iVote
In recent years, adversaries with unlimited money and means are waging a non-stop global cyber war against every machine connected to the internet. Critical election infrastructure and related government systems are at risk. As a result, some major parties have become aware of how important securing their free and fair elections have become. At the same time, there is no dominant player in the secure election systems market. This presents your modest band of coders with a unique opportunity!
iVote has been contracted to build a secure electronic election system to their specifications. The system will allow an entity to host elections at scale without requiring voters to appear at a physical voting location. In order to ensure fairness, you’ve decided to implement a form of instant-runoff voting (IRV) to determine the election winner.
Summary of requirements
Your system will consist of a web portal where, only after logging in, users can view the results of past elections and vote in current elections. Voters will be able to login using their first and last name and the last four digits of their social security number.
All other users must login using email and password
There are five (5) types of users: root, voters, moderators, administrators, and reporters. Users can only be one type at a time.
- Voters are the most common type of user. They vote in elections and can view a complete listing of past election results.
- Moderators manage elections to determine which voters are allowed to vote in which elections.
- Administrators, along with having system-wide moderator privileges, can manage which users have moderator privileges as well as create new elections and manage existing ones. Administrators are also the only type that can create new users and restrict other users as well as change a user's type; however, administrators cannot modify the account details of other administrators or give other users the administrator type.
- The root user is a special administrator that can give other users the administrator type and view information that is normally private. There is only one root user in the system.
- Finally, reporters can view the history of past election results and nothing else.
Additional Details
- Elections have timestamps marking when they open to allow voting and when they close and permanently commit their results.
- Voters can only vote in open elections, though they can also change their vote rankings as many times as they want up until the election is closed.
- Reporters can only see closed elections.
- Voters can only see elections they are or were eligible to vote in.
- Moderators can see any election an administrator has assigned them to.
- Administrators can see every election in the system.
Requirement 1
Login: a user must authenticate before they can access the system.
- Authenticating (logging in) is required to access any component of the system.
- No part of the system beside the login view will be accessible to unauthenticated users.
- Any authenticated unrestricted user has the option to view their own dashboard and a history of past elections (below).
Requirement 2
The system will support 5 types for users: root, voter, moderator, administrator, and reporter.
- Voters -Can vote in elections and can view a complete listing of past election results.
- Moderators - Can manage elections to determine which voters are allowed to vote in which elections.
- Administrators
- Can view a list of every single election in the system
- System-wide moderator privileges
- Can manage which users have moderator privileges
- Can create new elections and delete existing elections only if they are upcoming
- Manage existing elections
- Can create new users
- Can restrict existing users
- Can change a user’s type
- Cannot modify the account details of other administrators
- Cannot give other users the Administrator type
- Reporters - Can view the history of past election results and nothing else
- Note the special root user. The root user is a special administrator that can give other users the Administrator type and view information that is normally private.
The root user is always the first user in the system and there can only be one root user.
Users can only have a single type at a time. You are free to create other types.
Requirement 3
The system will support elections. An election has:
- A title
- A description of the topic being voted on
- A list of choices voters must rank from most favored (starting at 1) to least favored
- A list of voters that are able to vote in this election while it is open
- A list of moderators that have permission to add and remove users from the list of eligible voters
- A timestamp indicating when the election opens
- A timestamp indicating when the election closes Feel free to add any other information necessary.
All users can view and interact with individual elections. Users interact differently with elections depending on their type.
- Moderators can add users to elections or remove them from elections.
- Administrators can create and delete elections.
- Voters vote in elections.
- Reporters can view the results of elections.
When viewing election results that are closed:
- The winning choice will be emphasized in the frontend UI.
- All eliminated choices will be clearly marked.
- The UI will indicate by how many votes the winning choice won versus the total number of votes cast.
- Finally, if the election is closed and the user viewing it voted in said election, their choice in the election will be most prominently marked.
Requirement 4
Dashboard
- Dashboard: each user has access to a personalized user dashboard.
- When viewing their own personalized dashboard, users are presented with the following information:
- first and last name
- email address
- Last IP address where user logged in from
- Last login date/time when user logged in
- You are free to display any other relevant information.
- All users will have the ability to view the details and results of any elections that appear in their dashboard.
- When displaying upcoming and current elections in the frontend UI, they will be sorted in ascending order by their opening time (earliest first).
- When displaying past elections, they will be sorted in descending order by their closing time (latest first).
For voters
For voters, the dashboard will also show:
- The most recent open elections the user can currently participate in
- Closed elections they were eligible to participate in
- Upcoming elections they’re eligible to participate
For moderators
For moderators, the dashboard will also show:
- All the elections that the moderator has been assigned to oversee
- Elections will be grouped by their status as upcoming, open, or closed
- Moderators will be able to add a user to an election or remove a user from an election
For administrators
For administrators, along with the controls moderators have, the dashboard will allow the administrator to view and modify all users and elections in the system.
Requirement 5
History: each user can view a complete history of past elections that can be sorted by at least one useful metric.
Some examples of useful metrics include allowing users to sort elections in ascending or descending order alphabetically, by open date, or by close date.
Requirement 6
Registration / New Users/Voters
- When creating new accounts, administrators must provide the following:
- Unique email
- First and Last name
- phone number
- address
- city
- state
- zip
- secure password
- There is no open registration feature.
- Only administrators can create new accounts.
- Usernames (email) cannot be changed after the account is created except by administrators
- All other user information (including full name) can be modified by the user that owns it.
- Note: the only requirement for a secure password is that it is sufficiently long. 6-10 characters is weak. 11-16 is medium. 17+ is strong.
Requirement 7
Security
- Most user information will be private to that user.
- User must be able to update their personal information: i.e. name, address
- User must ba able to change their own password
- User must be able to reset password using a "Forgot Password" feature
- Only administrators can change a user's type
Requirement 8
User Accounts
- User accounts can be restricted or unrestrictedi; i.e active or inactive
- A restricted user is not allowed to login.
- An unrestricted user is allowed to login.
- Only administrators (or root) can (un)restrict users.
- Users can never be both an administrator and restricted.
- By default, new users will be unrestricted.
- Restricting and unrestricting a user will not alter the results of any elections in the system in any way.
- If a user is logged in and their account becomes restricted, said user will be forced to log out immediately.
- Users must be able to reset password using a "Forgot Password" feature
- Voters cannot update their Social Security Number
Requirement 9
Closed Elections
- Closed elections are immutable.
- Once an election is closed, its results become immutable, which means: none of the information about that election can be modified by administrators and the election itself cannot be deleted by administrators.
- The root user is exempt from these restrictions.
Requirement 10
All results and lists of items displayed in the frontend UI will be paginated where appropriate.
Pagination is the strategy of showing a limited number of a large set of results and providing a navigation element where users can switch to different "pages" of that large set.
A Google search result (which has multiple pages) is a good example of pagination.
Requirement 11
Voting
- When voting in an election, a voter must rank all choices in order of preference.
- When an election closes, the winner is determined via Instant-Runoff Voting.
- When an eligible voter votes in an Instant-Runoff Voting (IRV) election, they do not just cast a single vote.
- They must rank their choices from most favored (starting at 1) to least favored.
- After the election closes, the system will calculate the winner by the rules of IRV as outlined below:
- All the top choices (meaning: rank-1) are counted.
- If a choice gets over 50% of the vote, that choice is declared the winner and the election is over.
- If no choice gets over 50% of the vote, the choice with the least rank-1 votes is eliminated.
- Voters who had the eliminated choice as their rank-1 have their vote go to their next top choice instead (meaning: rank-2 becomes their new rank-1 and so on).
- Return to step 1 and repeat the process until only one choice remains or a choice gets more than 50% of the votes.
For example, suppose an administrator created an election titled What should we eat after the competition? The administrator adds three choices to vote for: pizza, chicken, and tacos.
Further suppose there were 10 eligible voters. Voter 1 ranks the choices according to their tastes:
| Rank | Choice |
|---|---|
| 1 | Pizza |
| 2 | Tacos |
| 3 | Chicken |
Clearly, in Scenario A: voter 1’s favorite choice is Pizza, their second favorite is Tacos, and their least favorite is Chicken.
The other nine voters come up with their own ranks for the choices as well. Since many of them voted similarly to someone else, the 10 different voters come up with the following 3 rankings:
| Rank | Choice |
|---|---|
| 1 | Chicken |
| 2 | Pizza |
| 3 | Tacos |
| Rank | Choice |
|---|---|
| 1 | Pizza |
| 2 | Tacos |
| 3 | Chicken |
| Rank | Choice |
|---|---|
| 1 | Tacos |
| 2 | Pizza |
| 3 | Chicken |
If we just counted who got the most rank-1 votes (like a normal election), Chicken and Pizza would be tied for first place and no one would win. However, we are using Instant-Runoff Voting!
So, since no one got above 50% of the votes (50% of 10 is 5, so a choice needs 6 votes to win), we eliminate the choice with the least rank-1 (first place) votes. Since Tacos only got 2 rank-1 votes, Tacos is eliminated. After step #4 (above), now the rankings look like this:
| Rank | Choice |
|---|---|
| 1 | Chicken |
| 2 | Pizza |
| Rank | Choice |
|---|---|
| 1 | Pizza |
| 2 | Chicken |
| Rank | Choice |
|---|---|
| 1 | Pizza |
| 2 | Chicken |
Requirement 12
Somewhere in the frontend UI of every view, the total number of elections in the system will always be visible.
Requirement 13
- Where applicable, system UI will be printer friendly through print-only CSS or a "printer-friendly" link.
- A printer-friendly page is only necessary when viewing detailed information that a user might want to print, such as election information in the system. However, your website must not become indecipherable and must not require a lot of ink when printing arbitrary pages.
Requirement 14
- Security: no XSS, SQL injection, or related security vulnerabilities.
- Specifically, form inputs and the like will not be vulnerable to SQL injection attacks.
- User-generated outputs like voter addresses will not be vulnerable to XSS or similar attacks.
- Advanced security features, CSRF/token protection, et cetera are not expected. Similarly, database security is not expected.