Prevent manipulation and / or removal of poll data

[fnetX]

I just discovered that it is possible to manipulate or remove poll data with access to the data directory.

Even if the data itself is encrypted, the storage of the data offers enough readable information to know about the meaning of different parts of user data. With read-write access to the data directory on the server (i.e. for a sysadmin) it is possible to remove a single user entry or alter the content of a vote by replacing parts of the user information.
It is possible to copy the data of some users vote to another user's vote by simply copying everything following "selections:", or exchange the name of a voter.
If a user of the service has access to both poll key and server data (i.e. the sysadmins vote for the lunch), it can simply create a new entry and replace the vote data of the old one by copying the desired data and removing the new input.

Take this vote:
{"creationDate":"{\"iv\":\"8N+EBCt+dvVi+Wr0jI7c8A==\",\"v\":1,\"iter\":10000,\"ks\":128,\"ts\":64,\"mode\":\"ccm\",\"adata\":\"\",\"cipher\":\"aes\",\"salt\":\"xIiGHBmzm+k=\",\"ct\":\"XmGvSGvIbAbXNcceEWYY\/qWiYqhS+eb5AquaQ6CTtvV+cQ==\"}","name":"{\"iv\":\"TOLnOpttyITye4DONx9Eeg==\",\"v\":1,\"iter\":10000,\"ks\":128,\"ts\":64,\"mode\":\"ccm\",\"adata\":\"\",\"cipher\":\"aes\",\"salt\":\"xIiGHBmzm+k=\",\"ct\":\"jel0kqnGDd3D9S7qdjk=\"}","selections":"{\"iv\":\"3ufS9eklnJ3qSuw5XhDJCg==\",\"v\":1,\"iter\":10000,\"ks\":128,\"ts\":64,\"mode\":\"ccm\",\"adata\":\"\",\"cipher\":\"aes\",\"salt\":\"xIiGHBmzm+k=\",\"ct\":\"mGEsWqInvXip9DmQJdCPozTnxGUFnDBZ8nG4OmBT3XJjLVo6hyiMNVhEpBJxrXy3RAKKqDjJndNelj2PDR4UDN\/ZERrbPklQKCRdTql8o3koNqR+DyKI\/MqsiU7Cdw4Wh1iOD114jqibFQu8wDyP8Dvo3WiZo5wW1M2U8jkhIgLrkc1TRB+U7MyPScMKdYk2erIF1PPEiEk9\/6rniuVOjFo5OieYVyRvpY\/WHk\/IzqEPpfxxlyzsQEWkSm96\/50q1DdRQAFsmjtsyWxmjdDy1I0EsJIiNUOW6XpNy5XIlPOHIu1hybdf8pOpKJ1YvP3ux424Mwc+S3IeI\/Ws0xCvOP4i\/baRUfCfdt3qtK+dU0u3HrsBhdWhXtphKpydM+cxff9U+WQRmEB52p+HPKJgVqMOK\/axxod1sfx0sZvlpMLeKppV+bDomqJ81UYSx2VuP9tdrJ9EXhnusmL8PM1ujJ7+S0tW19g\/biL3RfngwECdYEmF4oSR4ngBVnDhl+Db3d0jNDoPkhWkAKbySER0CKWBcGmzpgxhelicd\/vs1cEvxZewZceSzAW93mSb4Y+Dos+E5A3Swqj6FhxrqRruDB0KTB+t1BSQMJnwXJfbj8\/3rXTabskmkHr8kDOkPcj87h7eJ8xNJeX3i4kok9kteP4KC0uoe\/VsHKXAWZ2O1dYCuWrzghCI5kNFC+3DrLQhVzlMka5Q7ip0Ab2ntbEcIiFNWacSYitM0hocEZ7fDkETFTMc5Ged3n2ppBvxhX9UFJO8lmZ2shom+aC2h26q8i3kP8gytJDweSO2SPO1TV4SP1Yn70OUXjL+nSIjJB5lqkar5dXs9ucaMJvn82lt1aml0A0Gw14iv\/ZG3xt\/rfGvIZGmYtG17hzyIUjmdrJTIykzUdisbCoUQ9lWkIPWuO+gZDmwhclNoNY0gWlS5+MfHENYb\/hOw0BiW0\/gN9\/JhIUrs3+6FSyaiqPFTp694OYN98QixSgvZF0RTHzp7H8Ab5yzzK6ElmXmKUi08PhYNdvK75hz4OKiE2d6LVv\/XX+vL2Oj6CbBb\/x2KAHpNA==\"}","poll":"JS9iX7Vx14","version":"0.5.6"}

I wanted to update my opinion in a poll. I voted again and copied the selections from the new vote (removing the new vote so no one notices), resulting in this:
{"creationDate":"{\"iv\":\"8N+EBCt+dvVi+Wr0jI7c8A==\",\"v\":1,\"iter\":10000,\"ks\":128,\"ts\":64,\"mode\":\"ccm\",\"adata\":\"\",\"cipher\":\"aes\",\"salt\":\"xIiGHBmzm+k=\",\"ct\":\"XmGvSGvIbAbXNcceEWYY\/qWiYqhS+eb5AquaQ6CTtvV+cQ==\"}","name":"{\"iv\":\"TOLnOpttyITye4DONx9Eeg==\",\"v\":1,\"iter\":10000,\"ks\":128,\"ts\":64,\"mode\":\"ccm\",\"adata\":\"\",\"cipher\":\"aes\",\"salt\":\"xIiGHBmzm+k=\",\"ct\":\"jel0kqnGDd3D9S7qdjk=\"}","selections":"{\"iv\":\"PcRpiMkN38XQIqChfFz2Qg==\",\"v\":1,\"iter\":10000,\"ks\":128,\"ts\":64,\"mode\":\"ccm\",\"adata\":\"\",\"cipher\":\"aes\",\"salt\":\"xIiGHBmzm+k=\",\"ct\":\"xC\/B2iTWdd7\/3CWwF9tv\/q\/8PnoGmgunI0Lxch\/zZ6z76\/sCXTeeFRvGMyLdbztrZEA3fuixKGadLRe63NqKhNSya\/uG2yv5RKRUvg\/\/v3XGbnoSlCFMu0FeyAezF9HHAx01Yd0I77QTUXT8J9v79RjY4XoPevO5iyxoeOoGMw87C2jDYgZKeqnc2acsBbfyuPjZxzDYQA6rUVtJYPzFMmwdzPhr3ng0h\/NAlz0TVhrRVbU27A0LGuA9UsMQ7n65HOSoc6+q8ugsAU+IwU5YM4QC4kYfgQwBg+Z+Vx5yJoY4wV4bSVY5GcrXYAOkMUcpkH\/Hbaca4TJFMpDRMPXHvV+kLbNgWKlqqmd5voPtYfSXnJPcFxpswYRnNwWufke6rxQGgscJJys2JtvbiuukUQgMQZteTZaubsVwhUrd0QrUHBQp7SvXBSCO71h9WPYhNv3LpGkfzuUc1FodWVMXx7LFRB5U1dB\/gusaBOsSG9\/k7rfmBOO75r1pdauF8QuOTGpERq62Epkx17o2upcEl98EKHblyHxCZXmTvlvZG9Z\/al6q+Wzvy8waECRYIq\/wBenKoU44cLwkESjUP8LKzBWLqlg20iKkJXkw8sMcLtIgCwz4sUilEZCz9AaRfT5mlFzpSHNGxEwyHN4c\/jjIUHbUM1ZaEJ4bBdDGhJWbylMdhIeNCcSM0QaL8JBM6f8ZX8slZQHg1TodVpECNda6ZI7EUmfrft2oVXQO7IYZFRa6nfUtYaF1HKTcLFvqIYVxVWVQgTijAqX2tFnwZVnXjwOE6JwGgNQvpK91sBg1tsZHp\/PUYRinwkMgmPodOpXZxiunxC2sIWkm2gxQiqgyL+e4rA5+O0ROGMo3J5Mr02XhuPKJQioKCPIQNlQ39NvhkmG8Us6aUjjuXXkZGFP7fybmceMMw88s9Lv3seuBnRB+c9moGa8GDsJP9FmNCy53lu3vKSDb8tz2Cd5id+akYaEaqGjcBKDvezRlJ1rBBUhUFBiv9n2L9RCtfp0vcH\/VI8IQFvr0zV4\/JqY=\"}","poll":"JS9iX7Vx14","version":"0.5.6"}

Basically there are two issues: To prevent manipulation of data, it's desirable to add a checksum to a vote to detect any manipulation.
To additionally prevent removal of votes I propose something like basic block chaining of the votes to prevent undetected manipulation. At submission time, the client could query the current data state and add an encrypted checksum of the current and the new data to its submission.
I don't currently have an elegant approach for preventing concurrent submission at the same time but temporarily locking the submission while one client transfers the data.