Scantegrity II Municipal Election at Takoma Park: The First E2E Binding Governmental Election with Ballot Privacy

On November 3, 2009, voters in Takoma Park, Maryland, cast ballots for the mayor and city council members using the Scantegrity II voting system--the first time any end-to-end (E2E) voting system with ballot privacy has been used in a binding governmental election. This case study describes the various efforts that went into the election--including the improved design and implementation of the voting system, streamlined procedures, agreements with the city, and assessments of the experiences of voters and poll workers. The election, with 1728 voters from six wards, involved paper ballots with invisible-ink confirmation codes, instant-runoff voting with write-ins, early and absentee (mail-in) voting, dual-language ballots, provisional ballots, privacy sleeves, any-which-way scanning with parallel conventional desktop scanners, end-to-end verifiability based on optional web-based voter verification of votes cast, a full hand recount, thresholded authorities, three independent outside auditors, fully-disclosed software, and exit surveys for voters and pollworkers. Despite some glitches, the use of Scantegrity II was a success, demonstrating that E2E cryptographic voting systems can be effectively used and accepted by the general public.

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[3]  C. Andrew Ne,et al.  Practical high certainty intent verification for encrypted votes , 2004 .

[4]  David Chaum,et al.  Secret-ballot receipts: True voter-verifiable elections , 2004, IEEE Security & Privacy Magazine.

[5]  David Chaum,et al.  A Practical Voter-Verifiable Election Scheme , 2005, ESORICS.

[6]  Ben Adida,et al.  Advances in cryptographic voting systems , 2006 .

[7]  Josh Benaloh,et al.  Simple Verifiable Elections , 2006, EVT.

[8]  Alan T. Sherman,et al.  Punchscan: Introduction and System Definition of a High-Integrity Election System , 2006 .

[9]  Jeremy Clark,et al.  Punchscan in Practice: An E2E Election Case Study , 2007 .

[10]  J. Clark,et al.  Secure and Observable Auditing of Electronic Voting Systems using Stock Indices , 2007, 2007 Canadian Conference on Electrical and Computer Engineering.

[11]  Stefan Popoveniuc,et al.  Undervote and Pattern Voting : Vulnerability and a mitigation technique , 2007 .

[12]  Miroslaw Kutylowski,et al.  Verifiable Internet Voting Solving Secure Platform Problem , 2007, IWSEC.

[13]  Ukraine PRE-TERM,et al.  Office for Democratic Institutions and Human Rights , 2007 .

[14]  Dan S. Wallach,et al.  VoteBox: A Tamper-evident, Verifiable Electronic Voting System , 2008, USENIX Security Symposium.

[15]  Jeremy Clark,et al.  Scantegrity: End-to-End Voter-Verifiable Optical- Scan Voting , 2008, IEEE Security & Privacy.

[16]  Jeremy Clark,et al.  Scantegrity II: End-to-End Verifiability for Optical Scan Election Systems using Invisible Ink Confirmation Codes , 2008, EVT.

[17]  van Hca Henk Tilborg,et al.  Description and analysis of the RIES internet voting system , 2008 .

[18]  Stefan Popoveniuc,et al.  A framework for secure electronic voting , 2008 .

[19]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[20]  Alan T. Sherman,et al.  TPM Meets DRE: Reducing the Trust Base for Electronic Voting Using Trusted Platform Modules , 2009, IEEE Transactions on Information Forensics and Security.

[21]  Jeremy Clark,et al.  Scantegrity II: end-to-end verifiability by voters of optical scan elections through confirmation codes , 2009, IEEE Trans. Inf. Forensics Secur..

[22]  Jean-Jacques Quisquater,et al.  Electing a University President Using Open-Audit Voting: Analysis of Real-World Use of Helios , 2009, EVT/WOTE.

[23]  Jeremy Clark,et al.  Scantegrity II: End-to-End Verifiability by Voters of Optical Scan Elections Through Confirmation Codes , 2009, IEEE Transactions on Information Forensics and Security.

[24]  John Kelsey,et al.  Performance Requirements for End-to-End Verifiable Elections , 2010, EVT/WOTE.

[25]  Stefan Popoveniuc,et al.  An Introduction to PunchScan , 2010, Towards Trustworthy Elections.

[26]  Jeremy Clark,et al.  Scantegrity Mock Election at Takoma Park , 2010, Electronic Voting.