BAFTA Jury Voting – Secure Tablet Voting

image

Background

For many of BAFTA's awards the winners and nominees are selected by a specialised jury of industry experts.  One of the many reasons that the awards is so highly prized is that the selection processes adhere to strict guidelines designed awarding on the criteria of creative excellence.

Supporting the jury selection processes is the Jury Voting system which I product managed the first iteration, before COVID-19 forced a change in approach. The first iteration was a customed designed web application which used a small computer to create a LAN Network which the jurors connected to via tablets enabling them to securely cast votes.

In 2014 after BAFTA had launched several other technical systems, which I managed, to improve and modernise Awards processes the question was asked if technology could be utilised to make the jury process even more robust. Before the system was developed jurors voted using paper ballots and with any manual processes there is a element of risk. I was tasked with developing a system that would improve the security and reliabilty of the voting process.

The Requirements

The project stakeholders outlined their high level requirements at the outset of the project:

  • Security
  • Ease of use
  • Cost

These requirements informed the core decision making for the design and build of the product as the solution needed to adhere to them. This led to an analysis of current technologies to understand what combination of hardware and software could deliver the end solution.

This project was different to Nucleus as previous to the product development I had not managed any of the jury processes. This presented a new challenge of process discovery engaging with and liaising with stakeholders to fully understand the requirements and the decisions I was making in relationship to the final product. The outcomes from the discovery sessions further led me to understand the objectives:

  • Flexible functionality to administer different jury workflows.
  • Winners should not be disclosed to anyone, including the jury participants.
  • Online result access for the scrutineers.
  • Instant reporting of results to keep the jury process progressing.
  • Jurors sign to confirm their votes cast.
  • Develop a system that was light touch and complemented the Jury process without elongating the voting process.
image

Hardware

The core challenge was to deliver a product that was both secure and online. The biggest risk of any online system is its vulnerability to hackers. A paper voting process is un-hackable, although has a different set of vulnerabilities, however to obtain the data the hacker has to gain physical access to the data.

Conceptualising this approach the solution was to replace the security of a paper system by utilising hardware that could operate offline during the jury process and connect to a remote server to upload results. Initially a Rasberry Pi, which is a small open source computer aimed at people who are learning to code, was selected as it is lightweight and the pricing fitted the budget.

The Rasberry Pi could be used to host LAN network to which other devices connected, in this instance iPads which the jurors would use to vote. All the software and votes would be on the Rasberry Pi meaning that to gain access a user would need to be in the range of the network, essentially in the jury room or to steal the Rasberry Pi. The security was therefore taken one stage further and when the voting was finished, the results were written to a Zip File which was also PGP encrypted.

PGP encryption is high-grade and extremely difficult to crack. Whilst it is possible the resources required outweigh the benefits of stealing the data. This resulted in being able to fulfil a further requirement and storing the encrypted files in a secure online repository so that Deloitte could access the results.

Looking back at the Rasberry Pi itself even if someone were to steal the device there was no method for them to access it. All ports were disabled and only preapproved devices using their Wifi Access code. Not only would the hacker need to steal the Rasberry Pi but they would also need to steal one of the pre-approved devices to access the network.

After a year of using the Rasberry Pis we upgraded the solution to Cubietriucks which provided more reliability in terms of connection and general stability.

Software

Building the interface presented some interesting challenges. Tablets would be the devices used by the jurors to cast their votes. Its possible to create very user friendly UI, they are portable, relatively cheap and can connect to WIFI networks.

The initial assumption is to build a dedicated app but this approach is expensive and time-consuming. An App would need to be maintained in the iTunes and Google App stores and would add hugely to the budget set aside. Instead a web application was built, which is software which runs on a web browser, resulting in the system being device agnostic.

There was not a huge budget for design so the approach was to build something clean and clear which would have the potential to work on all devices. Therefore the result is a UI which is responsive and will work on phones, tablets and PCs.

In terms of the UI there was one problem presented by both the project budget and the Rasberry Pi. Multiple juries run concurrently and each jury has 12-14 jurors, meaning that the number of devices required for each juror exceeded the budget provided. Even if this cost could be covered it was not possible to join more than 4 devices to a Rasberry Pi at a time - each new connection kicked a currently connected device off the server. Therefore we were limited to 4 tablets in the room that could be effective.

One tablet would belong to the admin user so that they could manage the processes leaving three for the rest of the jury. This was not a huge problem as the benefit of a tablet is that it can be passed from one user to another. However, the challenge is authenticating each user so that they could cast their votes and pass on the tablet to a new user. One of the key requirements was speed.

After debating various options I decided on not having a login process. There are a limited number of jurors in a meeting, all of them are known in advance, so a list of names can easily be compiled. The jurors were asked to select their names, vote, sign the confirmation and at which point the system would log them out ready to be passed to the next user. The round could not be completed until all user had casted their votes and the size of the sample made it easy for admin users to check everyone had cat their votes. If a user chose the wrong name, or tried to vote twice, then the correct user would notice. Votes could be reset and then cast again, this was beneficial if a juror changed their minds.

Once a user started voting their name was locked so there was no possibility that another user could vote in their place. The long list of entries and the nominees were presented in the system which entries that were not successful in a given round being removed automatically from the list.

In the event of ties tie-breaker rounds were created and users asked to vote again. In this instance the successful entries were displayed and the remaining tied entries could be voted on again.

Admins had access to the system and can perform a variety of functions including voiding votes, clearing signatures, marking attendees as absent and finalising the votes for saving.

In the final round the nominees are presented to the jurors but after the votes are cast the winner is kept secret from all users. This has a slight anti-climax but adds a layer of security as it means that the jurors are unable to slip up and reveal the winner, as they do not know. The votes are kept secret.

The Result

The end result is a very bespoke system which fulfils all of BAFTA's Jury voting requirements built and maintained internally by BAFTA Tech.

The screenshots illustrate, although basic, that the design serves its purpose and allows jurors, event those with little technical skills, to take part and feel comfortable in the jury process.

The security also has been significantly improved, removing the risk of ballots being miscounted, keeping the winner a secret and storing the results in a clearer format.

The aim was to use technology to improve the jury voting process without changing the dynamic or interfering with the discussions of the jury. The result was a resounding success and they system was used until 2020 when COVID-19 caused a rethink in how juries are administered.

 

Description

  • British Academy of Film and Television Arts

  • bafta.org

  • 2014

BAFTA Jury Voting was developed as a secure robust voting platform to improve accuracy and auditing of the  BAFTA Award voting processes. The system utilising a stand alone CPU which generated a local WIFI network the tablets to connect enabling jurors to cast their votes before they were PGP encrypted.