Digital Polling and Public Opinion
With the broad global adoption of the internet and social media, online polls of various sorts have become valuable tools for political forecasting, policymaking and market research.
However the (semi-)anonymous nature of these polls makes them ripe targets for manipulation by special interest groups. In todayâ€™s briefing we will examine the impact of manipulations and the state of potential mitigation strategies.
After the UKâ€™s referendum on EU membership led to a win for the â€œLeaveâ€ campaign, a petition was started on the UK Governmentâ€™s official petitions site asking for a second referendum. While millions of valid signatures were placed under the petition, it soon became apparent that thousands of further signatures had been created by online activists linked to the 4chan image board.
This most recent example highlights the central issue with online polling: The anonymous nature of the internet allows for vote manipulation.
While some polling providers require the registration of email addresses or phone numbers, solving of CAPTCHAS or creation of accounts, all of these steps can easily be circumvented by an activist determined to cast several votes.
Worse yet, in many cases, the voting process can be completely automated.
This means that even a single technically versed attacker can completely control the outcome of a badly secured poll. Since online petitions are expected to represent the will of the population, a single person may thus hack his or her way to large political influence if the petitionâ€™s signatures arenâ€™t sufficiently verified.
Polls requiring the registration and confirmation of email addresses or phone numbers are slightly harder to influence, but still pose no real challenge to a determined attacker with the necessary technical knowhow.
CAPTCHA systems such as Googleâ€™s reCAPTCHA can prevent automation to some degree. While easy CAPTCHA systems have been cracked, more sophisticated solutions still provide a reasonable technical hurdle to automation.
That said, since a human can solve about one CAPTCHA every 3 seconds, a determined attacker could still cast more than a thousand votes on a given poll.
Requiring Facebook authentication before polling helps prevent automated fraud since Facebook itself heavily monitors for fraud. This approach however prevents those people with no Facebook accounts from participating in the polling process thus skewing the results. Lastly, â€œverifiedâ€ Facebook accounts can be purchased on the black market for mere cents if the attacker has a sufficient budget.
At this point, short of a governmental deployment of digital identify certificates to the general population, all online polls are therefore ripe for manipulation.
We expect this state to continue for the foreseeable future.
All online polls - be they petitions, questionnaires or opinion polling - should therefore be expected to be at least partially compromised.