Ledger Database for Ballot Storage

Categorized in: Product development | Comments not allowed

Ledger Database for Ballot StorageThere has been a change to how ballots are stored within the ElectionsOnline system utilizing new technology that, while evolutionary with respect to how it came to be, is truly revolutionary in what is now possible—that being immutable and cryptographically verifiable ballots. If you’re familiar with blockchain, and think that’s what we’re talking about, we aren’t, as blockchain has never been ideally suited for elections despite the buzz that may have surfaced when it first began gaining popularity with services like Bitcoin. It can be appropriate when multiple parties are looking to work together in a decentralized way, but elections do not meet that criteria. What we are talking about is a ledger database and in keeping with ElectionsOnline’s reputation for being the leading innovator of voting technology, we’re thrilled to be the first and only election service provider to adopt it. This did not materialize out of the ether. It evolved by borrowing some of the properties of blockchain with other properties of a document database, adding some bonus properties to it and then ensuring it hit the target that precursor technologies were aiming for but just came a little off the mark. So what we see is something born out of asking what problem blockchain really tries to solve and how can it be solved better? The answer is a technology effectively purpose-built for elections.

Key properties of the technology are explained below.

Fully managed

Running on, and offered by, Amazon Web Services (AWS), means the expertise of AWS goes into server and network optimization, security, patching, backups and everything else.

Ledger Database

Recall the days when bookkeepers using paper would record every single business transaction in a ledger. In the event some piece of data in a transaction needs updating, the original transaction does not go anywhere. It remains untouched, and a new entry is added to the ledger where the correction is made. In this way, a history of transaction activity is chained together. Were 100 such updates to be made, there would be 101 entries in the ledger. (1 for the original transaction, plus 100 updates.) But one should understand that databases have historically not followed this model. Instead, when an update is committed to a database, instead of it creating a new entry, the data in the original entry is overwritten leaving no trace of the state it was in prior to the update. So 100 updates to a single record would still mean only 1 record in the database. That certainly cuts down on the amount of storage space consumed and is perfectly okay when keeping a history of activity is unnecessary. But when a history of activity is required, it usually would mean keeping an “audit table” in a database where previous states of data are logged for audit purposes. But even this has its shortcomings given that someone with access to the database could modify or delete records from the audit table without leaving a trace.

This is where a ledger database comes in. The ability to update and delete data in a ledger database does not behave as it does in non-ledger databases and any data committed to the ledger becomes part of its auditable history.


Transparent means that a record’s full history may be queried and viewed.


Immutable is defined by Oxford dictionary as, “unchanging over time or unable to be changed.” In other words, once a ballot enters the ElectionsOnline system, it is not possible for it to be altered by anyone. More precisely, it is not possible to alter the original ballot committed to the system by a voter. Because no ballot should ever be modified once committed, election managers may verify the absence of any change history to be certain that the results are being reported using original, unaltered ballots as decribed at Election Verification and Certification.

Cryptographically Verifiable

A cryptographic hash function generates a digest file which may be used to validate the integrity of any data changes. This in turn permits voters to perform verification of their own ballots well after the close of voting for absolute certainty their ballot has been captured and has not been altered since being committed to the system.

Owned by a Central Trusted Authority

Blockchain is built on the concept of decentralized computing which has its uses, particularly when multiple parties, particularly parties unbeknown to other parties, are involved with ensuring the integrity of data before committing that data to the network. But with elections, that is not the case and is one reason why blockchain is so poorly suited for elections. Instead, the act of a voter committing his or her ballot selections to a system occurs between a voter and a trusted authority like ElectionsOnline. It’s not much different conceptually than an account holder depositing money into his or her bank account where the bank serves the central trusted authority.