need something that creates as much confidence as making a cash deposit
at a bank. Vote and Verify does that.
For a quick 90 sec. introduction, please view the Flash Presentation. Find out what makes this solution so unique.
What does Vote and Verify provide?
(see comparison between other paper receipt systems below)
When you vote on Nov. 4th you'll be given a sticker that says:
Imagine your reaction if you made a cash bank deposit and instead of a receipt the bank gave you a sticker that said:
You wouldn't tolerate this with your money, why tolerate it with your vote?
It's time to switch from
Basically what Vote and Verify does. . .
"If you can verify that your vote ended up correctly in the final official data base, it's no longer important whether a touch screen or an optical scanner was used or even who manufactured them. It's like depositing money in the bank! "
Watch this funny but perhaps not-so-funny view of paperless touch screen voting------------------>
Vote and Verify solves these technology dilemmas! You see there is nothing really wrong with using technology such as touch screens, optical scanners, etc., however, it is an incomplete system without the other half. It is destine to be a failure unless you use technology to complete Part 2-- the ability to verify online that the vote got into the final data base with a non-forgable receipt that can prove it conclusively if there was error or tampering.
THE MISSING SECOND STEP:
Why do you NOT have to do investigative reporting on what machines they use at a bank or ATM's across the country? Who develops the software, the hardware, etc.--who cares? THE ANSWER is that because if the banks DO make a mistake, the customer can VERIFY the END RESULT and they have a tiny little receipt in their hand that can prove the mistake. That is the MISSING SECOND STEP in using technology with our voting system: a way to not only verify the result by any individual, but the ability to prove error if it exists. So far only the first step has been taken.
If you want to pull the rug out from underneath all the errors, potential corruption, the outsourcing of our voting machines and even the lack of transparency... the system I have developed can do it. But, someone needs to look at the concept I've come up with. It allows voters to be able to VERIFY their votes in the final database AFTER they've voted. Doesn't that make sense? NOT EVERYONE needs to verify, it is optional, yet the very idea that anyone CAN creates an overwhelming threat to those who might want to tamper or even be careless with the votes. Voters can also prove error with a tiny encrypted receipt about the size you get from a fast-food restaurant.
By the way, once any digital machines are used to even tally the votes, this technology is only STEP ONE. To make it secure, STEP TWO is needed. Vote and VERIFY.
It's time to get the voting dance right. With this system, it wouldn't matter if the voting machines were made in China, Russia or whatever... the individual voter can prove whether they're working right or not!
Just having a paper printout doesn't make it safe!
Vote and Verify Provides Ultimate Safety
The Vote and Verify method is a concept being proposed for adoption by Federal and State election procedures. It does not yet exist, but it appears to be the way to finally solve the inaccuracy and mistrust in existing systems. It needs your help in spreading the word and getting it authorized and built. (see How can you help?)
Instead of focusing on the process, it simply provides a way to verify that the votes reached the final data base correctly. It does much more than just providing a printed record, though it too can be used for a recount. Other systems can provide for a recount too, but Vote and Verify also provides a way to detect if a recount is needed in the first place. (vote tampering with traditional systems might not give any outward indications a recount is necessary... Vote and Verify will!)Vote and Verify proposed change to our voting system would make it so you never again have to wonder, "Did my vote get counted?" You would be able to go online and check it yourself. It takes advantage of technology and allows any person the incredible power to actually verify their votes within the official data base using the internet, and if it is incorrect, actually prove an error or tampering took place.
This means that regardless of which machines and systems are used to collect the votes, they must ultimately achieve a standardized result-- a requirement to have the votes recorded properly within a data base that is transparent and available to a wide variety of checks and balances. This would include allowing the voter the ability to verify that his/her votes got recorded correctly and if not, the power to prove a discrepancy via the printed receipt.
Other proposed systems mention a printed receipt, but Vote and Verify goes far beyond that by providing a voter online internet access to their recorded voting information (only for the receipt holder/voter however, no one else can view it). It also contains sufficient information on the receipt to be able to prove error if the online data differs.
Some of what is provided is:
Please view the short Flash Presentation to learn how a small receipt containing two numbers and the internet can secure the integrity of our voting system.
The end of the Presentation will return you to this page if you would like more specific information about how it all works. That information is located below in the Questions and Answers.
What you can do? (please see "How can you help? " )
If you would like to trust the voting process, consider telling everyone you know about this concept NOW. Action needs to be started soon to meet the 2008 elections.
|If you've seen the Flash Presentation and still want to know more details, please read the following Q&A's. For example, find out why just having a paper receipt no matter how detailed, is not sufficient to protect your vote; find out why the only true way to make sure your vote was counted is to be able to verify it online in the final data base; and, if you wouldn't trust a cash deposit to your bank without a receipt and ability to confirm your transaction later on why would you want to trust your vote with a system of any less integrity.|
1) What is reason to have Vote and Verify?
There is tremendous mistrust in the voting system especially from the last two presidential elections. Vote and Verify allows each person the ability to confirm their vote via the internet and know that it has been counted. Additionally, something very unique to this approach is that a single voter has the power to conclusively prove that an error/tampering has happened with his/her vote. Other systems at best provide for massive recounts, but do not have such a precise way as this to detect errors-- and cases where a recount or investigation may be in order can and do go unnoticed. Vote and Verify is a way to be able to use the efficiency of technology but also completes the loop in such a way that additional technology makes it as secure as making a bank deposit.
2) What is unique about the Vote and Verify method? Return to Top
Technology has evolved to allow very quick and efficient vote collection and tabulation. However, there is basic mistrust by many regarding what might happen behind those touch screens, computers and technical people who may have reasons to alter the votes. Some have suggested the use of a paper receipt for voters, but without a process such as Vote and Verify, the paper receipt is about as useful as the sticker that says "I voted." Other methods suggest a master printout retained in a central registrar location in case there is a need for a recount. However, this doesn't provide any visibility for the voter confirmation of their vote, leaves opportunities for manipulation and isn't nearly as secure as the system being suggested here.
Vote and Verify provides for absolute confirmation of votes in the final database--which is, after all, the only place where they really count. Any system used is ultimately going to digitize the votes, regardless of whether votes are initially taken via optical scan, punch cards, or touch screens. At this point, tampering/errors could take place. Just having a paper printout is NOT sufficient. The major danger is that no one might be suspicious enough to demand a hand-recount. (i.e. often the criteria for recount is if the votes were close... but if errors or tampering take place, it could easily be done in a large enough amount that the race was not close) Vote and Verify will raise red flags all over the place if people start showing up with conflicts in the final data base and are able to prove with their receipt that their vote was not handled properly.
Vote and Verify requires that each voter be given a paper receipt containing two important numbers. It also keeps a copy of the receipt if a recount is necessary. The encrypted compressed numbers makes the receipts very small, and the numbers could possibly be put in a form that the receipts can be optically scanned for recounts. Neither number identifies the voter, but it allows that person the ability to verify via the internet that their vote has indeed been counted correctly in the official vote database. This means that for the first time in the history of voting, an individual can personally answer the question, "Did my vote get counted?" And if it wasn't, they can prove it conclusively-- another all time first. Just like a deposit receipt at a bank can prove an error was made, these two numbers can confirm or deny the validity of the voting system. If very many errors occur, it would be require equipment, procedures and software inspections and be sufficient cause to take another vote.
Since the two numbers on the receipt will also identify the exact location and indeed the machine that recorded the vote, any person even considering altering the software or equipment would be deterred out of fear of being tracked down.
Tampering or equipment malfunctions show that people's right to have their vote counted has been violated. However, for the first time in history, individuals can prove an error with the possession of their special receipt once they've viewed the final database on the internet.
The other challenge in any system is to make sure no clever programmer could manipulate the totals once votes are accurately in the database. Vote and Verify provides for transparency of the tabulation/counting process by not only archiving and securing the full database of votes, but providing different political parties or authorized groups to have a copy. These copies can be used to make sure no one party or individual can tally the votes differently. They should all come up with the same totals and if they don't, it can be proven who has made mistakes.
3) How does it work? Return to Top
Whatever electronic or touch screen system or optical scanner is used, it would provide you as a voter with a very small printout about the size of a single-item cash register receipt. Your name or anything linking you to the vote is not included on the receipt, nor does the system contain your name to respect voter privacy. This isn't necessarily for absentee voters, however, since this system regains the trust of the voters less people will use the absentee method. It is possible that absentee votes could be entered, a receipt produced and mailed back to the voter. (since this is a variation, please contact if you'd like more details on this method)
Before the voter leaves the voting location/station, they proceed to a secondary machine, swipe their receipt, see what the receipt says they voted for on a screen, and if it is the same they leave knowing that those numbers represent what they voted for.
At some point after votes have all been received, a voter can go on the Internet to an Online Vote Verification Web Site, enter in their Voting Receipt Number and see exactly what the database has recorded for their Vote Record Number. Comparing the online number to your printed receipt verifies that the system has the correct information; if it doesn't match, the paper printout provides absolute proof that the vote is not accurate. Those without Internet access can go to the public library, an Internet cafe, or a friend's house. Generally it would not be necessary that 100% of voters verify online, but in the case of very close elections, people would naturally want to verify their vote. To accommodate situations where a large number of people want to check, many additional Internet access points besides libraries and internet cafes could be provided by the local business community, miscellaneous clubs and groups, and of course, friends and acquaintances. Most people know someone that has internet access.
The verification process is relatively complete at this point, assuming all the numbers match. If there is any problems with numbers not matching, or the secondary machine not showing the correct people/issues voted for, they can file a complaint using their receipt as proof.
The entire voter database would be subject to detailed audits and independent total verification by a variety of different organizations. Though the primary database would be protected and archived, multiple copies would permit the scrutiny of independent examination and comparison of vote totals. And of course, the total number of votes must not exceed the total number of votes recorded on election day, which prevents adding additional records to the system.
4) With a receipt, couldn't people sell their vote? Return to Top
The encryption and coding of the receipt makes it virtually infeasible. From the receipt itself, it is impossible to determine whom you voted for. Though the steps on the internet for an individual to verify their vote is fairly simple, the process would only provide the information after the votes are totaled. Though it is possible to use the receipt as proof of vote after that point, the process is time consuming on a large-scale basis and there is great risk of being discovered. If the receipt printed out clearly who you voted for there would be much greater risk, but at least this method makes it difficult for people to buy votes. Penalties for voter fraud should be made so high that it's just not worth it. After all, we don't refrain from selling people sharp objects for fear they'll break the law; and we shouldn't refrain from giving people a verifiable receipt for their vote for fear they'll break the law.
For those wanting still more detail regarding how it can be set up so that votes aren't sold, please read on. There is a way to make the selling of votes next to impossible and terribly risky for those involved. The following only addresses one method. Those very serious about this can inquire about the more advanced methods.
In the section, 'How does it work?' it described the receipt as containing two numbers: 1) a Voting Receipt Number and 2) Vote Record Number. The numbers are encrypted and compressed. The first number identifies the voting location, ballot used, time, and unique identification. The second number is larger and records exactly how you voted for every candidate and issue. Because these numbers are both encrypted, only a special program containing the specific decoding key can determine what the receipt indicates. Also, because the encryption is dynamic, two people voting the identical selections will have a different set of two numbers. Because of the changing nature of coding technique, it is impossible to decode the numbers and determine votes.
What this means is that a voter can go to an authorized Online Vote Verification web site on the internet, type in the Voting Receipt number and see what the database has recorded for the second number. Of course it should match the 2nd number on the receipt. Of course there is still a need to satisfy the voter that these numbers translate to what he/she voted for. One way is to add security, and special techniques online to make the process too risky for those buying votes, or, to use a more advanced approach described below.
Note: The following has been added since some wanted to see a more advanced approach in making sure votes cannot be sold and that a recount is possible. Originally this much detail was not included since most people are just interested in the general concept. The FLASH presentation doesn't go into this level of detail. However, for those with a craving for more details please read on.
The encryption and compression makes the receipt extremely small. It saves paper and makes recounting by optical scanning much more efficient. In addition, it also makes the receipt itself something that cannot in and of itself be worth selling since it's just a bunch of numbers. Without knowing what the numbers mean, the voter can still go online to verify their vote (via those coded numbers) arrived correctly into the final data base.
That only leaves the one challenge of how can you can let the voter confirm what those numbers mean without him/her being able to sell it?
This is solvable, and would be part of the advanced study of this to find best solution. A basic approach would be to make some additional security procedures for online access before allowing decode of the numbers.
Another approach, which would be a very secure method, would be to print the coded numbers so they could be easily read by an optical scanner. Before the voter leaves the voting location, they proceed to a secondary machine, swipe their receipt, see what the receipt says they voted for on a screen, and if it is the same they leave knowing that those numbers represent what they voted for.
These secondary machines would be especially protected. If necessary, they could link to online software for even additional security, though analysis might show it isn't necessary. Once the voter leaves the voter station however, no access to any decoding is available unless there is a later audit or investigation in which the voter would present the receipt as proof when contesting the accuracy of the data base.
The voter leaves with the receipt with numbers reflecting his/her vote, and then the voter can Verify those numbers made it to the final data base by going to the official Online Verification web site. The receipt is worthless to sell, the online information would only show that those numbers arrived safely into the final data base, and there is nothing to prove or confirm to others what he/she voted for. A copy of all receipts are also kept at the voting location, with the coded numbers printed for easy optical reading. That solves the challenge of being able to do a 100% recount using the retained receipts.
5) Couldn't someone print fake receipts? Return to Top
It is not feasible since the two numbers on the receipt are dynamically encrypted with a coding key highly protected. The manually created numbers would in itself expose the fact they were fraudulently produced. The time required to break the encryption code by a super computer would measure in the years. The only way someone could create coded numbers would be to have inside information, which is highly guarded, and secure. However, even with this, the codes identify the location, time and date of the vote. If this doesn't correspond to other records, the fake receipt can be shown invalid. The numbers are so secure, failure to have the numbers recorded in the final voting database is cause for thorough investigation into what equipment, and software or person was at fault. This is also why a receipt can definitively prove vote mishandling or tampering.
6) Couldn't the vote totals be altered after the fact? Return to Top
Not really. This system provides tremendous security because of the transparency. Each person's votes are decoded into the two encrypted number pairs and all pairs are transferred from each voter station to the collection hub and consolidated into a master database which is archived and secured. Copies of the database are then provided to authorized political parties or organizations for their own independent totaling and checking.
Each voting station also provides manual-signature records, which provides a 'head count' of how many voters they had. These manual counts must match the total counts of encrypted number pairs; else error or tampering is exposed. This guarantees that votes cannot be added. Alteration of the encrypted number pairs remains the only means of tampering. However, altering any of the encrypted number pairs could lead to exposure. Voters can verify the numbers online using the internet. Their printed receipt could definitively prove that their vote was changed. Since the encrypted number pair shows much information such as voting station, exact second vote was recorded, all those in charge of handling those machines, digital information, etc. is defined and could lead to exposing those responsible for the alteration.
7) What if everyone does not verify his or her vote online? Return to Top
It is not necessary. Anyone tampering with the votes cannot know for sure which ones might be verified online. It would only take a single receipt to prove votes were not accurate, and more than that could be very incriminating. The risk of exposure to those tampering even with a few votes is so high, those intelligent and close enough to the inner workings would also be smart enough not to attempt it. Also, penalties for tampering should involve years in jail and not just a slap on the hand.
8) Wouldn't this be extremely costly to implement? Return to Top
How costly is it to our democracy if the voter trust is quickly disappearing with the current system? Actually the ultimate system might be less costly than what's currently being used. The reason for this is the fact that because votes can be verifiable by each voter online, high tech solutions for collecting the votes can be used with confidence. There is no longer a need for paper ballots, punch cards, scanners, card readers, etc. Simple touch screens with the ability to print on cash register size paper (about 2" x 3") are sufficient.
So there could be a great savings in equipment especially if standardization could be adopted. However, there is significant brainpower required to develop the online verification algorithms, encryption algorithms, ballot coding standards, etc. Also, since so many states and voting stations are involved, it would involve the political decision to opt for certain standardization.
The rewards are great however. For the first time in the history of voting, we could have a system with the type of incredible security we really need to make sure our votes are being counted with the level of trust our democracy desires and requires. Yes, it does require a small paper printout, a 'paper-trail' so to speak, but after all, if you can get one for a fast-food hamburger, how much more important is a receipt for your vote?
9) Who is Cliff Durfee? Return to Top
There is no reason we can't use technology to bring us confidence in our voting system. However, just using technology to collect the votes without a way to verify that they ended up in the final data base, is like making a cash deposit in the bank without a receipt nor an ability to confirm transactions. The bottom line is that all well-motivated Americans want to trust and know that all the votes are being counted-- accurately.
People have asked how can they help bring about change.
Please see the page on "How can you help?"
**This book, Stories for the Inner Ear, has eleven allegorical short stories threaded together with a captivating novel which helps you hear your own inner voice and intuition in ways beyond regular imagination.
Created by Cliff Durfee of designaffect.com
copyright 2005 Cliff Durfee