With the 2012 Presidential election next week, GigaOM published a piece written by Ori Eisen, Founder and Chief Innovation Officer at 41st Parameter on online voting. It’s an important issue and one that 41st Parameter is uniquely qualified to address. Why? Because we know more about device recognition than anyone and device recognition is one of the critical requirements for making online voting a reality.
As pointed out in the GigaOM article, device ownership is high among all age groups but highest among young people, who are also the least likely to vote. We ought to be making voting easier – not harder – for people and allowing them to cast ballots from their devices would accomplish this.
Source: Created with voter participation data from the 2010 US Census and device ownership data from the Pew Internet and American Life Project.
Of course it must be done securely – and this is where 41st Parameter can help. Great strides have been made in user authentication, but credentials can sometimes be misappropriated or misused. It’s much harder to spoof an identity AND the identity of a device. That’s what makes device recognition such a powerful tool for preventing fraud.
Has this ever happened to you? You sign up for online banking and go through a variety of steps to create your account – personal information, user name, password, mother’s maiden name, last four digits of your social security number, secret questions, yadda yadda yadda. When you log in from the computer you used to create the account you have to enter your user name and password and maybe confirm an image or something similar. That’s authentication and it answers the question, “Is this John Q Public?”
Now if you go to another system or a new device and try to log in you’ll notice something different happens. Once you’ve entered your user name and password the system comes back at you with questions: “What was the name of your first grade teacher?” or “What is your favorite movie?” or “What was your first job?” Why? Because device recognition looks at the situation and realizes, “Hmmmm, it seems to be John Q Public but he’s never used this system/device before. Let’s test him.”
How do we know that you’ve never used a system before? The first time you log in we look at a range of parameters – things like the type of device, the operating system, the time zone, the language, etc. If the next time you log in enough of these don’t match (and typically it only takes a difference of a few percentage points to raise a red flag) more questions come your way. If you can answer them we recognize and associate the new device with your account and future transactions can proceed.
This is exactly how device recognition could be used in voting. If a voter wanted to vote online they’d need to register via the device they intended to use, providing much the same information used when setting up any other type of account. If they attempted to vote using another device they’d be challenged to prove their identity. It’s as simple as that. “But what about privacy?” you may wonder.
When we work with devices, the identity of the user is not especially important to us. We simply want to be able to say, “Yes, everything is copasetic with this device.” That means we create a unique identifier for the device that doesn’t include any PII and leaves no residue on the device. When the device is registered the unique identifier is stored on the client side server – it could be at a bank or in this case the registrar of voters. When the device appears again, if it recognizes that the identifier matches up voila universal device recognition making the capability of online voting move from “what if” to a real reality.