Modern Voting Essentials The Tour >
For More Security, Transparency, and
Verifiability Compared to Traditional Methods
BACKGROUND
MetaProject-3V[SM] provides education and consulting services to complement the ratified IEEE 2418.11[TM] e-Voting standard for more security in modern voting ecosystems.
The Institute of Electrical and Electronics Engineers (IEEE) is a "... professional organization dedicated to advancing technology for the benefit of humanity." The IEEE Standards Association develops guides, recommended practices, and standards based on a rigorous review process. That process created over 1000 active standards including Wi-Fi and e-Voting for worldwide application, and formal views of IEEE are in their valued products and services.
How it Works
Modern voting works by providing security with transparency and verifiability, but not secrecy. Secrecy can hide possible well intended but malicious activity. Verifiability is the validation that voters are qualified and not fakes, and ballots are properly registered and not duplicated, and marked by qualified voters that voted only one time.Transparency is the public evidence that only valid marked ballots are counted, with private evidence of suspicious ballots that are not counted but investigated for errors or fraud.
Modern voting can also benefit from electronic methods for modern financial security (e.g., cryptography and blockchains), but rely on easy to understand paper methods for transparency and verifiability while keeping qualified voters anonymous. As an example, modern financial systems provides levels of security never before possible. That includes verification of the source of funds with cryptographic security codes (e.g., Secure Hash Algorithm (SHA)). Also transparency is provided with a public ledger of valid transactions, where unique security keys (e.g., Public Address Keys) does not reveal the identity of the sender or receiver of valid transactions.
With paper-based modern voting, simplified security codes can be used to represent ballot sources such as an original marked ballot (e.g., SCo), the ballot received at a collection location (e.g., SCr), and the ballot that was recorded for counting (e.g., SCc). A marked ballot collected for counting would be valid when the ballot is not duplicated and relevant security codes exist and are the same, and the ballot was marked by a qualified voter that voted only one time. Otherwise, the ballot would be suspicious, not counted, and investigated.
For verification in paper-based modern voting, unique identities can be used to represent voting materials, such as a Voter ID card or ballot, that keeps voters and how they voted anonymous. Valid transactions can be recorded in a public database, that is a paper ledger or electronic system that is viewable but not changeable, where voters and how they voted would be kept anonymous. Suspicious transactions can be recorded in a private database that is viewable by selected voting and election officials for further investigation for errors or fraud.
Confirmed errors in the private database may be reparable with notes on a repaired (i.e., cured) ballot also recorded in the public database. Confirmed fraud and related private data would be referred to appropriate authorities for legal action, and that action would also be recorded in the private database. Unconfirmed suspicious data would be archived for continued investigation for a pre-set time, determined by voting and election officials or appropriate laws and regulations.
Depending on the selected security method for voting, more security methods could also be enabled as described in 3.c) below.
Points of Failure
Traditional voting systems can have points of failure that enable bad actors to rig elections. The purpose of modern voting is to detect and investigate those points of failure, with paper or electronic security methods that are transparent and verifiable.
Points of failure include at least: unqualified voters, fake ballots, duplicated ballots, deleted ballots, and unauthorized changed ballots. Other points of failure may also be identified, and the examples below can serve as a template on how to secure voting systems.
A. Unqualified Voters. Voting roles must be maintained to remove unqualified voters. Voting and election officials would apply laws and regulations to potential voters when they register to vote. Qualified voters would have a Voter ID card that includes a Unique IDentification (UID) that represents the card material and not the voter--so the voter remains anonymous in a public audit and database. Voters without a Voter ID card or with a missing or invalid UID, would be referred to officials for investigation for possible errors or fraud.
B. Fake Ballots. Every ballot must have a UID that represents the ballot material and not a voter or morked votes on the ballot. That UID would be coded to represent a unique voting event, time, location, type UID, and index. When the UID on a ballot is missing or not correct for the event, that ballot is not usable or counted, and would be investigated by voting and election officials for possible errors or fraud.
C. Duplicated Ballots. Unapproved, uncertified, or unapproved methods of harvesting, collecting, or recording ballots for vote counts can result in duplicated ballots. Every ballot must have a UID that represents the ballot material and not the voter or how voted. That UID can be used and recorded only one time. Otherwise, all ballots that use the same UID would be suspicious, not counted, and investigated by voting and election officials for possible errors or fraud.
D. Deleted Ballots. Unintentional errors or intentional fraud at postal, collection, or recording locations can result in deleted ballots. The voter can check if their ballot was received using traditional methods, and if not received the voter can report their missing and possible deleted ballot to officials for investigation.
E. Unauthorized Changed Ballots. A public audit and database would include received and recorded ballots for counting, using security codes that represents and protects the contents of marked ballots. That public database can be checked by voters or secure automated processes for missing, valid, or suspicious contents, including unauthorized changed (or deleted or duplicated) ballots. When that occurs, voting and election officials would be alerted to investigate for possible errors or fraud.
Security Codes
Electronic security codes, such as SHA above, are defined by governments or private entities. They are a fixed length string of characters that can represent variable length text, or contents of a letter, spreadsheet, or marked voting ballot. For paper based voting, simplified security codes such as SC defined above and in examples below can also be used until modern electronic methods for voting are applied.
SCr could represent the received ballot, with SCc representing the ballot that was recorded for counting. When either of those codes is missing or not the same for a particular ballot, the marked ballot would be suspicious and reported to election officials for investigation. Note that a SCo, representing the original marked ballot, could also be available for cross checking when a most secure form of voting is used as described in 3.c) below.
Access to Records.
Records in a public audit and database would be coded in a way that keeps voters and how they voted anonymous. For example, UIDb can represent a marked ballot and UIDc can represent a Voter ID card. Security codes SCo, SCr, SCc can represent the contents of the original, received, and recorded marked ballot.
The voter would be able to check the database using their UID's for their ballot and card. If the ballot record is missing or the security codes do not match, the voter could report the suspicious activity to voting and election officials for investigation.
Automated processes could also audit the database records in real-time, and alert officials for any suspicious registration or voting activity when it occurs, and not days or months after voting completes.
Maintenance, Compliance and Registrations
Proper maintenance of voter roles and Voter ID can help identify qualified voters. However, qualified voters is not enough to assure transparency and verifiability in a voting process where voters remain anonymous. That requires a public method for UID registrations for both voters and voting materials.
Compliance certified UID's from a Registration Authority would enable evidence to: a) verify that each counted ballot was properly registered and not duplicated, deleted or changed, b) was marked by qualified registered voter that voted only one time, c) detect suspicious voters or ballots for investigation, and d) assure that qualified voters and how they voted remains anonymous .
Paper and electronic methods for voting can be effective in providing transparent and verifiable voting results. Electronic methods can be more efficient than paper methods for large voter populations with short intervals for voting.
Voting and election officials for a voting county, state, or area could best decide the appropriate choice(s) for voters. Paper methods, for example, could be most appropriate for a small town with limited Internet capability. For an area with a large voter population and short voting interval, an electronic method or a mix of paper and electronic methods could be most appropriate.
With the choice of most security with an electronic method for voting as described in 3.c) below, detection of a suspicious marked ballot confirmed to be fraudulent could also enable the capability to identify the source of that fraudulent ballot via a legal subpoena.
Funding
Funding for voting and elections comes primarily from tax money, with possible contributions from stakeholder or private sources when that does not cause bias in outcomes. Voting and elections are as important as defense, education, health and welfare, and depending on election outcomes can determine how those areas are funded.
ENABLEMENT
Going forward, the social transformation to modern voting includes:
Unique Identities
1. Unique IDentities (UID) for registered voting materials, equipment, and facilities. UID for ballot materials, for example, would be similar to unique serial numbers on paper money that enables counterfeit detection, address keys on billions of cryptocurrency wallets that are like banks, and unique Media Access Control (MAC) codes that enables Wi-Fi in worldwide devices that communicate.
Unique identities that are essential for finance and communications, are also essential to verify qualified voters and valid ballots for vote counts, and detect suspicious registration and voting activity for investigation.
Features
2. More Security begins with evidence of who, when, and what had custody of ballots, and is enhanced with verification of valid ballots for vote counts and detection of suspicious voting activity.
a) Chain of Custody includes evidence of custody of ballots from creation, to
registration, to distribution, to marking, to collection, to received, to
recorded for counting, and to final disposition.
b) Verification of valid vote counts is performed with evidence that counts
were based on registered ballots that had a valid source and were not
duplicated, and were marked by qualified registered voters that voted only
one time.
c) Detection of suspicious voting activity occurs when voting materials or
voters are not properly registered; a valid registered ballot is not marked by
a qualified registered voter; a registered voter marks a ballot that is not
properly registered; a registered ballot is changed, deleted or duplicated
after being marked by a registered voter and without the voter's
authorization; a registered voter marks more than one ballot and votes
more than one time; there are missing links in the chain of custody of a
ballot from creation to final disposition; or an audit cannot be reproduced
when the same group of time-stamped valid ballots are re-counted.
Suspicious ballots are investigated and not counted unless cured or
adjudicated as valid.
3. More Choices and Efficiency for voters would be specified by voting and election officials that provide a secure process as in 1 and 2 above. At registration, a voter would choose how to vote from what is available. That choice could include voting with a paper or electronic method; at a polling place, home, work, travel, or military location; and with good, better, or most security as described below.
a) Good Security improves on traditional anonymous voting with a paper
ballot. This default method provides evidence, with a manual or electronic
process, that each counted ballot was registered and not duplicated and
was marked by a qualified registered voter that voted only one time.
Otherwise, the ballot is suspicious and investigated as in 2.c) above.
b) Better Security is anonymous voting with a paper ballot as in 3.a) above
with electronic authentication. The voter with a computer or smartphone, or
other official secure electronic process, can authenticate with a secure code
(i.e., SHA-384 or better) representing a marked registered ballot that was
received (e.g., and coded as ABC...) and then recorded (e.g., and coded as
ABC...) for counting, are the same and were not deleted or duplicated.
Otherwise, the ballot is suspicious and investigated as in 2.c) above.
c) Most Security is pseudo-anonymous voting and authentication with an
efficient electronic method. A marked registered ballot is counted when the
voter (or security process) authenticates that coded forms of the original
marked, received, and recorded ballot are the same and were not changed,
deleted, or duplicated. Otherwise, the ballot is suspicious and investigated
as in 2.c) above.
4. Databases that provide public records of valid results and private records of suspicious activity as follows:
a) Public Database with confirmed valid results including cured or
adjudicated unintentional errors, with data available to the public after
voting has completed.
b) Private Database with suspicious activity such as possible invalid
registrations, ballots, or other voting materials, equipment, or facilities;
possible fraud forwarded to authorities, or data archived for continued
investigation.
c) Examples for 3.a-c) above, are provided for public and private databases
that does not reveal voter identity or how they voted. Each record content
includes coded data, with examples for the first record in the public
database:
Database Index (A001), Type Security (a), Ballot UID (B12), Voter ID
Card UID (C34); Original Ballot security code (blank unless Type Security
c), Received Ballot security code (ABC: from postal mail or collection box),
Recorded Ballot security code (ABC: for counting); and Authentication
(Valid: by voter).
Also included in each record, but not shown in the examples below are
Voting Event ID, Date, Time, and Location codes; and suspicious examples
when any of the Event, Date, Time, or Location code is not correct.
Public Database: (Authenticated valid ballots for vote counting)
A001,a,B12,C34;___,ABC,ABC;Valid (one ballot, one voter, voter authenticated)
A002,b,B74,C89;___,DEF,DEF;Valid (one ballot, one voter, process authenticated)
A003,c,B23,C56;___,LMN,LMN;Valid (one ballot, one voter, process authenticated)
A004,c,B34,C67;PQR,PQR,PQR;Valid (one ballot, one voter, voter authenticated).
. . .
Private Database: (Suspicious ballots for investigation, votes not counted)
Y001,a,B47,C92;___,KLM,RST;Suspicious (ballot changed)
Y002,a,B47,C22;___,STU,LMO;Suspicious (one ballot, two voters)
Y003,a,S39,C47;___,GHI,GHI;Suspicious (invalid ballot UID)
Y004,a,B92,C14;___,___,YZA;Suspicious (no received ballot)
Y005,b,B18,K27;___,MNO,MNO;Suspicious (invalid Voter ID card UID)
Y006,b,B62,K27;___,NOP,NOP;Suspicious (two ballots, one voter)
Y007,b,A58,D71;___,QXY,ZAB;Suspicious (invalid ballot and Voter ID card UIDs)
Y008,b,B72,C64;___,STU,___;Suspicious (no recorded ballot)
Y009,c,B89,C12;EFG,EFG,XBZ;Suspicious (recorded ballot changed)
Y010,c,E27,C29;BCD,BCD,BCD;Suspicious (invalid ballot UID)
Y011,c,B75,Q38;FGH,FGH,FGH;Suspicious (invalid Voter ID card UID)
Y012,c,B45,C78;GHI,GHI,___;Suspicious (no recorded ballot)
Y013,c,B15,C34;JKL,JKL,JKL;Suspicious (duplicated ballot)
Y014,c,B15,C34;JKL,JKL,JKL;Suspicious (duplicated ballot).
. . .
5. Transparency and Verifiability in modern voting ecosystems are enabled with the above four steps. An example of recorded activity for 4.a) above, describes how valid ballots are counted and becomes a permanent, transparent and verifiable record, similar to confirmed transactions on a Blockchain or equivalent explorer.
a) For the Public Database record A001 and ballot B12, there would be an
associated Comma-Separated Values (CSV) record of ballot vote content
along with a counter for each candidate (CA1, ..., CAm) and proposition
(PR1, ..., PRn) on that ballot.
b) For each candidate and proposition in real-time and thereafter, vote counts
are updated only when valid registered ballots are recorded for counting. A
compliance process would certify that ballots that have been counted
would be tagged as such, and related vote counts cannot be changed
except for a new valid registered ballot (with associated CSV and security
codes} that has not been tagged and candidate and proposition votes have
not yet been counted.
c) To observe those vote counts, associated counter IDs for CAx, x = 1, ..., m
and PRy, y = 1, ..., n are used to view what is on a transparent ledger.
d) What's different from the traditional voting process (that shows total vote
counts without sources) is the permanent and transparent record of total
vote counts along with verifiable ballot sources as in 2.b) and 4.c) above,
and 5.e) below.
e) The original paper or electronic ballots and related summary and code data
can be preserved as long as required by applicable laws and regulations,
with a default of indefinite archival storage.
Ecosystem
6. Real-time Audits for verification of valid and suspicious voting activity.
7. Process Tailoring for voting in worldwide countries or administrative sub-
divisions such as states or counties in the USA or equivalent areas in other
countries .
8. e-Voting Alliance would be patterned after the Wi-Fi Alliance that supports
governments and stakeholders who fund, plan, build, test, operate, administer, and maintain deployed systems, and provide:
a) Proofs-of-concept, compliance certifications, chain of custody of
materials, and payment records.
b) Registration of voting materials, equipment, and facilities.
c) Voting event data including ID, date, time, location, quantities, and voting
choices.
d) Phase-in that could begin with a secure paper manual process and
continue to a long-term process with choices for voting that includes
efficient electronic methods.
e) For each voting event, transparent records that includes the source of vote
counts for each candidate and proposition.
9. Roadmap for phase-in of above capabilities, and governance of ongoing
enhancements with efficient, effective, user friendly, proven sources and methods, and quantum or post-quantum technologies.
Support
10. Support and Services. For educational support or technological consulting services, provide requirements and schedules to:
John Wnuk, Co-Founder and CTO,
Terms of Use
Terms of Use are specified on pages 3-6 of the ratified IEEE 2418.11[TM] standard. Terms of Use beyond that standard would be as specified in separate contract(s) with an e-Voting Alliance or SJW SmarTech Consulting, LLC.
The MetaProject-3V[SM] website is provided to help plan, build, test, certify, deploy, operate, administer, and maintain ecosystems that comply with the e-Voting standard. It is a personal interpretation of one of several possible ways to implement e-Voting and is not part of that standard.