National Cybersecurity Center Audit Summary
Utah County General Election – November 5, 2019
- Total registered voters – 264,210
- Ballots cast – 89,292
- Voter turnout total – 33.80%
- Total ballots via Voatz app that were audited – 64
Overview of the audit
The purpose this effort was to enable public citizens to conduct an independent, third-party audit of the Voatz application with a web-based blockchain viewer tool developed by Voatz. With this tool, auditors were able to view and verify the security of the Voatz mobile voting technology by comparing the anonymized voter-verified receipt, the tabulated paper ballot image and the blockchain transaction. This audit hosted volunteers from diverse backgrounds that were willing to use their expertise and knowledge to verify the election and offer feedback for this technology used in the Utah County General Elections.
The audit showed that there were no problems with the election and that all comments related to the audit were on the tool itself or the information provided. This audit was another step in the eventual goal of being able to conduct an end-to-end verified election which can be routinely and quickly audited by independent organizations.
The NCC advises the following standards as best practices for utilizing such an auditing tool.
- Provide a web-based blockchain viewer (and optionally additional tools) to enable independent tallying and end-to-end auditing of submitted UOCAVA ballots
- Enable one of two community viewing options:
- Fully public (anyone with an internet connected web browser may access)
- Partially public to select individuals (whitelist IP addresses for people to view)
- Ensure that the blockchain will anonymize or remove any personal identifying information (P.I.I.) about the voter. Note: It is an established best practice not to store any voter information on the
- Set up a public election observer framework and governance infrastructure for this blockchain network:
- Establish vetting standards and security protocols for entities and individuals who may be eligible to become independent
- Establish a governance mechanism for this to be managed independently by a reputable, non-partisan third
- (optional) Provide access to signed binary builds for the approved entities to run independent
Three auditors registered to audit the election using the web-based tool. The only feedback submitted related to the ballots submitted was procedural or user interface related.
The following emails represent the auditors who participated:
The feedback provided was anonymized and is outlined below.
It should be noted that there was no feedback submitted that addressed the integrity of the election, or addressed any errors in the submitted ballots or tabulation data.
- The blockchain auditing process still reports the vote value of the vote for those ballots during the auditing process. While the response of the actual vote is not counted towards actual vote totals, it may be useful to find a way to communicate the unverified vote as “no vote” or “uncounted” so as not to cause any potential confusion with the auditing process.
- The CVR file did include the anonymous ID information needed to verify the votes cast on that file; however, all the anonymized IDs matched between the different ballot images.
“The audit tool offers several layers for confirming that the votes cast are counted correctly. It was a fun process of review.” – Auditor Comment
Recommendations and Next Steps
We can conclude that the Utah public audit was a success. Of the three auditors we did not receive a report that would give us the conclusion that there was any tampering with the results that were audited.
Our recommendations for the tool and Utah County moving forward are:
- All auditors’ comments that have not been addressed in this report are addressed by Voatz before the next audit
- Address the educational materials sent to all auditors
- Add a feature that not only tracks which ballots have been audited but also include a submit button
- Provide additional information and resources for auditors to discuss results
- Provide additional information on how the blockchain viewer pulls the voter-verified receipt, the tabulated ballot and the blockchain
- An independent node for a third party to review
- Larger date window for registration
National Cybersecurity Center
The National Cybersecurity Center exists to help secure the world using knowledge, connections and resources to solve global cybersecurity challenges and develop a protected cyber ecosystem. An independent and non-profit think tank based in Colorado Springs, Colorado, the NCC provides cybersecurity leadership, services, training and a cybersecurity community for public officials, business executives and the workforce. Discover the NCC at www.cyber-center.org.
Tusk Philanthropies was created by Bradley Tusk, Founder and CEO of Tusk Holdings & Tusk Ventures, for the purpose of working on reducing hunger throughout the United States by providing greater access to programs like school breakfast and to dramatically increase voter turnout and participation in U.S. elections through mobile voting, beginning with qualified military service members. Mobile voting is a non-partisan initiative designed to not favor any one candidate or party but to expand voting options to increase participation in our electoral process. None of the Tusk entities has a financial interest in Voatz or any other voting technology company.
Voatz is an award-winning mobile elections platform backed by military-grade security and cutting-edge technology (including biometrics and a blockchain-based infrastructure). Voatz enables voting via compatible smartphones and tablets to increase accessibility and security in elections. Since 2016, Voatz has run 36 elections with towns, cities, states, both major state political parties, colleges and universities, and unions. Most recently, Voatz ran the first mobile blockchain vote in US Federal Election history in partnership with the State of West Virginia to empower deployed military personnel and overseas citizens to vote in the 2018 Primary Elections (2 counties) and the 2018 Midterm Elections (24 counties). Learn more at https://voatz.com.