Online voting systems need solid security measures. We keep the Citizen OS platform up-to-date with new laws and best practice—our CEO and Product Manager, Margo Loor, explains how.
At Citizen OS, we’re passionate about spreading participatory e-democracy, and have huge faith in its potential to bring greater good to the world at large. We know that when it comes to online democracy, a secure and trustworthy product is the key to success.
Here are the top four security measures we use to keep our platform safe.
In order to discuss or vote on a topic on the Citizen OS platform, users must identify themselves via Gmail, Facebook or by creating a user account on the platform itself.
On top of this, you can also link the Citizen OS platform into your country’s national e-voting infrastructure. This way, voters can be identified via your government’s existing identification system.
In Estonia, for example, users wishing to discuss topics or submit votes on the Citizen OS platform are identified using the national electronic ID system. This infrastructure has been used by Estonian citizens since 2005, to securely e-vote in elections and e-sign on all sorts of national and personal business.
What’s more, an EU directive, eIDAS, is now acting to unify e-voting systems across Europe—bringing about greater use of e-identification, and allowing votes to be accepted across EU borders.
Safety in the clouds
Our platform’s server uses trusted cloud services Amazon CloudFlare, Heroku and AWS. These services protect sites from attacks and ensure they are always online, by switching between servers if any issues arise.
Open Source Scrutiny
All our software is open source. This means our code is out there in the public domain, being run under the scrutinous eye of many a coder. The open source developers community gives valuable input into our code, helping keep our software strong and secure.
We have a ‘red line’ set out in our internal product development process, which is activated when there is a critical bug or attack. This line is the path we follow to resolve any ‘red alert’ issues—regardless of the time of day, or day of the week—and has worked seamlessly for us, even when tested on a public holiday. Having this in place is very important from a security point of view, because it’s precisely the lack of agreed, documented and tested processes that can drop an organisation to its knees in the face of a security incident.
The finer details
If you’re interested in using the Citizen OS platform or want more details on any of our security measures, just drop us a line at firstname.lastname@example.org and we’ll be very happy to chat.