Transforming BAFTA Jury Voting with Offline Networks and Secure Encryption

For many of BAFTA's awards, winners and nominees are selected by specialised juries comprised of industry experts. These juries play a critical role in upholding the prestigious reputation of the awards, as the selection process adheres to strict guidelines that ensure creative excellence is the sole criterion.

Central to supporting this selection process is the Jury Voting system, a bespoke solution I product-managed during its first iteration. This version, created before COVID-19 brought about a shift in approach, was a custom-designed web application. It operated through a locally hosted LAN network using a compact computer, which jurors connected to via tablets to securely cast their votes.

The need for this system became apparent in 2014, as BAFTA embarked on a series of technical innovations to modernise its awards processes. Until that point, jurors had used paper ballots—a method prone to risks inherent in any manual process. I was tasked with addressing these challenges and designing a system that would significantly improve the security, reliability, and efficiency of the jury voting process.

The project stakeholders outlined their high level requirements at the outset of the project:

• Security
• Ease of use
• Cost

Designing a Secure and User-Friendly System

At the outset, project stakeholders outlined three high-level requirements that would guide the design and development of the system:

• Security: Ensuring that votes were protected from tampering or unauthorised access.
• Ease of use: Simplifying the voting process to make it intuitive for jurors, regardless of technical ability.
• Cost-efficiency: Delivering a robust solution that adhered to budget constraints.

These requirements informed every aspect of the system’s creation. The project began with an analysis of current technologies to identify the best combination of hardware and software to meet these goals.

Unlike my prior work with Nucleus, this project presented a fresh challenge, as I had not previously managed the jury processes. This required an extensive discovery phase, during which I collaborated closely with stakeholders to fully understand the workflows and requirements. Through these sessions, additional objectives emerged, shaping the system's design:

• Flexibility to support a variety of jury workflows.
• Guaranteeing that winners remained undisclosed to everyone, including the jurors.
• Enabling secure, online access to results for scrutineers.
• Providing instant reporting to maintain momentum during jury sessions.
• Requiring jurors to digitally sign off on their votes for added accountability.
• Developing a system that seamlessly integrated into the jury process without prolonging discussions.

The project’s primary challenge lay in creating a product that was both secure and online. While paper ballots have a natural immunity to hacking, they come with their own vulnerabilities, including the potential for loss or human error. By contrast, an online system requires meticulous safeguards to protect against digital threats while maintaining the integrity of the voting process.

To balance these considerations, the solution centred on using hardware capable of operating offline during the jury process. This would ensure that votes were securely cast in a controlled environment, while still enabling connection to a remote server to upload encrypted results. Initially, we selected the Raspberry Pi—a lightweight, open-source computer—as the hardware backbone. Its affordability and adaptability made it an ideal choice within the project’s budget.

Streamlining the Jury Experience

The Raspberry Pi formed the core of the system by hosting a LAN network to which other devices connected. In this setup, jurors used iPads to cast their votes securely. All software and voting data were stored directly on the Raspberry Pi, ensuring that access was restricted to those within the physical range of the network, typically in the jury room. To gain unauthorised access, one would have to steal the Raspberry Pi itself—a risk mitigated by implementing additional layers of security. Once the voting session concluded, the results were exported as a Zip file encrypted with PGP (Pretty Good Privacy), a robust encryption standard that is highly resistant to tampering.

PGP encryption added an additional level of security by making the encrypted results almost impossible to crack. The files were then uploaded to a secure online repository, where scrutineers such as Deloitte could retrieve them for verification. This process ensured that votes were both confidential and easily accessible to authorised personnel.

To enhance physical security further, the Raspberry Pi was configured to disable all ports and accept connections only from preapproved devices using unique Wi-Fi access codes. This meant that even if the device was stolen, a potential intruder would also need to steal a preapproved device to gain access. After a year of using Raspberry Pis, the solution was upgraded to Cubietrucks, which provided enhanced stability and more reliable connections.

Building the voting interface presented its own set of challenges. Tablets were chosen as the primary devices for jurors to cast their votes due to their portability, ease of use, and ability to connect to Wi-Fi networks. The user interface (UI) was designed to be intuitive and functional, ensuring a seamless voting experience while accommodating users with varying levels of technical proficiency.

Overcoming Challenges and Ensuring Confidentiality

One of the initial assumptions was to build a dedicated app for the voting system. However, this approach was dismissed due to its complexity, cost, and long-term maintenance requirements. A dedicated app would have needed to be submitted to app stores, updated regularly, and maintained for compatibility with various operating systems. Instead, we opted to build a web application that could run on any device with a web browser. This solution was not only cost-effective but also ensured the system was device-agnostic, making it accessible across tablets, phones, and PCs.

With a limited budget for design, we prioritised creating a clean and straightforward UI that could function on a range of devices. The responsive design ensured compatibility, providing jurors with a consistent experience regardless of the device they used. However, the project faced challenges when it came to accommodating the concurrent operation of multiple juries. Each jury typically included 12 to 14 jurors, but the Raspberry Pi could only support four connected devices at a time. Moreover, the project budget couldn’t cover the cost of providing tablets for every juror.

This limitation was addressed by allocating one tablet to the admin user and three tablets for jurors to share. While passing tablets between jurors was practical, it introduced the challenge of securely authenticating each user to cast their vote without delays. Since all jurors were pre-registered, we eliminated the need for a login process, opting instead for a streamlined solution. Jurors would select their name from a list, cast their vote, and digitally sign to confirm their submission. Once completed, the system would log them out automatically, ready for the next juror. This workflow ensured security and accountability while maintaining the speed required for an efficient process.

The system was also designed to lock each juror’s name once their vote was cast, preventing duplicate submissions. Entries that were eliminated in earlier rounds were automatically removed from the voting list, reducing confusion and streamlining subsequent rounds. In cases of tied votes, tie-breaker rounds were introduced, allowing jurors to vote again on the tied entries while the successful ones advanced.

Admins were provided with tools to oversee the voting process effectively. They could manage attendance, address issues such as voided votes or missing signatures, and finalise the results for secure saving. In the final round, nominees were presented for voting, but the system ensured that the winners remained undisclosed to everyone, including the jurors. This approach maintained confidentiality, preventing accidental leaks and preserving the integrity of the awards.

Overcoming Challenges and Ensuring Confidentiality

The initial assumption is to build a dedicated app but this approach is expensive and time-consuming. An App would need to be maintained in the iTunes and Google App stores and would add hugely to the budget set aside. Instead a web application was built, which is software which runs on a web browser, resulting in the system being device agnostic.

There was not a huge budget for design so the approach was to build something clean and clear which would have the potential to work on all devices. Therefore the result is a UI which is responsive and will work on phones, tablets and PCs.

In terms of the UI there was one problem presented by both the project budget and the Rasberry Pi. Multiple juries run concurrently and each jury has 12-14 jurors, meaning that the number of devices required for each juror exceeded the budget provided. Even if this cost could be covered it was not possible to join more than 4 devices to a Rasberry Pi at a time - each new connection kicked a currently connected device off the server. Therefore we were limited to 4 tablets in the room that could be effective.

One tablet would belong to the admin user so that they could manage the processes leaving three for the rest of the jury. This was not a huge problem as the benefit of a tablet is that it can be passed from one user to another. However, the challenge is authenticating each user so that they could cast their votes and pass on the tablet to a new user. One of the key requirements was speed.

After debating various options I decided on not having a login process. There are a limited number of jurors in a meeting, all of them are known in advance, so a list of names can easily be compiled. The jurors were asked to select their names, vote, sign the confirmation and at which point the system would log them out ready to be passed to the next user. The round could not be completed until all user had casted their votes and the size of the sample made it easy for admin users to check everyone had cat their votes. The system ensured that each juror could securely cast their vote under their own name, with safeguards in place to maintain accuracy and accountability.

Once a user started voting their name was locked so there was no possibility that another user could vote in their place. The long list of entries and the nominees were presented in the system which entries that were not successful in a given round being removed automatically from the list.

In the event of ties tie-breaker rounds were created and users asked to vote again. In this instance the successful entries were displayed and the remaining tied entries could be voted on again.

Admins had access to the system and can perform a variety of functions including voiding votes, clearing signatures, marking attendees as absent and finalising the votes for saving.

In the final round the nominees are presented to the jurors but after the votes are cast the winner is kept secret from all users. This has a slight anti-climax but adds a layer of security as it means that the jurors are unable to slip up and reveal the winner, as they do not know. The votes are kept secret.

Impact and Legacy of the Jury Voting System

The final product was a bespoke system that met all of BAFTA's jury voting requirements, developed and maintained internally by BAFTA Tech. By combining offline hardware, secure encryption, and an intuitive interface, the system achieved its goal of modernising the voting process while preserving the unique dynamics of jury discussions.

Although the design was straightforward, it proved highly effective. Even jurors with limited technical skills found the system easy to navigate, ensuring full participation and confidence in the process. The enhanced security features eliminated risks associated with paper ballots, such as miscounts or tampering, while also ensuring that winners remained a secret until the appropriate moment.

The system significantly streamlined BAFTA’s jury processes, with results securely stored in a clear and accessible format. It enabled scrutineers to verify outcomes efficiently while maintaining the integrity of the awards. By 2020, the system had become an essential tool for BAFTA’s juries, delivering a voting experience that combined security, reliability, and simplicity.

However, when COVID-19 emerged, the need for in-person jury meetings shifted priorities. This change prompted a re-evaluation of how juries were administered, eventually leading to the system being retired. Despite this, the Jury Voting system left a lasting legacy as a prime example of how technology can enhance traditional processes without compromising their fundamental principles.