Description of the Secure Ballot (high level)

The fundamental concept is to use ballots that are pre-printed with two character strings in the margin of the ballot sheet. The first string is a unique pseudo-random number. It is “pseudo” random only from the standpoint that it is unique from any other ballot used during a given election and that it includes a reference to the election and voting jurisdiction.

  The second string is an encrypted version of the first string, further details of the encryption are provided but the salient fact is that if the second string is “decrypted” with a "Public Encryption Key” it will output the first string. This decryption “test” would be required during the acceptance of the ballot to ensure that it is not counterfeit. There is in practical terms** no way for these two strings to be generated without possession of the "Private Encryption Key” which would be in the possession of a secure provider. Therefore, no fraudulent or counterfeit ballots could be created that would pass the decryption test.

Ballots could however be duplicated so a second test would be made to ensure that the same encrypted string on a ballot is not accepted twice during an election. Both tests could be accomplished concurrently and can be done during the scanning of the ballot for tabulation or as a separate step to validate the ballot before it is counted. Both of these tests would be accomplished without any internet or WAN connections.

The third and final control is the management of ballot stock and ballots. To ensure that no authentic ballots are filled out nefariously, the total number of ballot sheets allocated to a voting jurisdiction would need to be accounted for as either being used, voided, or remaining in stock at the end of the election. A separate segment of the voting jurisdiction would be defined for absentee ballots such that if ballots were sent out but not returned through the absentee process they would not be accepted in early voting or day-of-vote tabulations, these ballots would be accounted for separately.

 In addition, a Risk Limiting Audit (RLA), known to be a best practice in detecting fraud, can be improved with the Secure Ballot by 1) adding a comparison of the hand-counted audit ballots including down ballot races to the CVR (cast vote record) of that ballot through the Encrypted String, and 2) ) allowing a more comprehensive statistically based, random sampling of ballots as opposed to partial random selection of sequential ballots from scanners and precincts, as specified in some states

These steps alone would eliminate the possibility of the great majority of fraudulent activities that accusations have been made regarding in recent elections while maintaining voter anonymity. The use of this concept also enables several “Additional Practices” below that can also be adopted to further assure integrity of our voting systems.
  1. Ability to “Track my Vote”- voters can view both the selections on their ballots and the 
       status of their ballot’s inclusion in the vote tally without compromising privacy or
       anonymity of their vote.
   2. Improved Absentee ballot procedure – Absentee ballots received and later confirmed not
       to have been submitted by the associated registered voter can be removed from the vote         tally.

Read more
Home