Ballot Verification
Objectives of Verification
At the moment a voter completes voting at Skypunch Technology, an email confirmation is sent to that voter including a verification code that may be used to later to verify their ballot. This is done by visiting www.electionsonline.com/verify where a voter may:
- step through the process of verifying that their ballot has been recorded.
- verify with absolute certainty the ballot has not been altered.
- ensure the ballot is included in the vote count.
Verification Steps
Step One—Verify version number
Ballots are stored inside an immutable system of record that can only perform append operations. This means when data like that collected by a voter making selections on a ballot is committed to this system, it does so as a block of data with a version identifier of zero assigned to it. Were that block of data to be modified or deleted at some later point in time, the append-only behavior means that the original data is not overwritten. Rather, a new entry is added and additionally hash-chained to the original data block thereby creating an auditable history of activity performed on that data where each new entry has a version identifier incremented by one. Because no ballot should ever be modified once it enters the system, no ballot should have a version identifier greater than zero. Therefore, the first step to ballot verification is to confirm that a given ballot is on version zero. Successful completion of step one also includes retrieving a current block address which is used for further verification in the next step.
Step Two—Get proofs and verify ballot
Several things occur doing step two. A digest is extracted from the verification code provided by a voter when entering the verification wizard. The digest uses a hash value to cryptographically represent the entire system at a point in time. Note the reference to time. Verification proves that data has not been altered between the time a digest was generated and verification is performed. That is why the digest provided to voters (included in the verification code) is generated at the moment a ballot is submitted. We are verifying no alteration to that ballot between the moment it is saved in the system and verification is performed. Some additional metadata about a ballot is also collected which includes a block address and a digest tip address. The block address points to the specific block of data within the system where the ballot being verified is stored. The digest tip address points to the location in the system’s transaction history where the digest was created.
With this data, a series of calculations is performed starting with a ballot’s block address and traversing to the topmost level of the system to recalculate a digest hash. When this recalculated digest matches the expected digest hash, we prove no data has been altered and verification is successful.
Step Three—Ensuring ballot is included in vote count
All verification activity discussed above is performed against a system of record which is not used to support reporting and analysis of the election results. Therefore, once voters have verified that their ballot has been captured and is unaltered in this system of record, they may also confirm that one, and only one, exact duplicate of their ballot also exists in the reporting platform.
Viewing ballot
After a ballot has been verified, you may also proceed to view the ballot showing the selections made by the voter.