NCC Logo

National Cybersecurity Center Audit Summary

Jackson County, Oregon Special Election – November 5, 2019[1]

  • Total registered voters – 152,518
  • Ballots cast – 46,425
  • Voter turnout total – 30.44%
  • Total ballots via Voatz app that were audited – 27

Overview of the audit

The purpose this effort was to enable public citizens to conduct an independent, third-party audit of the Voatz application with a web-based blockchain viewer tool developed by Voatz. With this tool, auditors were able to view and verify the security of the Voatz mobile voting technology by comparing the anonymized voter-verified receipt, the tabulated paper ballot image and the blockchain transaction. This audit hosted volunteers from diverse backgrounds that were willing to use their expertise and knowledge to verify the election and offer feedback for this technology used in the Jackson County Special Elections.

 

The audit showed that there were no problems with the election and that all comments related to the audit were on the tool itself or the information provided. This audit was another step in the eventual goal of being able to conduct an end-to-end verified election which can be routinely and quickly audited by independent organizations.

Audit standards

The NCC advises the following standards as best practices for utilizing such an auditing tool.

  • Provide a web-based blockchain viewer (and optionally additional tools) to enable independent tallying and end-to-end auditing of submitted UOCAVA ballots
  • Enable one of two community viewing options:
    • Fully public (anyone with an internet connected web browser may access)
    • Partially public to select individuals (whitelist IP addresses for people to view)
  • Ensure that the blockchain will anonymize or remove any personal identifying information (P.I.I.) about the voter. Note: It is an established best practice not to store any voter information on the
  • Set up a public election observer framework and governance infrastructure for this blockchain network:
    • Establish vetting standards and security protocols for entities and individuals who may be eligible to become independent
    • Establish a governance mechanism for this to be managed independently by a reputable, non-partisan third
    • (optional) Provide access to signed binary builds for the approved entities to run independent

 

Lessons Learned

Five auditors registered to audit the election using the web-based tool.

The following emails represent the auditors who participated:

Margaret.Gullixson@cyber-center.org

Forrest.Senti@cyber-center.org

Oaloma2017@student.hult.edu

tylerde@tuta.io

Stefan.j.deutsch@gmail.com

The feedback provided was anonymized and is outlined below.

It should be noted that there was no feedback submitted that addressed the integrity of the election, or addressed any errors in the submitted ballots or tabulation data.

 

Substantive Feedback

  • NONE

Procedural

  • NONE

Recommendations and Next Steps

We can conclude that the Jackson County public audit was a success. Of the five auditors we did not receive a report that would give us the conclusion that there was any tampering with the results that were audited.

Our recommendations for the tool and Jackson County moving forward are:

  • All auditors’ comments that have not been addressed in this report are addressed by Voatz before the next audit
  • Address the educational materials sent to all auditors
  • Add a feature that not only tracks which ballots have been audited but also include a submit button
  • Provide additional information and resources for auditors to discuss results
  • Provide additional information on how the blockchain viewer pulls the voter-verified receipt, the tabulated ballot and the blockchain
  • An independent node for a third party to review
  • Larger date window for registration

National Cybersecurity Center

The National Cybersecurity Center exists to help secure the world using knowledge, connections and resources to solve global cybersecurity challenges and develop a protected cyber ecosystem. An independent and non-profit think tank based in Colorado Springs, Colorado, the NCC provides cybersecurity leadership, services, training and a cybersecurity community for public officials, business executives and the workforce. Discover the NCC at www.cyber-center.org.

Tusk Philanthropies

Tusk Philanthropies was created by Bradley Tusk, Founder and CEO of Tusk Holdings & Tusk Ventures, for the purpose of working on reducing hunger throughout the United States by providing greater access to programs like school breakfast and to dramatically increase voter turnout and participation in U.S. elections through mobile voting, beginning with qualified military service members. Mobile voting is a non-partisan initiative designed to not favor any one candidate or party but to expand voting options to increase participation in our electoral process. None of the Tusk entities has a financial interest in Voatz or any other voting technology company. 

 

Voatz

Voatz is an award-winning mobile elections platform backed by military-grade security and cutting-edge technology (including biometrics and a blockchain-based infrastructure). Voatz enables voting via compatible smartphones and tablets to increase accessibility and security in elections. Since 2016, Voatz has run 36 elections with towns, cities, states, both major state political parties, colleges and universities, and unions. Most recently, Voatz ran the first mobile blockchain vote in US Federal Election history in partnership with the State of West Virginia to empower deployed military personnel and overseas citizens to vote in the 2018 Primary Elections (2 counties) and the 2018 Midterm Elections (24 counties). Learn more at https://voatz.com

 

[1] http://jacksoncountyor.org/clerk/Elections/Election-Archives