Secure Voting Report

Secure Voting Report

On January 26, 2016 WebRoots Democracy released a report entitled “Secure Voting: A guide to secure #onlinevoting in elections”. The purpose of the report was to explore and document the possible security models for online voting software around the world. Follow My Vote was one of many contributors to the report. WebRoots Democracy sought out global experts in the field and authoritative sources in academia. Dr. Kevin Curran, Professor Robert Krimmer, Verizon, Scytl, Smartmatic, Everyone Counts, Electoral Reform Services, and Mi-Voice all contributed to the final report.


“WebRoots Democracy is a voluntary, youth-led pressure group, campaigning for the introduction of an online voting option in UK elections.

In addition to this, the pressure group intends to reverse growing political apathy and low electoral turnout in the UK, particularly amongst young people.

Whilst political apathy has a variety of causes, we must recognize that we live in an age of distraction and rapid technological advances. As such, WebRoots Democracy is also campaigning for an accessible, informative, and interactive election website to help reach out to new voters.

It was conceived in February 2014, and launched in May 2014 following the European Parliament and Local Council elections.”

WebRoots Democracy published Viral Voting in 2015. The Viral Voting report proceeds Secure Voting and “is the culmination of over a year’s worth of research looking into the potential of introducing an online voting option in UK elections”.

Follow My Vote Contributions

The following text covers the contributions made by Follow My Vote to the WebRoots Democracy Secure Voting Report.  

 Voter Verification

This question breaks down into two parts: first, how can we verify that a given person is allowed to vote (i.e. they have a right to vote, and they have not voted already); second, how can we determine that a given vote was cast by one of those verified persons, and that it is the only vote on a given issue cast by that person.

The first part does not change substantially in a transition to an online voting system. Voters must register to vote, and receive a certification authorizing them to vote when the polls open. In Follow My Vote’s online system, this certification takes the form of an identity on a blockchain which has been cryptographically signed by the identity verifiers for the election as being unique and authorized to vote.

The second part is a more difficult problem which, in contemporary paper ballot systems, is largely unaddressed. It is simply assumed that if a ballot is in the box, it is valid and should be counted. There is no possible verification of this assertion later on in the process. In electronic voting systems, the problem is worse as typically audit trails are not preserved, and these systems are frequently designed with no eye towards security, allowing them to be manipulated to alter the votes.

Follow My Vote’s voting system will preserve a complete audit trail which provides cryptographic proof that each counted vote was cast by one of the authorized identities, and it was the only one cast by that particular identity, without enabling any party (including election officials) to determine which certified identity cast that vote.

Safeguards From Peer-Pressure

One of the major benefits of an online voting system is the flexibility it offers to voters in terms of where and when they vote. Voters can vote in a time and place where they feel best enabled to make an honest and informed voting decision. If a voter still feels pressured in any way, our system provides a mechanism by which voters can revoke their online vote and instead vote on a paper ballot at a polling place, without opening up the possibility for a vote to be counted multiple times.

Ensuring The Correct Vote Is Submitted

In the Follow My Vote system, all votes are public data available on the blockchain. Because of this, a voter can look up their vote in the public record and verify that it was cast correctly. The voter can do this verification on a public computer to verify that his personal computer is not out of sync with the network, or being fed invalid information about the public record by an attacker. Furthermore, the open source Follow My Vote application will be able to count the votes on the public record, and show the voter the results directly, rather than trusting election officials to tally the votes in secret, so the voter can be completely assured that his vote was cast as intended and counted as cast.

Ensuring The Correct Vote Is Received

Due to the inherent trust, fault tolerance, and censorship issues involved in a centralized voting solution, our system leverages a decentralized design. Thanks to this property, our system does not require any online voting provider to verify the votes. This is done by individual voters as they tally the votes as described earlier. This verification is done using the cryptographic audit trail made publicly available on the blockchain. This audit trail proves that the votes were not tampered with after they were cast.

Safeguards Against Malware On The Voter’s Device

In any electronic voting system, if the operating system the voter uses when casting his votes is compromised with malware, it is possible that an attacker could steal the voter’s cryptographic identity, change the votes prior to publication, and determine the real-world identity of the voter. No safeguards do or can exist with modern technology once the malware infection has taken place; therefore, the only defense against this is to prevent a malware infection, or to neutralize the infection for the duration that the voter’s private information is held on the device used to vote.

Clearly, the threat of malware is a serious one, and Follow My Vote has hired a malware analyst to help them to harden their software against this threat to the greatest possible extent. The threat of attack is greatest on web-based platforms, and for this reason, Follow My Vote will not provide a web-based voting application unless they can ensure that such an application meets the security standards of their other voting applications. The threat of attack is least on mobile devices, where, due to the security models used by modern mobile operating systems, it is rare to find a malware infection capable of interfering with other applications on the device (most malware on mobile devices can do nothing without first asking the owner’s permission and can be trivially removed simply by uninstalling the application containing it). The greatest risk of compromise from malware will be on desktop and laptop computers, where the operating systems do not have as strong of a security model, and malware can be difficult to find and remove. Because of this, Follow My Vote will recommend users only vote from these computers using a live operating system (a temporary computer operating system which runs in RAM and is used only for voting), which will neutralize the threat of malware on the computer while the Follow My Vote application is running and storing data on the computer. Follow My Vote will provide tutorials and/or software to help voters accomplish this. Voting from a computer running a live operating system is the most secure way to vote, and will protect users from virtually all possible malware.

Safeguards Against Cyber-Attacks

As discussed earlier, there is no centralized system to attack. A custom cyber-attack would have to be levied against each individual voter, which would be prohibitively expensive and time-consuming. Furthermore, attacking voters who are using the live operating system would be nearly impossible.

Contingencies In Case Of Vote-Tampering

Due to the decentralized design of the Follow My Vote system and the blockchainbased record, it should be impossible to tamper with votes on a large-scale basis. If such an attack could be found, the same attack could compromise the entire Bitcoin network (an online payment processing network). Since there is already such a great incentive to find such an attack, yet Bitcoin remains secure against large-scale attacks, it is highly unlikely that such an attack will be found. The difficulty of attacking an individual voter depends on how careful they are to avoid attack, but as described earlier, the Follow My Vote software will be designed to make it easier for voters to protect their security than to compromise it. Nevertheless, if such an attack is successfully levied against a voter, that voter will immediately be able to see on the public record that his vote has been tampered with, and will be able to report the fraud to the election officials. From there, the exact details of how fraud is dealt with will need to be determined on an election by election basis.

Detecting Interferences With The Online Voting System

Because all of the online communications used by the Follow My Vote system will be encrypted and cryptographically signed, any interference with the online communication will be automatically detected and rejected.

Maintaining Audit Trails

The Follow My Vote online voting system will provide a complete audit trail for the entire election, from identity verification through to the final tally, on the public blockchain record. The open source application will validate this entire audit trail when tallying the results to ensure that no tampering occurred. Since the application is open source, the public can examine its code and verify that it is auditing the election correctly.

Ensuring The System Is Sufficiently Secure

There is only one way to determine if a particular online system is secure, and that is to try to attack it. If no successful attack can be found, it is considered secure. Even formal proofs of correctness can only verify that the software is doing what it was intended to; they cannot verify that the software is invulnerable to an attack its designers failed to foresee. Because the Follow My Vote system is based on proven blockchain technology, which has been open to attack for several years, it is unlikely that such an attack will be found.

Securing Voter Records And Personal Details

The Follow My Vote system will not need to store any voter’s personal details, nor does it mandate what details may need to be collected and/or stored. The identity verification agencies chosen for a particular election will likely need to collect some personal details in order to certify within the Follow My Vote system that the voter’s on-chain identity is unique and authorized to vote, but it is their responsibility to ensure the confidentiality of any data they require in order to grant this certification.

Open-Sourcing And Working In An Alliance

Follow My Vote’s code is open source on GitHub. The entire voting system will be open source, including the voting, tallying, and auditing software. They welcome contributions from all who wish to further the goal of building a secure, open source, end-to-end verifiable online voting system and seeing this system implemented in elections around the world. Anyone wishing to help out with development should visit followmyvote.com/code-contributors.