Ballot Processing SystemsFebruary, 2005
Submission to OASIS EML TC andTrue Vote Maryland
by David RR Webber
Delivering an Open Ballot
• Maximum access for all to voting facilities• Multi-lingual support• Easy for average citizen to understand and
verify their actions• Transparent process that can be inspected at all
points• Verification and audit trail• Simple for regulators to implement and manage• Open marketplace for service providers• Fast and easy to deploy and operate
Main Risk Factors• Ballot stuffing
– Casting additional votes
• Voter disenfranchising – Removal– Restricting access– Not counting
• Vote switching– Display or print choice for one candidate, actually record for
another
• Falsifying counts– Tallying does not reflect actual voting
• Falsifying electoral roll– Dead voters, non-existent voters
Pillars of Trust
• Verifiable paper ballots
• Matched e-Vote electronic records
• Electoral roll of voter participation
• Secure tallying and crosschecking
• Easy for citizens to understand
Cornerstones of Process
• One provider cannot supply solutions across more than one layer
• Each layer must be autonomous and passes information to next layer in open formats that can be inspected and verified
• Software involved must be published to open source
• Physical separation of layers and devices associated with them
Separation of Layers• Verifiable paper ballots
– Cast by hand or by mail by citizens directly– Printed / Formatted separately from e-Voting process– Electronic log of printing activity (as backup to e-Vote counts)– Allow machine scanning of ballots cast
• Matched e-Vote electronic records– Each vote record stored, not just rolling tally– Contains process status information (how, where, when)– Signature to enable authentication came from certified polling station– Anonymous - cannot identify voter
• Electoral roll of voter participation– Not accessible by e-Vote machines– Voter verification service and retains list of who votes
• Secure tallying and crosschecking– Independent service that compares totals
• Easy for citizens to understand – Localization and open access along with rules on formats of ballots
Processing Layers
• Electoral roll and voter registration
• Voting process
• Counting process
• Verification and Certification
Process Overview
Electoral roll and voter registration
Voting process
Counting process
Verification and Certification
1
2
3
4
Residency and citizenship verification
Maintain independent voter electoral roll
Provide lists of voters for access to polls
Dual path: paper and e-voting records
Scans paper ballots; tallies e-votes media
Verifies e-vote signatures and status logs
Compares counts from all three sources: paper, e-votes, electoral roll
Processing uses open exchange formats
Not sole vendor solution
Storage artifacts to open public spec’s
Each component lab’ tested for interop’
Version control and signature on software
Process Detail: Voting Touch-screenentry
e-Votecapture
ballotprinting
Print ballot recordse-Vote records
Dual vote processing
Digital storagemedia
Digital storagemedia
Process A Process B
XMLXML
Confirm print done
Submit request
Cast Ballots
Process Detail: Alternate Internet /Absentee voting
e-Votecapture
ballotprinting
Print ballot recordse-Vote records
Dual vote processing
Digital storagemedia
Digital storagemedia
Process B
XMLXML
Confirm print done
Submit request
AuthorizationLetter + code
Post vote via Mail
Remote Voting forms
Process Detail: Counting
e-Votetallying
ballotscanning
Print ballot records
e-Vote records
Digital storagemedia
Digital storagemedia
Count Verification
Ballot Tally
Provisionalresults
CompareVote recordsand counts
Rejectedballots
Acceptedballots
Verified Results
Electoral Roll
Initial Counting
Summary
• Allow determination of trusted process
• Overview of the core elements
• More details can be refined from the basic process overview
• XML required to capture all the details
• Goal – produce open public specification