Voting using the Internet
This project was all about contradictions. It had to be accessible by all, but had to be totally secure. We had to track every single vote but the anonymity of the voter had to be absolute. It had to be very easy to use, but the technology we were using was complex and new.
But we managed all that and more. When we started the government themselves stated that it probably was impossible to do, certainly not done in a way that was easy to use and understand.
Despite these reservations, we managed to do the project on time and within budget. Not only that but we were never hacked, security was good enough (nobody could cast a fake vote) and the pilot project delivered results.
I was the team leader in developing the technology, creating the methods we were using, both for the website as for the security of the vote. We used biometrics (fingerprint readers) for identification and a PKI set for security. On top of that we also encrypted the vote itself.
The only real security hole we found during the project was the human aspect. We had 1 laptop that could access the system to create a voting form. So this laptop had to be secured. The subcontractors left it on the table in an unlocked office room and sure enough, the laptop was stolen. It gets worse, they didn’t tell us about it. Not so surprising, these guys claimed to be Internet Content Specialist, the best in the country. They managed to mess up the first page (a static web page explaining the project), by making all the important words blue and underlined. Not links, just blue and underlined.
I often said, I learned a lot of stuff I did not want to learn. But then learning is good no matter what.
All in all, I certainly regard it as one of my better projects and one that I am quite proud of.