In the current state of the election process, most state and federal elections in the U.S. rely on a majority of ways for casting a ballot, such as a mix of paper ballots, optical scan, and direct-recording electronic (DRE) voting machines. Currently, the United States has the longest ballots in the democratic world, and this is due to three levels of officials that are to be elected, which has increased the number of elected offices on ballots. As seen for many years now, the voting systems have served their purpose,
but have potential vulnerabilities. Paper ballots can be miscounted or lost and DRE machines are susceptible to hacking and software errors.
The challenge of ensuring secure and transparent elections affects a wide range of stakeholders, including voters, election officials, government agencies, political candidates, and international observers. Voters, who are the core stakeholders, rely on the electoral system to accurately and
securely reflect their choices. From an administration standpoint, election officials and government agencies are responsible for administering and safeguarding the election process. From either side of the spectrum, political candidates depend on fair elections to validate their legitimacy, and international observers monitor elections to ensure they meet
democratic standards.
Mandating the use of End-to-End Verifiable (E2E-V) voting systems would be a solution to address significant vulnerabilities in current voting systems. These vulnerabilities include risk to tampering, fraud, and cyber attacks, which can emphasize the integrity of elections and affect public trust. E2E-V systems provide ways for voter verification, auditability, and tamper resistance through advanced cryptographic techniques. The goal is to ensure that every vote is accurately recorded and counted while maintaining voter anonymity and enhancing transparency.
There has been a need for secure and verifiable voting systems in recent years, due to the rise of high-profile incidents that have exposed weaknesses in electoral processes. The 2020 U.S. presidential election, the 2016 election interference, and ongoing concerns about cyber threats
have highlighted the critical need for election security measures. Both the Federal Bureau of Investigation and the Central Intelligence Agency have indicated that a foreign power did indeed try to influence the election in 2016 (Entous & Nakashema, 2016). The advocacy for E2E-V systems is being aimed to be implemented in upcoming state and federal elections to prevent further speculation of public trust and ensure the integrity of future electoral outcomes. The scope of the problem includes both state and federal elections across the United States. Federal elections, which include presidential, congressional, and senatorial races, are particularly
high-stakes and thus more susceptible to interference and fraud. Implementing E2E-V systems nationwide would standardize election security protocols, and provide a unified approach to safeguarding the electoral process across all levels of the government.
From a cybersecurity perspective, E2E-V systems mitigate several key risks associated with electronic voting. They eliminate the threat of malware or unauthorized software altering votes by providing a mechanism for voters to confirm that their votes have been correctly recorded. Additionally,
E2E-V systems protect against man-in-the-middle attacks by using cryptographic proofs to ensure that votes cannot be intercepted or
changed without detection. This approach also protects the integrity of
the entire voting process, from casting to tallying, by allowing independent verification of results through a public bulletin board that contains anonymous encrypted votes.
Ensuring that each vote is accurately counted and that the results reflect the will of the electorate is crucial for maintaining public trust in the electoral system. As mentioned before, traditional voting systems, both electronic and paper-based, have faced challenges, including
vulnerabilities to fraud, tampering, and errors. These issues can lead to disputed outcomes, decreased voter confidence, and potential disenfranchisement. From a historical context perspective, the 2020 U.S. Presidential election highlighted significant concerns about voting
integrity, reminiscent of the controversy in Florida during the 2000 election. Issues with punch card ballots, such as "hanging chads," and inconsistencies in the recount procedures led to uncertainty and a legal battle. This led to the Supreme Court's involvement and the Bush v. Gore decision, which determined the election outcome. There is also much evidence from the 2016 U.S. presidential election as many reports of Russian interference took place. Hackers targeted voter registration databases and electoral systems in multiple states, raising concerns about the potential manipulation of voter data and election outcomes. Many of the reports indicated attempts to probe and exploit vulnerabilities in election infrastructure. Russian hackers targeted voter registration databases in multiple states, such as Illinois and Arizona, accessing the
personal information of voters. These attacks involved scanning for and exploiting known vulnerabilities in the election systems' software and networks. According to cybersecurity leader Mandiant, Advanced Persistent Threat (APT) groups, notably APT28 (also known as Fancy
Bear) and APT29 (Cozy Bear), deployed malware to gain persistent access to networks. This malware facilitated the exfiltration of data and allowed attackers to maintain control over compromised systems for extended periods. Many of these recent historical examples emphasize the importance of safeguarding the electoral process against tampering and fraud. When voters lose confidence in the integrity of elections, it ruins the reputation of the legitimacy of the government and can lead to political instability and social unrest.
End-to-End Verifiable Voting (E2E-V) systems address these concerns by providing verifiable security measures that ensure the accuracy and integrity of the vote. To understand this further, E2E-V voting systems enable voters to verify that their votes are accurately recorded and counted, which provides constituents transparency and accountability throughout the electoral process. Some of the key features of this voting system include having voter verification, which ensures that voters receive a receipt allowing them to confirm their vote was cast as intended. Another aspect of this is the function of auditability, as this enables election officials and independent observers to audit the voting process, detecting and correcting any irregularities that are found. Additionally, tamper-resistance is achieved through cryptographic techniques that protect against unauthorized alterations to the voting data. Looking at this further, the voting systems are in usage of homomorphic encryption in which this would be a form of encryption that would allow computations to be performed on ciphertexts and would produce an encrypted result,
and when decrypted, it would match the result of operations that were performed on the plaintext. Specific to the E2E-V voting systems, homomorphic encryption enables the tallying of votes without revealing individual votes. Each vote is encrypted when cast, and the encrypted
votes are combined using the homomorphic properties. Only the final tally is decrypted, ensuring that individual votes remain confidential throughout the process (Gentry, 2009).
Another aspect to consider is the idea and functionality of Zero-Knowledge Proofs (ZKPs). This is a cryptographic protocol that allows one party to prove to another that a statement is true without revealing any additional information. In E2E-V voting systems, ZKPs are used to verify that votes are correctly encrypted and tallied without exposing the actual votes. This ensures that all steps of the voting process are verifiable by independent auditors while preserving voter privacy (Goldwasser, Micali, & Rackoff, 1989). To dig even deeper, another cryptographic mechanism that would be used in the voting machines would be Mix Nets. Mix Nets are cryptographic protocols that shuffle and re-encrypt votes to anonymize the link between voters and their votes. After votes are cast and encrypted, they pass through a mix of servers that re-encrypt and permute the votes in a way that makes it computationally infeasible to trace a vote back to a specific voter. This process ensures voter anonymity and protects against coercion and vote-selling (Chaum, 1981). One of the most important parts of the cryptographic architecture of this voting system is to have end-to-end encryption. From the moment a vote is cast until it is tallied, end-to-end encryption ensures that the vote remains secure. The encryption keys used are typically originated through secure multiparty computation, ensuring that no single entity holds the decryption key, which enhances security (Boneh & Shoup, 2017). At the end of the process, voters would receive a cryptographic receipt when they cast their vote. This receipt contains an encrypted representation of their vote that they can use to verify that their vote was recorded correctly in the public bulletin board (a digital ledger where all votes are posted in encrypted form). The receipt does not reveal the vote itself, maintaining secrecy while providing verifiability.
Paper ballots are widely used due to their simplicity. However, they are prone to problems such as human error, including misinterpretation, incorrect tallying, and mishandling of ballots, especially during manual counts and recounts (Caltech/MIT Voting Technology Project, 2001). For instance, in Arizona, hand counts are performed to verify the machine counts from a sample of ballots from each County. This practice could be susceptible to tampering and fraud, including physical tampering, ballot stuffing, and destruction of ballots, which can compromise election results (Hasen, 2012). Moreover, large-scale elections require extensive logistics for printing, distributing, and securely transporting ballots, increasing the risk of mishandling and fraud (Alvarez & Hall, 2008). During the 2020 election, a number of incidents highlighted the vulnerabilities in the current voting system, particularly regarding the secure transportation of ballots. For instance, in mid-September 2020, three trays of mail, including absentee ballots, were found discarded by the side of a road in a ditch in Greenville, Wisconsin (Associated Press, 2020). Similarly, a woman in California reported discovering a bag stuffed with valid and
completed Santa Clara County ballots in a ravine in the Santa Cruz Mountains (CBS SF Bay Area, 2020). Additionally, the Department of Justice charged a mail carrier for dumping mail, including ballots, in two dumpsters in New Jersey, further emphasizing the risks of mishandling
ballots during transportation (U.S. Department of Justice, 2020).
Direct Recording Electronic (DRE) voting machines allow voters to make selections using a touchscreen or buttons, with votes recorded electronically. However, they have significant drawbacks. Without a
voter-verifiable paper audit trail (VVPAT), it is difficult for voters to confirm their choices were accurately recorded. Additionally, many DRE systems have been shown to be susceptible to hacking and malware, posing a significant risk of undetected tampering (Appel, 2009). Even with VVPAT, the auditing process can be insufficient to detect all discrepancies, particularly in close races (Stark, 2008). Optical scan systems involve voters marking paper ballots, which are then scanned and counted by machines. While they offer a physical record, issues persist. Optical
scanners can misread ballots due to poor marking, damaged ballots, or technical malfunctions. Ensuring the secure transfer and storage of paper ballots remains a challenge, exposing them to potential tampering. Hybrid systems, which combine electronic and paper-based voting, still face problems. These current approaches have shown weaknesses that can be exploited, leading to potential election fraud. As many of these issues have been highlighted, there is a need for more secure, transparent, and verifiable systems like End-to-End Verifiable (E2E-V) voting systems to
protect the integrity of the electoral process.
The first step in implementing the proposed policy of mandating the use of E2E-V voting systems in the state and federal elections is to enact federal legislation that requires the use of E2E-V voting systems across the nation. This legislation should be accompanied by the allocation of federal funds to support states in upgrading their voting infrastructure. Establishing clear standards for E2E-V voting systems is crucial, such as security,
accessibility, and usability criteria. A certification and audit process by various agencies will ensure that voting systems meet these standards before being deployed in elections.
To facilitate a smooth transition, pilot programs will be implemented in select jurisdictions to test E2E-V systems and address any potential issues that arise. A phased rollout will then be initiated nationwide, and areas with areas with higher security concerns or past election irregularities will be prioritized. Another crucial part of this implementation process that
would be spearheaded by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) will include a comprehensive voter education campaign that will be developed to inform the public about the benefits and use of E2E-V voting systems, while election officials and poll workers will receive training on operating and troubleshooting these systems. An independent oversight body will be established to monitor the implementation and operation of E2E-V voting systems. The executive committee of this body will include individuals from diverse backgrounds, such as leadership from the Department of Defense, the U.S. Election Assistance Commission, and bipartisan members of the election oversight committee. At the state level, key individuals from the Office of the State Secretary will play a crucial role in the deployment and governance of the
voting machines and ensure a comprehensive and coordinated approach to the implementation process. Additionally, ongoing research and development will be supported to improve E2E-V technology and address emerging security threats with collaboration and partnership with federal
agencies such as the National Security Agency, CISA, Homeland Security, and the United States Cyber Command. Collaboration with academic institutions, cybersecurity experts, and technology companies will be encouraged to innovate and enhance these systems in a continuous manner. The primary constituencies involved in the adoption of E2E-V voting systems include federal and state election officials, political parties, cybersecurity experts, and voters. Federal and state election officials will play a critical role in the implementation and oversight of these systems. At the end of the day, political parties will have vested interests in ensuring that the new systems do not disadvantage their electoral prospects and will secure their confidence even more. Most importantly, voters are the ultimate beneficiaries of secure and transparent voting systems, but they will need education and assurance about the new technology's reliability.
Implementing E2E-V voting systems nationwide will require significant financial investment. Securing federal and state funding for the development, deployment, and maintenance of these systems could be a challenge. Additionally, resource allocation may be competitive, with debates over which jurisdictions receive funding first and how much is allocated to each area. Developing and deploying E2E-V voting systems involves overcoming technological challenges, particularly for those who are less familiar with advanced technology. An important factor is to ensure the systems are user-friendly, secure, and reliable is essential, but achieving this may require extensive testing and iteration. From a political standpoint, mandating E2E-V voting systems may face political opposition from various quarters. Some politicians and parties might resist the change due to fears that it could affect their electoral prospects. Additionally, there might be ideological opposition to federal mandates on state-run elections, leading to conflicts over states' rights and federal authority. Public trust in the new voting systems is crucial for their successful implementation. Educating voters about the benefits and functionalities of E2E-V systems is essential, but overcoming skepticism and resistance to change could be challenging. With the rise of social media being a common outlet for news sharing, misinformation and disinformation
could further complicate efforts to build public confidence. Overall, while the adoption of E2E-V voting systems promises enhanced election security and transparency, navigating these constituencies, barriers, and roadblocks will be crucial for the successful realization of this policy.
By mandating E2E-V voting systems, the U.S. can set a standard for secure and transparent elections and reinforce the integrity of its democratic institutions. As election security threats and concerns about the reliability of voting systems continue to evolve, E2E-V systems offer a defensive mechanism against these challenges by providing a clear, verifiable
trail of each vote cast, ensuring that every ballot is accurately recorded and counted. The timing is especially important as there have been recent incidents and an increase in public response for more reliable and transparent voting technologies. E2E-V systems not only address these
concerns by allowing voters to verify their ballots and ensuring that the electoral process is immune to tampering, but they also restore public confidence in the democratic process.
There are already steps being taken to upgrade current infrastructures. Indiana, Mississippi, and Tennessee have all passed legislation that requires localities to update or replace their paperless machines with systems that produce a paper record of every vote. Additionally, Texas counties have until 2026 to replace their paperless direct recording electronic voting machines, though several counties have already made progress toward this goal. The National Institute of Standards and Technology (NIST) has been collaborating closely with the U.S. Election Assistance Commission on the development and implementation of end-to-end verifiable voting systems. They have been actively gathering feedback from voters and other key stakeholders to ensure the technology meets the highest standards of security, reliability, and usability. Mandating the use of end-to-end verifiable voting systems in state and federal elections aligns with the growing demand for greater accountability and trust in elections, making it a timely and essential advancement.
Works Cited
Alvarez, R. M., & Hall, T. E. (2008). Electronic elections: The perils and promises of digital democracy. Princeton University Press.
Alvarez, R. M., Hall, T. E., & Llewellyn, M. (2008). Are Americans confident their ballots are counted? The Journal of Politics, 70(3), 754-766.
Appel, A. W. (2009). Real-world electronic voting: Design, analysis and deployment. In International Workshop on Electronic Voting.
Associated Press. (2020, September 24). Absentee ballots found in ditch in Wisconsin. Associated Press. Retrieved from https://apnews.com/article/voter-fraud-election-2020-joe-biden-donald-trump-7fcb6f134e528fee8237c7601db3328f
Blaze, M., Braun, J., Hursti, H., MacAlpine, M., & Perez, R. (2020). Security analysis of the Estonian internet voting system. Journal of Computer Security, 28(1), 1-27.
Boneh, D., & Shoup, V. (2017). A graduate course in applied cryptography. Draft version 0.5.
Brater, J. (2019). Voting machine security: Where we stand a decade after HAVA implementation. Brennan Center for Justice.
Caltech/MIT Voting Technology Project. (2001). Residual votes attributable to technology: An assessment of the reliability of existing voting equipment. Caltech/MIT Voting Technology Project.
Chaum, D. (1981). Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2), 84-88.
DeMillo, R. A., Kadel, R., & Marks, M. (2018). What voters are asked to believe: The case against credibility theater. USENIX Journal of Election Technology and Systems (JETS), 6(1), 1-18.
ElectionGuard. (n.d.). Verifiability. Retrieved from https://www.electionguard.vote/concepts/Verifiability/
Gentry, C. (2009). A fully homomorphic encryption scheme. Stanford University.
Goldwasser, S., Micali, S., & Rackoff, C. (1989). The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 18(1), 186-208.
Halderman, J. A., et al. (2018). Hacking the 2016 election: The real-world threats. Journal of Cybersecurity, 4(3), 225-239.
Hall, J. L., & Alvarez, R. M. (2012). Remote voting and turnout in the 2008 presidential election. PS: Political Science & Politics, 45(4), 701-706.
Hasen, R. L. (2012). The voting wars: From Florida 2000 to the next election meltdown. Yale University Press.
Hasen, R. L. (2020). Election meltdown: Dirty tricks, distrust, and the threat to American democracy. Yale University Press.
Hursti, H. (2005). The Black Box Report. Black Box Voting.
Neff, C. A. (2001). Verifiable mixing (shuffling) of ElGamal pairs. In Proceedings of the 2001 ACM Conference on Computer and Communications Security (pp. 77-85). ACM.
Norden, L., & Famighetti, C. (2015). America's voting machines at risk. Brennan Center for Justice.
Stark, P. B. (2008). Conservative statistical post-election audits. The Annals of Applied Statistics, 2(2), 550-581.
Stark, P. B., & Wagner, D. A. (2012). Evidence-based elections. IEEE Security & Privacy, 10(5), 33-41.
U.S. Election Assistance Commission. (2023). End-to-end verifiable voting systems. Retrieved from https://www.eac.gov/sites/default/files/2023-01/e2e-draft-for-tgdc_508.pdf
Verified Voting Foundation. (2020). The principles of end-to-end verifiability. Retrieved from https://verifiedvoting.org
