A recent ABC poll was (almost) rigged by someone at the ABS — here’s how
You might not have realised, but yesterday's Curious Canberra story was almost rigged.
Each month the ABC puts three audience-submitted questions to a vote and its journalists endeavour to answer the most popular one.
But a recent experience with the poll has demonstrated the perils of collecting votes online: An IP address linked to the Australian Bureau of Statistics (ABS) voted for one question almost 1,500 times.
The votes were sent over a two-week period, and would often come in bursts of dozens of votes within a few minutes.
All of them were directed to the question "Why was Canberra established as an inland city?"
Benign as that question may be, it highlights how easily people can manipulate online polls. So should you think twice before believing their results?
Was it really that simple?
Australian Defence Force Academy lecturer Ed Farrell, who describes his work as "pretending to be the bad guy" to expose security weaknesses, said online votes and polls were easy to manipulate.
Within minutes Ed increased the third-place question's vote share from 14 per cent to 42 per cent.
"I can write a script that keeps sending that request of a vote in one particular direction or another," he said.
"I can give the appearance of a number of requests appearing to come from multiple different users.
"I would say it's easy for someone with computer skills to execute."
To demonstrate his case, Mr Farrell offered to mess with the poll in question.
Within minutes he had a program send 2,300 vote requests, moving the third-place option to the lead.
While in this case the vote wasn't an issue of great substance, Mr Farrell said the same vulnerabilities could be present in other online polls.
But while vote-farming robots are fascinating, the method in our real-life case of tampering appears to have been far cruder.
Voting for a Curious Canberra question is designed to be easy to maximise participation. Once a vote is open, anyone can click on their favourite question to have their say.
However once a person has voted, their browser will record that fact and prevent them from voting a second time.
"We'd rather err on the side of having people be able to vote, and then after the fact, figure out whether we want to keep those votes," Corey Haines from Hearken, which works with the ABC on Curious Canberra said.
According to voting data, the most likely method used to rig the vote was simply opening a voting page in a private or 'incognito' browser, voting, closing the page and repeating that cycle.
By using a browser which doesn't record what you're doing online, data telling the website that a user has already voted (also known as cookies) isn't recorded.
Over the time the vote was live, the ABS-linked IP address voted 1,500 times.
"Most of the fraud that we see … the votes come in at a rate of one per four, five, six seconds," Mr Haines said.
"That implies to me that its somebody doing that browser cycle."
The ABS confirmed a rogue employee had used a work computer to rig the poll.
"The person involved was a temporary employee who no longer works for the ABS," a spokesman said.
"The ABS has and will continue to ensure its staff are aware of their [computer use] obligations, and has and will take appropriate disciplinary action when required."
So now I can rig every poll all the time?
Slow down there — just because someone tampered with the vote doesn't mean it influenced the final result.
It's not uncommon for websites running an online poll to monitor for fraudulent voting, and Hearken works with the ABC to weed out dodgy votes.
"We do keep track of your IP address, which is how we do some rudimentary fraud detection," Mr Haines said.
"It's almost better to have an after-the-fact analysis of the vote."
Before the vote ended, the ABC reviewed and discounted all the suspicious votes — which had gone to the question which won regardless.
How trustworthy are online polls?
Online polls are often noted as being less representative than other forms of polling, and Mr Farrell says their added vulnerability to tampering means results should be served with a big helping of salt.
He said while measures like Captcha codes could provide some protection, it's possible to circumvent them.
And although firm data about bots rigging polls is scarce, Mr Farrell says their influence can be seen everywhere.
"I would say that we see them often without actually seeing," he said.
"By that I mean we probably don't have the evidence for or against a lot of these voting applications to the level we would like.
"But when we have certain votes getting skewed in certain directions, the behaviour kind of suggests that's exactly what we're seeing."
That being said, we still want you to vote for the next Curious Canberra poll — we're on top of the rigging. We promise.Let's