question when you click 'CAST BALLOT'. The system will not let you submit an invalid ballot.
-
Your eligibility for the election does not necessarily mean you will be eligible to vote on all questions. If you are not eligible to vote on a particular question the question will still appear but you will not be able to make a selection or enter text for that item. The system will also display a message notifying you that you are not eligible to vote on that question.
-
The Clear Form button at the bottom of the ballot resets the ballot to the choices that were in effect when the page was loaded. If you click this button after you have attempted to submit you ballot and were notified of errors, the button will reset all questions to the choices that you made before you attempted to cast your ballot. This is not a bug but the browser operating to spec.
-
After you have successfully cast a valid ballot, you may be presented with a receipt key. This depends on whether the election administrator has enabled this feature for the election you are participating in. If you are presented with this key you can save it and use it to verify your vote in the system. It is a 30 digit alphanumeric key that is derived from a series of random numbers. Your choices in the election are not used to generate this key and there is no way to use it to link your votes to you. It is there if you choose to use it to verify that your vote was recorded correctly. The only place this key will be displayed is on the screen following your ballot being cast. If you do not save it somewhere, there is no way to retrieve it.
-
If the election you are participating in only allows one vote to be cast per person and you access that election again, you will be presented with the screen that allows you to enter your key to verify your vote. Enter the key EXACTLY as it appeared on the screen (yes, it's case sensitive) and the votes you cast will be displayed on the screen.
Security Safeguards
The system has a number of security features to prevent attacks or fraud in voting. For example:
-
Elections may be limited to specific computers or networks. If you attempt to access an election from an unauthorized machine you will be notified of the violation and logged out of the system.
-
The system requires that cookies be enabled to track your session. No information about your vote is stored in this cookie, only information about the session that you've logged into. If cookies are not enabled in your browser, you will not be able to cast your vote.
-
The system requires that you access it securely (by using https:// rather than http://). You will not be able to access the system using an insecure link.
-
Elections are limited to a specific time interval. You will not be permitted to vote prior to or following the election start or end times. In addition, the Election Administrator is automatically locked out of the management portion of the program once the election start time has passed so no modifications can be made to the election once it has started.
-
As stated before, your ballot is verified before it is cast. The system checks to make sure that all required questions have been answered and all conditions regarding vote count have been met. If you attempt to submit an invalid ballot you will be re-presented with the ballot with all problem questions highlighted and a message detailing the problem. Note: If this occurs, the time limit for casting your ballot is reset back to the original value.
-
If a user is eligible to vote in more than one active election, the user will only be permitted to vote in one election at a time. Once their vote is cast in whatever election they choose first, they are free to immediately vote in any other election they are eligible to participate in.
-
Information on who voted or didn't vote in a particular election will only be released on a user by user basis and only with the permission of that user. However, aggregate data will be made available on the request of the election administrator once the system administrators have reviewed the aggregate data to guarantee that its release wouldn't compromise voter security.
That's all you need to know in order to participate in an election. If you are having problems voting, please contact the election administrator or submit a REQUEST . Please vote early so that, if a problem should arise, you have time to contact administrators so they can resolve the issue before the election end time has passed.
If you are an election administrator or are interested in the way votes are stored for privacy reasons, please continue reading. Otherwise, happy voting.
Vote Storage
When designing the tables for vote and voter storage, the goal was to create a system that would effectively allow us to store votes, permit the retrieval of a user's vote by the voter (and only the voter) while also tracking who has already voted to prevent multiple voting, all without compromising the anonymity of an individual's vote.
In order to accomplish these goals several separate, unlinked tables were created. Their names and uses follow:
-
votes - This table stores all of the votes on an individual user's ballot in one record with two additional fields. One to hold the key that is generated when the vote is cast and one to hold the election number.
-
voted - This table stores the netid, vote count, election number, status and a timestamp. When a user chooses an election and is presented with a ballot, a row is created in this table with the NetID of the user, their voting status is set to 'voting' and the timestamp is set. Once they have successfully cast their ballot the timestamp is cleared (to prevent abuse), the voting status is changed to 'voted' and the vote count is incremented by one. This table and the votes table cannot be linked. They share no information that would allow for the voter's NetID to be associated with their votes.
-
session - This stores the session information while a user is in the program. All information that must be passed between pages when submitting information is stored in this database to prevent local manipulation. The user's record in this table is automatically cleared when they logout of the software. If the user simply exits the browser rather than logging off, the session information will be cleared automatically when the election administrator accesses the program after the election has ended to retrieve the results.
-
The remaining tables in the database (questions, answers, etc) are used to store the data needed to conduct the elections (e.g. the questions and answers) and do not change once the election has started.
In addition to the actual database tables, information is also stored in the logs as the user completes tasks in the program. This log file does not contain information on votes or the keys that are generated after the vote is completed. Only information that is needed for troubleshooting and fraud detection is stored in this file and only the system administrators have access to those logs. Even though the information in these logs is innocuous Election Administrators still do not have access to them.
A final note about vote security. Every precaution has been taken in the design of the software to eliminate the possibility of an individual's vote being revealed, even to a system administrator. That being said, no system is foolproof. Even when using paper ballots, someone could open up the box after one person has voted and look to determine how that person voted. A similar possibility exists in this case. If a system administrator (currently only two people) with direct access to the database tables were to look at those tables after only one person voted, they would be able to determine how that individual voted. However, once a second vote was cast, unless that vote were identical to the first, there would be no way to tell how either user voted. If you're really concerned about this, find a buddy and vote at the same time. Assuming you don't cast the exact same ballots, you've effectively eliminated the possibility your vote could be revealed.
Even if a hacker were to break into the system (which is HIGHLY unlikely) and gain full access to everything, he or she wouldn't be able to determine how an individual voted after more than one vote was cast.
Election Administration
If you would like to setup an election please submit a REQUEST with the following information:
-
The name for the election
-
NetID(s) of Election Administrator(s)
-
Contact e-mail addresses for Election Administrator(s)
-
List of NetIDs for voters eligible for the election (If you don't have a way to easily generate a list then attempt to provide a group (e.g. All SAS Faculty, All Staff in Department X, etc).
-
Start and End date and time for the election (if you want to have a test run for the election first, you can specify a test start and end time as well).
-
Whether or not you want a receipt key to be displayed after a user casts a ballot so they can log back in and verify their vote.
-
The time limit a user should have to cast their ballot (also serves as the amount of time that must pass before a session is cleared in the event of a lost connection) [Default: 30 minutes].
-
Number of votes that each user is permitted to cast.
Once you've been setup as an election administrator you can login using the main URL (https://secure.sas.rutgers.edu/apps/poll and you will be presented with a screen that has all of the active elections you're permitted to see plus, you'll see a link called 'Create A New Election' at the bottom. Click on this link and you'll be taken to the screen where you can modify the election parameters. There values you e-mailed are already in there but you can modify them if you want. Once the election start time has passed, you will no longer be able to access this screen.
Once you've finished making modifications you can click Menu to access the Election Administration Menu. Click on Question and Answer Setup to define the questions and answers for this election. (If you receive a blank screen click REFRESH and that should fix the problem).
You will now see that one question has been defined for you called 'New question'. Click on the drop down box and choose from one of the following options:
-
ENABLED - [Default] The question is enabled and will be included on the ballot.
-
MODIFY - Allows you to modify the question and possible answers to that question.
-
DELETE - Permanently and irretrievably deletes the question and associated answers.
-
INSERT - Insert a new question before the current question.
-
INSERT - Insert a new question after the current question.
-
DISABLE - Disables the question. It will only appear in the configuration screen, not on the ballot.
You will also see < and > buttons to the left and right of the question number. You can use these buttons to move a question up or down in the order. If you click on the > button for the last question this will perform the same function as the INSERT> drop down menu choice and create a new question.
In order to modify the newly created question choose MODIFY from the drop down list.
There are several options that you can use to customize the question and a couple of procedures you need to know to make it easier to create questions. First the question types:
Tips for Question Entry/Editing
Because of the way question entry works, you should perform tasks in the order that follows. If you do not follow this order you will probably find yourself re-entering information a few times.
-
After entering the question modification screen first create all of the answers you need. You need not fill in what the answers are but you should create the appropriate number of answers.
-
Then make the necessary changes to question type, question text, config values, allowed and randomize and click SAVE.
-
Then edit the text in the answers section (if you haven't already done so) and click Save
-
After all of your edits are finished you can click Question listing to edit/create more questions.
Modifying the Election Configuration
The election configuration allows you to set parameters for the election overall. Again, once the election starts, these values cannot be changed.
Global System Configuration
Note: This screen can only be accessed by system administrators.
This screen defines parameters that will be in effect for all elections and currently contains only two values:
-
administrators - the list of system administrators that are authorized to manage all elections.
-
allowed_creators - the list of users that are permitted to create new elections in the system.
Conclusion
If you need assistance using the software for voting please contact your local election administrator. This should be the person that notified you of the elections existence and gave you the link to vote.
If you have problems logging into the software and receive an invalid username and password message, the problem is most likely with your NetID. Please try logging into the following page https://www.td.rutgers.edu/netid. If you receive four 'Success' messages when logging into this page and still cannot login to the voting software please send mail to the sysadmins address below.
If you have problems with the software itself please SUBMIT A REQUEST
Software and Documentation by Thomas J. Vosseler
© 2007 Rutgers University.
admins |
Should contain a comma delimited list of NetIDs that are permitted to administer this election and retrieve results after the election has completed. |
contact_email |
The e-mail address of the person that will be able to answer questions should an error occur. |
election_disabled |
Disables the election (election will not show up in the election chooser and must be re-enabled by the system administrator (this field not yet implemented) |
eligible_voters |
Can either be blank or contain a comma delimited list of NetIDs for those authorized to vote in the election. If this is left blank and there are no question based restrictions then anyone with a valid NetID can vote in the election. If either this field or any question based allowed field has NetIDs included, those authorized to vote in the election will be limited to the combined list of NetIDs. |
enable_highlight |
If set to 1 the system will put a light gray background on every other question on the ballot to make it more clear where each question starts and ends. The default is for this to be set to 0 (off). |
end_time |
Must be in the format YYYY-MM-DD HH:MM:SS and specifies the date and time when the election should end. This is a required value. |
finish_message |
This generally a relatively short message that is displayed on the final screen after the user has cast their ballot. Generally something like 'Thank you for voting in this election'. |
ip_restrictions |
If this field is blank, which is the default, users can vote from anywhere on the Internet. Otherwise, Allowed IPs must be entered using the IP/Mask format (e.g. 165.230.0.0/16 or 165.230.100.100/32, etc). The most likely use of this field is to limit voters to the Rutgers network (165.230.0.0/16,128.6.0.0/16,172.16.0.0/12). |
name |
The name for the election that will be displayed at the top of the page and on the election chooser screen. |
not_authorized_msg |
The message that users should receive if they are not authorized to vote on a particular question. |
show_receipt |
(0 = no, 1 = yes) Determines whether or not the hashed key will be displayed as a ballot receipt after the user has cast their vote. Some users may find the ability to retrieve votes unsettling so the ability to disable this feature has been included here. |
start_time |
Must be in the format YYYY-MM-DD HH:MM:SS and specifies the date and time when the election should start. This is a required value. Be careful when setting this value to make sure that you set a time in the future. If you enter a time that is in the past, the election will immediately be marked as active and you will no longer be able to make modifications to the election (like adding questions!) |
time_limit |
The system needs to be able to clear sessions that have been open too long. This is to guard against users that walk away from their workstations after logging into the software as well as users who accidentally close their web browser. Should something like this occur, this value will determine how long the system waits before clearing the session and allowing the user back in to vote. This value MUST be set and it is strongly recommended that the limit be no more than one hour. The default is 30 minutes. |
votes_per_user |
In most cases this is going to be set to 1 which means every eligible voter can vote only one time. However, you can set any value you'd like. A value of zero ('0') means that there is no limit to the number of times that a person can vote. |
Question Types: |
|
||||||||||||||||||||
Question Text: |
Free form text can be entered in this box. Hard returns (Ctrl-ENTER) can be used to format the text to make it more readable in the box but this will be ignored when it is displayed on the ballot. The software uses standard HTML tags to format the text for the question. Here's a sample question: |
||||||||||||||||||||
Config Values: |
These values are used differently depending on the type of question. Here's a breakdown:
|
||||||||||||||||||||
Allowed (NetIDs): |
This field can be used to limit who can vote on this individual question. By including a user's netid in this field they will not only be permitted to vote on this question but will also be permitted to vote on all other questions in this election that have no further voting restrictions. Enter a comma delmited list of NetIDs to limit those who may vote on this question. |
||||||||||||||||||||
Randomize Answers |
Will automatically put the answers in random order every time the ballot is loaded or reloaded for a multiple choice question. This value will be ignored for all other question types. |