CPAC 2012 rolled out an electronic straw poll for the first time during this year’s convention. The technology had a test run at the Florida CPAC event in 2011. CPAC’s official pollster, Tony Fabrizio called the previous system of paper ballots “cumbersome” during the Press Tech Briefing regarding the straw poll.
The new electronic straw poll works like this: each registrant receives a unique pin which they put into the website. Once the pin has been entered, it cannot be used again, and once a question is answered the registrant cannot go back. The pins are one time only.
The press briefing centered more on a joint initiative with the Washington Times who is conducting a poll among self-identified conservative voters, asking them the same questions as those found in the CPAC Straw Poll. The responses will be released at the same time as the Straw Poll results for an “interesting comparison”.
However, ACU left the question of security mostly untouched. When asked about how secure the electronic polling process was, Tony Fabrizio reiterated the unique pin process. “You can go to it and see the url but you can’t access it without a pin that is verified.” He laughed off the idea of any hacking attempts. Fabrizio said the only way to break into the site would be to sit in front of a computer and just guess random numbes. He also noted that the site was “encrypted” but gave no further details. He compared the security to the kind used for consumer surveys. Fabrizio promised that if a “Ukrainian hacker” attempted to break into the site the press would be the first to know.
Fabrizio is right, there isn’t much threat from a Ukrainian hacker, but a Ron Paul supporter from Portland is a much more credible possibility. This is nothing new; tech-tuned Paul supporters have been breaking into online polls for years. It’s easy to run a number sequencing program to look for acceptable pins (how do you think early hackers found accessible phone lines? Running a program that just dialed every number until one connected). Nothing was said about how many possible pins can get into the site and how many were actually given out at CPAC, that discrepancy could leave multiple verified pins available. There was also no mention of any lock-out protocols, such as how erroneous pins could be entered before locking someone out.
Plenty of “encrypted” sites are broken into every day. So, what level of encryption is actually being used at CPAC? While ACU may have waved off the question of security, the issue is very real. CPAC’s straw poll draws huge headlines and would be worth tweaking the vote for. The bigger question, if CPAC or other organizations want to use this electronic polling model in the future, real technical details should be released about how secure the process truly is. In the meantime, don’t be surprised if Ron Paul manages to win the CPAC2012 Straw Poll.