Overcoming Bottlenecks in Homomorphic Encryption for the 2024 Mexican Federal Election
Published 2024 (IEEE Blockchain)
In this paper, we describe the technical and cryptographic tools applied to secure the expatriate component of the election and to enable INE (Mexico’s National Electoral Institute) to generate provable election results within minutes of the close of the election. The security of the voting platform was tested by an independent, third party team of experts chosen by INE. This team was given the source code of the voting app and documentation. Therefore, we designed the architecture assuming that an attacker had access to the source code, the ability to manipulate HTML and Javascript code in the browser on the frontend, and the ability to read and modify transmmissions between the frontend and backend.
Read More
Insights from Remote Voting in the historic 2024 Mexican Federal Election
Published 2024
In June 2024, the national and local elections were held in Mexico for the office of the President, 128 Senate seats, and for the office of the Governor in 9 of the 32 states. The majority of Mexican citizens voted in person at the polls in these historic elections wherein Mexico elected its first woman President. Also for the first time, Mexican citizens living outside the country were able to vote online or using an electronic voting kiosk at one of 23 embassies or consulates in the U.S., Canada, and Europe. In this paper, we explore several unique elements of this historic election and the pioneering use of online voting.
Read More
Impact of Decentralization on Electronic Voting Systems
Published 2023 (IEEE Access)
Researchers R.L.Almeida et al. provide a review of Voatz on pages 29, 30 - Voatz, offers an innovative mobile-based e-voting system that balances centralized and decentralized features to enhance security, transparency, and usability. Using a custom permissioned blockchain built on Hyperledger Fabric, Voatz stores voting data in a semi-private blockchain with read-only public access, improving verifiability with minimal complexity. The mobile app, central to the system, employs robust security measures like Mobile Threat Defense, end-to-end encryption, and HTTPS protocols, while leveraging device-level authentication through PIN codes and biometrics for user-friendly yet secure access. To protect against DDoS attacks, the app decentralizes traffic handling by utilizing cloud-based load-balanced servers. By combining practical security measures with blockchain's transparency, Voatz demonstrates a scalable and resilient approach to modern e-voting systems, making voting more accessible and verifiable for diverse electoral scenarios.
Read More (on pages 29,30)
Government Blockchain Association Voting Working Group Publishes Election System Standard
Published 2023
The Government Blockchain Association (GBA) Voting Working Group has reached a pivotal milestone in the quest for secure, transparent, and accountable voting systems by announcing the official publication of the BMM Voting System Supplement, a groundbreaking addition to the Blockchain Maturity Model (BMM) designed to support secure and trusted elections. This supplement is tailored to address the unique demands and challenges of blockchain-based voting solutions, covering critical aspects such as security, transparency, privacy, identity management, trust, accessibility, and legal compliance. It offers a blueprint for governments, election authorities, technologists, and stakeholders to build robust, secure, and user-friendly blockchain-powered voting systems.
Read More
Progress Towards Creating Standards for Remote Digital Voting
Published 2022
On March 4, 2021, several elections experts representing a diverse set of opinions on the issue of digital voting were invited by the Government Blockchain Association (GBA) for a public discussion on the topic, moderated by Gerard Dache, Director of the GBA. Panelists included an election official, academics, industry associations, and a remote voting vendor. A second, follow-up panel discussion, hosted by the GBA, was held on April 26, 2021. The panelists agreed to collaborate on two documents, each of which analyzed certain issues surrounding the following seven main ballot delivery, marking, and return methods in use today.
Read More
Parallel Internet and Paper Elections – a Practical PIPEline to Secure and Accessible Elections
Published 2022
Internet voting has the potential to expand the true democratic process in our country by making our elections more secure and more accessible. Voters with disabilities, active-duty military, first responders, citizens living outside the country, and citizens who are unable to vote due to unforeseen circumstances have benefitted tremendously from voting over the internet. The fundamental apprehension that has been used to delay the widespread adoption of internet voting around the worldis the notion that malicious actors could materially alter the outcome of an election and that their actions could potentially go undetected, thereby creating an unknown level of risk. Recent pilot projects have offered some practical approaches to significantly reduce this risk through a combination of voter verified receipts and citizen-led audits. In the event that a malicious act is detected, the process to correct results, if required, can still be complicated, depending on the jurisdiction’s rules and regulations. We propose a pair of solutions, which we believe to be reasonable: a Parallel Internet and Paper Election (PIPE).
Read More
Fostering Trust and Trustworthiness in Election Infrastructure Using Trustless Technologies
Published 2021
A fundamental issue in elections management is the oversight of voter registration databases. Since registration records are digital, there is an increasing burden on IT staff to maintain and safeguard these systems and to securely interface them with other networks across the various states, territories, and counties. Increasing trust and trustworthiness in these systems is therefore critical, as inaccurate or insecure registration records increase the risk of an election being compromised by a malicious actor. In addition, IT staff can play an important and valued role in making registration databases more complete by identifying and contacting eligible, unregistered citizens. In Section 2, we discuss the two applicable issues at hand: election access and registration database integrity. Section 3 describes fundamental blockchain concepts and Section 4 provides further details on how blockchain technology can be used to identify eligible voters and also to assess the integrity of sensitive data, such as voter registration records, without compromising privacy. We give some security recommendations on the implementation of such a solution in Section 5 and make concluding remarks in Section 6.
Read More
Looking to the Future: A Renewed Call for Standards and Transparency for Access and Resiliency
Published 2021
Due to the widespread effects of the coronavirus pandemic, many voters were forced to depend on absentee ballots to safely participate in the 2020 United States Presidential Election. In the weeks and months leading up to Election Day, there were serious doubts about whether our nation’s electoral system was prepared to handle the rapid expansion of mail-in ballots under tremendous public pressure and with limited resources. Absentee voters were equally worried that their votes might not be counted. Several lawsuits successfully argued for expanded access to absentee ballots and the acceptance of ballots that arrived after November 3rd. In the end, Americans accustomed to having a definitive winner by the end of Election Day waited nearly a week for results, further degrading the public’s trust in our electoral system. We face a reckoning of the way our voting system currently works, with clear gaps in resiliency and access. The United States has historically led the world in technology adoption. However, when it comes to elections and voting, we are behind.
Read More
State-of-the-Art Security Performs First-Rate Threat Mitigation in Convention Elections
Published 2020
The COVID-19 pandemic has changed our world, touching every aspect of our lives. Elections are no exception. This paper explores the emerging security datasets around the performance of the Voatz remote voting system while conducting virtual conventions in April 2020. During this time, the Voatz system processed a record 7,000 votes on its platform during a single election period. As a result, Voatz was able to collect a rich dataset of device and network level threat detection and mitigation events. This paper analyzes this dataset, the implications of the insights, and considerations for the applicability of mobile security for high-stakes industries, whether governmental, financial, or critical infrastructure related.
Read More
Standardization of Remote Ballot Marking & Return Through A Rigorous National Study & Examination
Published 2020
The 2020 election cycle is creating a challenge impacting all who are interested in, concerned about, and enabled by our electoral system. Citizens, republican and democratic state election officials, states themselves, candidates, federal agencies like the Election Assistance Commission (EAC) and Federal Voter Assistance Program (FVAP), and lawmakers in Washington without exception have a stake in a successful 2020 election.
The principle of one person, one vote in a private, secure system, is among the highest values enshrined in our nation’s democracy. Our entire voting system is being challenged by myriad factors, which include the persistence of the novel coronavirus and the national and personal economic fallout. These existential challenges are profoundly affecting state budgets, creating difficulty for converting polling-place voting systems to mail, and concern about our elections system’s overall fairness and effectiveness.
Read More
Voatz Mobile Voting Platform
Security, Identity, Auditability: An Overview
Published 2019, 2020
Mobile voting is a much-needed, long overdue response to the challenges faced by an important segment of the American electorate: people whose circumstances make it impossible or inconvenient to vote conventionally. The Voatz Mobile Voting Platform adds a new, fourth voting method to the ways America’s electorate votes…This paper introduces security concepts and technologies that are widely used in other industries. It describes how Voatz has incorporated them into a new, resilient remote ballot marking system that addresses the three major security-related obstacles that have stymied progress in online voting: Security (device security, network security and secure storage of returned ballots), identity (identity proofing, voter authentication and binding), and auditability (voter-verified and transparent, jurisdiction run post-election audits).
Read More
Under the Hood: The West Virginia Mobile Voting Pilot
Published 2019
In 2018, West Virginia’s Secretary of State Mac Warner launched the nation’s first mobile voting pilot for UOCAVA voters. For the first time, on their own Apple or Android smartphone, an authenticated registered voter was able to receive, mark and submit a secret ballot of the correct style from virtually anywhere in the world. Every ballot submitted was encrypted and stored on a geographically distributed and redundant network of blockchain servers managed by the two largest providers of cloud infrastructure. Once stored on the blockchain, the voter could review his/her ballot, request that it be spoiled if necessary and vote a second ballot on his/her smartphone. At the close of polls, every ballot was printed at the county and tabulated on federally certified tabulation equipment. Post-election audits were performed on every ballot submitted by smartphones. This paper describes the Secretary’s goals, the lessons learned, and how the system worked under the hood.
Read More