Developing an Open-Source, End-to-End Verifiable Mobile Voting Solution

Tusk Philanthropies has awarded grant funding to Assembly Voting and the Open Source Election Technology (OSET) Institute to support the development of an open-source, end-to-end verifiable mobile voting solution for digital absentee voting. The enabling technology will provide a verifiable, accessible voting option for U.S. voters facing inherent barriers to traditional voting, including voters with disabilities, military and overseas voters, voters in emergencies, and voters on Tribal lands.

FAQ

Background

Tusk Philanthropies launched the campaign for Mobile Voting in late 2017 to add a mobile voting option in U.S. elections and increase voter turnout by making voting more convenient and accessible. Since 2018, the campaign has completed 20 pilots in seven states – Colorado, Oregon, South Carolina, Utah, Virginia, Washington, and West Virginia – for a mixture of UOCAVA voters and voters with disabilities. Through these pilots, Tusk Philanthropies discovered the need for a new effort to bring together experts and fund the research and development of a digital absentee ballot system using established federal guidelines and national security best practices. This is not a commercial endeavor and Tusk Philanthropies has no financial interest in the success of mobile voting or this technology.

Our Guiding Principles

This is a digital version of paper absentee voting.

The mobile voting solution is designed as a digital version of paper absentee voting and will replicate all existing absentee voting requirements, including signature and any other identification or witness requirements.  

  • Instead of receiving a ballot by mail, eligible voters can receive, mark, and cast their ballot via their mobile devices. Voters will then have the option to return their ballot via traditional postal return or digital return. 
     
  • The voter's ballot will remain sealed in a digital envelope in the digital ballot box until the voter's signature affidavit is verified by the local election official, following the same procedures used with other paper absentee ballots.
     
  • Digital ballots will then be unsealed and printed onto scannable paper ballots and tabulated with all other paper absentee ballots.

The system must be usable and accessible.

This system has immediate benefits for voters who face barriers to traditional voting options, including disabled voters, military and overseas voters, voters on Tribal lands, hospitalized voters, and voters in emergencies and/or emergency settings.

 
That is why we are working with disability advocates such as the National Federation of the Blind to test the system and ensure it will be fully accessible for all voters, regardless of ability.

The system will be end-to-end verifiable and adheres to recommendations from the U.S. Vote Foundation.

The digital absentee ballot system will utilize End-to-End Verification to provide voters with tools to verify their votes are recorded correctly and received as cast.

  • With end-to-end verification, the voter doesn't need to blindly trust the system is working correctly.
     
  • The voter can verify their votes are recorded and sealed correctly before they cast their ballot to the digital ballot box.
     
  • And after they cast it, they can verify it was received correctly.

In digital remote voting, a voter will record choices on a digital ballot using their mobile device.

  • The choices are sealed using encryption methods and work as a double envelope in traditional absentee voting.
     
  • When the voter casts their digital ballot, the ballot is transmitted and stored inside the sealed double envelope until the election official is ready to unseal, print, and scan the ballot for tabulation.
  • This prevents anyone from being able to see the voter's ballot or change how they voted.
  • It also helps ensure only valid votes are cast into the digital ballot box.

For more on how end-to-end verification works, check out this explainer.

The system will use open-source components wherever possible and any proprietary technology used will be available for review by independent parties on request.

Following the recommendations set forth by the U.S. Vote Foundation, much of the underlying technology will be open-source so security experts and other technologists can scrutinize the source code to verify performance assertions and identify potential threats.


Additionally, updates will be provided throughout this system’s development process to ensure transparency.

The system will adhere to relevant existing and emerging standards.


As to ensure this technology meets the best possible set of cybersecurity standards, the system under development will follow the recommendations set forth by industry leaders and experts. Those existing standards include relevant parts of the updated Voluntary Voting System Guidelines released by the Election Assistance Commission, the NIST Cybersecurity Framework, and the Open Web Application Security Project's Software Assurance Maturity Model and the Mobile Application Security Verification Standard, among others.

 
We further encourage the development of standards for Remote Accessible Absentee Voting.

Cybersecurity Strategy

Assembly Voting will develop the end-to-end verifiable voting solution and OSET the accessible ballot marking application. The mobile voting solution is designed as a digital version of paper absentee voting and will fully comply with all existing absentee voting requirements.

Mother holding child
Man sitting down using phone on sidewalk
Design Artifacts

For Press & Other Inquiries:
info@mobilevoting.org

Public trust in US elections is based largely on the processes and technologies that safeguard them. From the inception of the technology development project, cybersecurity has been at the forefront of the endeavor. Our team has partnered with cybersecurity experts, election officials, and academia to build a resilient and verifiable digital absentee voting system.

What is the cybersecurity strategy?

Cybersecurity has been built into both the design and development processes with strict adherence to industry best practices. The cyber strategy for this technology development project consists of the following processes:


  • Threat Modeling: The process of iteratively identifying cybersecurity threats to systems/architecture and communicating threat mitigation techniques to the development team.
  • System/Application Hardening: Implementing cybersecurity best practices and security recommendations to mitigate or minimize risks to system hardware and software.
  • Penetration Testing/Vulnerability Assessment: Identifying system vulnerabilities through the support of security researchers and ethical hackers attempting to breach the systems with learnings used to further strengthen the system.
  • Deployment Baselining: Ensuring that systems and software sent to election jurisdictions are up to date with the latest security updates.
  • Secure Code Review: Ongoing review of source code to identify vulnerabilities with the potential to be exploited at the execution level often abstracted to the average user.
  • Patching Support: Continually assessing and providing updates to the system.

What don't our grantees do?

Our grantees realize that cybersecurity is an ongoing process that requires persistent vigilance, and that many facets of the election process fall outside of the scope of the project. Ballot adjudication, the overall health of the network environment, internal state/jurisdictional processes, and external cybersecurity tools (firewalls, IPS/IDS, endpoint security tools, etc.) all fall outside of our direct control. To address this, the grantees will work with technical implementation partners and provide security recommendations based on industry best practices to future adopters.


As the voting process has evolved to become more technically linked, states have already been tasked with providing shielded networks, voting infrastructure, and support systems. For this reason, our grantees believe digital absentee voting can be implemented following existing security practices, with minimal change to existing and familiar processes already enacted nationwide.

What does the future hold for cybersecurity on the project?

Our team has and will continue to adhere to our publicly available cybersecurity strategy to mitigate or reduce the risks to this digital absentee voting platform.  This is the first step. Even more importantly is our understanding that a successful digital absentee voting platform cannot be successfully developed by researchers alone. Elections are a sensitive public process that require the utmost trust from voters. The best way to alleviate fears while gaining the trust of the public is to have the public participate in the cybersecurity process. Our grantees will continue to assess the security of the digital absentee voting platform with input from subject matter experts in the fields of cybersecurity, the election community, and the greater public.

laptop closing
phone in hand
BackgroundPrinciplesCybersecurity StrategyBack To Top ^

To ensure that the technology and its components meet appropriate cybersecurity standards, the grantees are working towards current recommendations from the U.S. Vote Foundation and will continually review against new emerging standards. The group is working to develop security, accessibility, and election administration standards to successfully implement digital absentee voting in U.S. elections.

U.S. Army Soldier
Assembly Voting logo
OSET Institute Logo
Stay Informed
Mobile Voting Logo
mobile voting logo