Election vote count verification protocol
The BigPulse standard
The following seven processes describe an election vote count verification protocol. It enables the vote count integrity of a secret voting election or referendum to be verified without reference to the black-box servers used to harvest the votes. In fact the protocol is fully independent of any method of harvesting the votes.
The quality of the vote count verification depends on both the implementation quality of each of the seven processes in the protocol and the level of voter participation in the verification process. However a robust implementation of the protocol, even with no voter participation in the verification process, can significantly enhance the vote count integrity. Anyone with a desire and means to secretly manipulate the vote count will be less motivated to act corruptly if it is known that a secure verification protocol exists.
- Issue full take-home receipts to all voters
- Provide a secure method for transferring vote receipts to voters
- Issue tamper proof vote receipts
- Provide receipt owners with ready access to the full list of vote receipts with all personally identifiable information removed from each vote receipt. View an example of a Vote Verification page >
- Provide a means for receipt owners to verify receipt number uniqueness
- Provide a means to detect any fake receipt numbers (not issued) in the full list of vote receipts, and
- Provide a means for voters to confirm the full list of all candidates and candidate presentation order as it appeared in the voter’s ballot.
Nothing can be verified independently without real vote receipts.
Required to protect vote secrecy.
If vote receipts can be altered by the the receipt owners it provides a way to discredit the election integrity.
This enables voters to locate their own receipt in the counted list and also enables independent verification of the vote count.
A vote count can be corrupted by issuing the same receipt number to many people who voted with identical selections.
This ability along with process 5. enables the existence of any fake votes to be detected.
This alerts voters to any misrepresentation of the ballot – strictly speaking this is not part of the vote counted verification protocol but closely related.
Process 4. is the essential feature that actually enables independent verification. The quality of the other six processes determine the standard of verification.
A useful point scoring system is to assign four points to process 4 and one point each for the other six processes; making 10 points the top score. With this weighted scale it is not possible to score above four if process 4. is missing because processes 5. and 6. depend on the existence of process 4.
Transparency of source code is not included in this verification protocol. The computer code is inside the black-box, whether open source or not. Anything that relies on an assumption of what is inside the black box cannot be part of a genuine independent election vote count verification protocol.
A robust vote count verification process does not guarantee vote secrecy is protected but it must not compromise vote secrecy.
Coercion and vote buying risk is not managed by the election vote count verification protocol, in fact, it clashes with coercion risk management management. This creates a problem for government elections.
Real vote receipts – required for secure verification
A real vote is a full take-home verifiable vote receipt. A full receipt includes a unique randomly assigned identifier and the voter’s ballot selection or can be used in a secure way to confirm the voter’s selection. “Take-home” means the voter has full control over access to the vote receipt. “Verifiable” means a way to know that the receipt is authentic. Other details may be included in the vote receipt. Secure election verification requires that real vote receipts are issued securely to each voter.