What’s wrong with using SMS Voting?

Ok, for clarity – What’s wrong with using SMS voting for voting processes that matter like Enterprise Agreements, Plebiscites, Protect Action ballots and so on?

The question of using SMS voting for these types of processes comes up a lot here at CorpVote so we thought we’d let you know what we think.

Firstly, it all depends on how the voter authenticates against the voting system when submitting a vote via SMS. Often clients suggest that the voter should be able to send their vote (Yes or No as the case maybe) back to our system to register the vote. Authentication can be done using the Mobile telephone number the vote comes from – This is so, but is extremely insecure and very easy to ‘Game’.

SMS messages and the number they come from are very easy to ‘spoof’. In fact, there are apps for most phones that allow you to make a call or send a message that looks like it comes any mobile number you choose. For the more serious punter, there are some very simple scripts that can be used submit any number of SMS messages purporting to come from a series of mobile telephone numbers. Given mobile telephone numbers are widely distributed, it’s simply a bad idea to use it as a form of authentication and results in a voting process that would struggle to stand up to any level of probity.

CorpVote’s SMS voting channel authenticates in a very different way that ensures the level of authenticated access to submit a vote is equal to all our other secure voting channels. That said, we have seen another issue that has caused some tension during the voting process.

Once a voter submits their vote, the message and receipt remains on their mobile telephone. If another voter wants to find out how someone else voted, then all they need to do is look at the voters’ messages. We have had cases of this happening inadvertently and on purpose. Apart from this situation breaching all the rules of a secret ballot, CorpVote has seen this create some very uncomfortable and tense situations amongst some work forces that were divided on issues.

Finally, the technical nature by which SMS messages are sent and received means that they are also stored in clear text in many locations and very easy to track. Without a strong policy guiding data access, this information is in the wind so to speak.

In conclusion, voting via SMS, if authenticated properly, is a reasonable choice of voting channel as long as the data tail is managed correctly. That said, a vote conducted using the proven mix of Internet and Telephone voting channels, offers a far greater level of privacy, security and integrity with the same level of convenience without the risk.

Tim Jones | Director – CorpVote Pty Ltd