Creating an Inherently Secure Voting System

The problem with American voting systems, is that they are inherently insecure. Rather than have security baked or integrated in, security is bolted on, and often times the bolting on of security, is done using an honor system.

The latter is a contradiction in terms. Why would you apply security to a system on an honor basis? Either you trust everyone is honest, and not require security, or you look at security in virtually all banking and information systems throughout society, and conclude that our voting systems require security as well. Also, in as much as non-integrated / bolted on security is laughable in financial and information systems, bolted on security in voting systems (such as signature verification, or the requirement of state issued identification) which can be waved away by a manager, supervisor, or poll worker on a whim, should also be considered laughable.

American voting systems need to be redesigned, where it is impossible to cast a vote in an insecure way. This article describes such a system, which should help many Americans regain trust in elections.

Patmore Douglas 11/26/2023 12:36:00 AM

Many conservatives are pushing for the exclusive use of paper ballots when casting votes in elections. They cite the fact that electronic voting systems introduce many opportunities for fraud. While the latter is true, electronic systems are double-edged swords, and hence also provide opportunities to have more secure voting than ever before. Many will ask, “How can this be?” This can be done through the design of relatively simple database systems, that have safeguards and optimal transparency.

Essentially a modern, secure voting database system will have at least two tables to hold voting data: a Voter Registration table, and a Ballot table. The Voter Registration table will have the usual voter registration information for each eligible voter, such as name, address, party affiliation, etc. The Voter Registration table will also contain two items of information: a PIN, as well as an Encoded Identifier for each voter. A random code generator can be used to fill in values of these fields which could be updated every election cycle.

The Ballot table will be used to contain the voting result of each voter. The Ballot table will be linked to the Voter Registration table by containing the table ID of the voter in the Voter Registration table. The Ballot table will also contain the PIN, as well as the Encoded Identifier for the voter, seen in the Voter Registration table.

The above system will essentially work as follows:

  1. When a voter is registered, his/her data will be entered in the Voter Registration table. PIN, as well as Encoded Identifier data, will automatically be filled in by the system.
  2. When a round of elections are approaching, PIN, as well as Encoded Identifier data will automatically be updated by the system for each voter in the Voter Registration table. Voters will be texted or emailed their PIN and Encoded Identifier data, which they will need to vote.
  3. Whenever a user casts or mails in his ballot, he will have to provide his PIN, for the voting system to accept his vote. A ballot will not be accepted, if it does not have a PIN. Further, no two or more ballot records can have the same PIN. Any attempt to enter data for a ballot with a PIN that matches the PIN of another ballot record in the database, will be rejected.
  4. Whenever a user votes, the system will text or email him his voting record – i.e. how he voted.
  5. During voting, the system will be required to periodically export copies of the Ballot table to a website, where the data can be copied and viewed (but not changed) by the public. Voters will be able to go to the website, and look up their Encoded Identifiers, to see if what is in the table, matches how they actually voted.

The above system makes voting transactional – like using a debit card. A ballot cannot be cast without a PIN, that is issued to each voter. Also, a PIN cannot be reused to cast a 2nd or more ballot. This makes ballots, whatever their form (mail in, electronic, etc.) inherently secure. No longer will you have to worry about trucks pulling up to ballot counting stations in the middle of the night, unloading ballots (that no one can tell you where they came from) which so happen to favor Democrats, by 80 plus %. Further, if Democrats engage in shenanigans with ballots cast by users, the core system will transmit to users their supposed voting record, which they would be able to further confirm, on the Ballot table website. (Voters will be able to raise concerns about how they actually voted, vs. how the voting system claim they voted.) The above system would be therefore relatively secure and open.

The above system upends Democrats’ strategy of cramming as much fraud into an election as possible, then using lawfare and all manner of distractions, to prevent serious review of votes. Making and issuing copies of the Ballot table over time, that include logs of changes made to the data, allows for the rich, universal auditing of voter data – while keeping the identities of voters hidden.

The core voting system described above, could be housed on a state server in a special private network, that is well protected, but also accessible via Virtual Private Network (VPN) to techs from various interest groups, including political candidates. Ballots would ordinarily be able to be entered into the system from PCs connected to the voting system VPN, using forms on a password protected website. By law, a voting machine would be restricted to creating two copies of a paper ballot - similar to how this one operates. One that is cast, and one that is kept by the voter. A poll worker onsite with proper credentials, would be required to enter the ballot information into the election system.

A further layer of security layer could be introduced, where a ballot record created by a ballot worker in the database system, is required to be reviewed by poll observers from all concerned political parties, and be approved by them individually, before they are available for tallying. Tallying would simply be done, by performing COUNT queries on the ballot records. 

When a ballot is entered into the system through a form via a poll worker, the system would immediately send to the voter his voting record, as electronically entered. (Note: voting machines should be required by law to be open source, and to have all their technical specifications available to election observers. In addition, all critical software code used in the election system [including database queries] should be required by law to be Open Source, and be available for public review.)

In addition to above, statistical analysis software would search for anomalies and raise alerts to all major stakeholders of the elections, including the political candidates. Serious statistical anomalies such as high error rates that point to probable fraud, would halt the processing of data in the area that it is discovered, until an investigation is conducted, and all stakeholders sign off on the findings and recommendations. Also, voters would be able to raise a fraud petition, if enough of them sign off on it.

Finally, the group that runs the core election system described above, should be separate and have limited contact with other groups, that run a statewide election. Also, when statistical analysis points to probable fraud by a group running an election, state law should require that the entire group be suspended, and barred from participating in the rest of the election. A full review of the matter would then be conducted afterwords, to see if the suspension is warranted.

Updated: 2/10/2024