all posts  |  
Ballot papers

Insights into a Public Citizen’s Audit for Denver’s 2019 Municipal Election

DENVER, CO — Two weeks ago, the City of Denver closed the polls for its Municipal elections. For the first time, it ran a pilot program with Voatz to allow overseas citizens, military personnel and their dependents to vote from their mobile devices.

Military voters and citizens around the world were able to download the Voatz app, use their mobile devices to verify their identity, securely and anonymously cast their votes, and verify that their vote was counted correctly.


What is an audit?

A post-election audit is a process to ensure that the equipment and procedures used to count votes during an election worked properly, and that the election yielded the correct outcome.

In the case of Denver’s pilot with Voatz, to ensure integrity in the vote transmission process, every ballot submitted through the Voatz system generated three records to facilitate a robust post-election audit (see Figure 1):

^Figure 1: Three records are produced at the time of voting to facilitate a rigorous post-election audit


  1. A Voter-Verified Digital Receipt (VVDR), signed with an Anonymous ID (AnonID), is sent to the voter at the time of voting to verify her selections (and copied to the jurisdiction)
  2. A Tabulated Ballot, formatted for printing, is tabulated on Election Day using the jurisdiction’s voting machines (signed with same AnonID)
  3. The Blockchain Records of the votes are stored as “transactions” and bundled as blocks on the blockchain


The City of Denver ran an unprecedented post-election audit at the close of the Election, which was open to the public and used these three ballot records to verify the flow of information and accuracy in every step of ballot submission and transmission.

Information was verified from the voter’s device to the blockchain, from the blockchain to the ballot, and from the ballot to the tabulation system, confirming that there was no malfeasance, interruption, or disruption of data.


How does the audit work?

The audit has three steps, which correspond to the three records produced by each ballot:

1)   Verify that the anonymous IDs match between the Voter-Verified Digital Receipt (VVDRs) and the tabulated ballot

^Image showing the match between the Anonymous IDs signed on both documents.


2)   Once anonymous IDs are verified, verify the selections between the VVDR, tabulated ballot, and the jurisdiction’s tabulation export

^Image showing the comparison between the Voter-Verified Digital Receipt (middle pane), sent to the voter upon submission to verify her choices and copied to the jurisdiction, and the ballot printed on Election Day for tabulation. Both contain the same Anonymous ID and selections.


3)   Verify that the vote transactions stored on the blockchain match the VVDR selections

^Image showing the comparison between the Voter Verified Digital Receipt choices and the data on the blockchain. Each ballot’s choices are stored as “transactions”, bundled across multiple blocks. Each transaction (UUID) corresponds to a choice.


What’s it like to conduct an audit?

Several independent third party auditors signed up to complete the audit. Here are reflections from three students who conducted the audit.

Orlando Alomá, Postgraduate at Hult International Business School

My name is Orlando Alomá and I am a postgraduate student at Hult International Business School in Cambridge, MA. I come from a finance background and my passion is to research and learn how startups work and grow.

The audit is a manual process that requires great attention to detail and concentration. There were 119 ballots that needed to be verified through the audit process and it took me about four days to complete it. This was my first audit experience ever, so I had no idea what to expect at the beginning. Luckily, the steps and process of the audit are easy and well-explained in instructional slides and a video. After watching the video, it was clear to me that the audit was going to be an easy but time-consuming task.

Performing the audit is an excellent way to get to understand how the Voatz system works because it will show you the process for how information gets recorded and stored in the system. The hardest part of the audit was the verification of the blockchain records, because it required the most steps to complete. The easiest part of the audit was verifying the anonymous IDs because they were all done in the same window tab and required no copy and pasting commands.

It was surprising to me that some people decided to leave questions blank and abstain from voting in certain races. For example, many ballots had no selection for Clerk and Recorder. This means that the voter chose not to vote for anyone on this race. This surprised me because if you are casting a vote for other races but decide not to vote for one specific race, it might mean that they do not approve of any candidates listed on the ballot, however, this is my personal assumption and it might not be accurate.

Personally, I believe that an online mobile voting system like Voatz can be very beneficial for people because it allows voters to anonymously cast their votes from their mobile devices and it can securely record the votes on the blockchain. In the future, the Voatz mobile voting application can make the voting process a lot easier and more accessible for everyone.


Yugma Patel, Masters of International Business at Hult International Business School

My name is Yugma Patel and I am currently a candidate for Masters of International Business at Hult International Business School in Cambridge, MA. I chose to pursue an International Business degree in order to gain leadership development and to potentially work in cross-cultural organizations. Being exposed to different cultures and backgrounds provides an opportunity to adapt a broader vision. That is why I am passionate about learning new things and helping people in all settings.

I had never done an audit before, so this was my first time auditing election results. It was a lengthy experience. It took about three and a half days to complete the audit. Going through each step I had to be careful and make sure there were no discrepancies between the CVR with the VVDRs or ballot images. The hardest part was making sure everything matched across all sources (VVDRs, blockchain data, CVR). The easiest  part was having all the information in one place (the audit suite). I was surprised at how the anonymous ID was generated, and also that there was no mention of an individual through the audit. In our current era, technology is quickly emerging into different industries; to see Voatz working to provide a new way of voting from an age-old method demonstrates that technology can provide the people to carry out their basic democratic rights.


Ben Trout, Sophomore at Brigham Young University

My name is Ben Trout, I am a Sophomore studying cybersecurity at Brigham Young University in Provo, UT. I chose to pursue a career in cybersecurity because I love to apply technology to solving problems in the world, and with regards to the cybersecurity field there is a lot of opportunity for development in that regard. In high school I was a programmer for a robotics team and I loved overcoming the challenges presented to my team in those competitions and I have been passionate about the technology field ever since.

This was my first time doing an audit of any kind and I did not know what to expect going into it. Overall I did not think that the audit was a hard thing to do, however it was very time consuming. The documentation and instructions given about how to do the audit were clear and having the audit suite, which centralized access to all the necessary materials, made the process easier.

The hardest part of the audit for me was checking to make sure that the votes within the blockchain matched what was on the ballot. It required a lot of steps that had to be done in order and I sometimes lost track of which block was next to look at in the chain.

I was surprised that the blocks on the blockchain stored the votes in random order for each ballot, so each contest’s vote was stored in a different order for each ballot, which I think makes the system more secure. I have always thought that technology should be involved in democracy if it could be secured. This audit experience was a demonstration to me that we have a secure system that can be used for elections, and with it, it makes the democratic process accessible to more people that could not previously participate for accessibility reasons.


Interested in participating in the audit? Sign up here by July 3, 2019.

National Conference of State Legislatures:

We thank the three students who shared their audit experience.
all posts  |