Voting in online competitions

“Those who vote decide nothing. Those who count the vote decide everything.”

― Joseph Stalin

In July last year I wrote a post about online prize promotions. That post included a brief discussion about voting mechanisms and their potential problems. Following a recent adjudication involving an online competition run by Unilever, I thought it worth writing about this issue in more detail.

The most common mechanism to incorporate a vote into an online competition is where entrants submit something like a photo, picture or video, the entries are then displayed in some kind of online gallery, the public vote for their favourite entry, and the entry with the most votes wins the prize.

The risk with an online vote is that it’s open to abuse in various ways. Under Rules 8.2 and 8.14 of the CAP Code, promoters of prize promotions must conduct them equitably, make adequate resources available to administer them, deal fairly with entrants, avoid causing unnecessary disappointment, and not give consumers justifiable grounds for complaint.

Where the voting mechanic of an online competition is abused somehow, entrants may complain that the promotion has not been run fairly. If the ASA thinks that insufficient security  measures were implemented to ensure the voting system was not abused, it may find that inadequate resources were made available to administer the promotion.

There are various options for promoters regarding the voting rules. For example, voting could be limited to “one vote per household”, “one vote per person”, “one vote per day”, “one vote per email address submitted”, or “one vote per IP address”. A key question to ask is what security measures can be implemented to monitor and enforce these voting restrictions?

Cookie-based voting

Using cookies may seem a simple way to enforce a limit of one vote per day for example. Following a vote, a cookie can be stored on the user’s computer which expires after 24 hours. The system then checks for the cookie each time the user comes back to the site. If the cookie’s there, the user can’t vote and is told to try again later. Elmsleigh Shopping Centre implemented this system in a promotion it ran in 2010 partly because it thought the alternative of a registration or log-in process might deter people from voting.

However, the problem with cookie-based voting restrictions is that it’s quite easy to circumvent them, for example, by deleting your cookies or by running your browser in privacy mode.

In the Elmsleigh promotion referred to above, the ASA thought that, given the simplicity of the cookie-based voting system, the possibility of fraudulent voting should have been anticipated. According to the ASA, the system should have been researched and tested more rigorously before the competition began and safeguards should’ve been implemented to minimise the possibility of participants cheating.

A couple of years later, the Co-op’s use of cookie-based tracking to register votes for a competition was also held to be inadequate by the ASA. In this adjudication, the Co-op had tried to make the voting system more robust by giving people the option to provide an email address with their vote. However, because this was only optional it was insufficient to enable the Co-op to adequately remove duplicate or fraudulent votes.

IP address based voting

Aside from cookies, there are various other solutions for enforcing voting rules. For example, in an adjudication from 2010, Ferrero gave the ASA an account of the various IP address based security measures it used to enforce the voting rules in a promotion. Ferrero’s solutions included recording IP addresses of each voter and  implementing a system which prevented IP addresses from being masked.

Most recently, in an adjudication from May this year, the ASA thought that Unilever and its agency Ogilvy had in fact used sufficiently secure methods to monitor and control voting. In that promotion, the voting rule was “one click, one vote” – i.e. one vote per day per IP address. This seems to be the clearest and most effective voting rule that competition promoters can implement.

Whilst using IP addresses isn’t perfect because entrants are theoretically able to change their  IP address. In the Unilever adjudication, the ASA thought this would require a significant degree of technical competence and programming understanding beyond the average consumer.

The other advantage of “one click, one vote” is that, because it’s based on IP addresses, you don’t need voters to register or leave any data (e.g. name or email) which can easily be fabricated and therefore not particularly helpful to combat fraudulent voting.

Nothing’s perfect

The fact is that no matter how many security measures are implemented, people will always find a way to circumvent them. Also, once a vulnerability has been discovered, the way to crack the voting limit may get revealed in online forums and social media as Elmsleigh Shopping Centre discovered in the promotion referred to above. However, if the voting mechanic does get abused but the promoter has implemented sufficient steps such that it would take considerable effort to circumvent them, there’s a good chance the ASA will find that the promoter has done enough to administer the competition fairly and won’t be in breach of the CAP Code.

On discovering fraudulent voting, the decision may be taken to disqualify an entrant. Likewise, in an adjudication from last year the ASA thought that a digital agency hired by 20th Century Fox, was right to disqualify an entrant due to various irregularities with that person’s votes. In particular, a significant number originated from the same IP address.

It’s important to note that the T&Cs for the 20th Century Fox promotion stated at the outset that no prizes would be awarded as a result of “improper actions” by entrants. The ASA thought this gave a reasonable basis for the entrant to be disqualified. However, the ASA did point out that the T&Cs should have included some examples of what might constitute “improper actions“. In an advice note published by CAP in March this year, CAP commented on this adjudication saying that:

“Generally speaking, promoters should be wary of seeking to rely on such broad terms to disqualify entrants unless they are confident that they have clear evidence of abuse.”

Vote swapping syndicates

Unlike the 20th Century Fox adjudication above, Mercedes was slapped on the wrist by the ASA for disqualifying an entrant from a promotion it ran last year.

Mercedes had discovered that the entrant had been part of an online vote-swapping syndicate (i.e. websites that allow the exchange of votes with people participating in other competitions). Mercedes disqualified her because it thought this reciprocal arrangement was not in the “spirit of the competition”.

The problem was that vote-swapping was not prohibited in the original T&Cs. Mercedes also didn’t help themselves by the fact that the entrant had emailed them to ask whether it was actually ok to do this and didn’t get a response from them until she’d already gone ahead and done it!

118 118 also got a similar wrist slapping last year when they disqualified an entrant because they thought she was participating in a vote-swapping syndicate. However, by mistake 118 118 hadn’t communicated any T&Cs to entrants. The ASA thought that, if 118 118 had intended to disqualify participants based on such activity, this should have been made clear in accompanying T&Cs.

Play by the rules

It’s important not to change the rules (if at all possible) during the campaign because that in itself may be a breach of the CAP Code. However, Promoters may find that, as the competition progresses, more sophisticated attempts at multiple voting appear. If this problem becomes apparent, it may be necessary to deploy further security measures and alter the voting rules.

Provided any changes don’t materially alter the basis on which the winner is selected, there’s a good chance the ASA won’t have a problem with it. In the Ferrero adjudication referred to above, the ASA thought Ferrero had been right to include an additional requirement for voters to provide their email addresses midway through the promotion because this further ensured the security of the voting system.

When Elmsleigh Shopping Centre found there had been fraudulent voting, to improve security, it increased the restriction on voting to one daily vote per e-mail address, instead of per household. However, in the Elmseigh competition, it was not made clear at the outset that the daily vote limit was initially one per household. This meant that when the new T&Cs were published stating that one daily vote per e-mail address was allowed, it would not have been clear to participants that the rule had changed.

In a promotion run by last year, the ASA was similarly unimpressed when, midway through the promotion, removed the voting mechanism altogether and replaced it with a judging panel. The promoter had discovered that some entrants were receiving an unusually high number of votes and that many votes originated from the same IP addresses. The promoter therefore decided it would be better to use a judging panel to decide the winner. Whilst the ASA understood the reasons why Meeeet had changed the rules during the competition, it nonetheless considered that altering the mechanic had put participants at a significant disadvantage because the judging criteria had not been communicated at the outset.

Vote of confidence

If done correctly, including a voting mechanic in an online competition can be an excellent way to maximise engagement. However, there are various pitfalls to be aware of. Promoters should ensure that they implement adequate security measures to control voting, not disadvantage entrants by changing the rules, and most importantly make the rules clear at the outset!