Q: Are voting machines like Dominion safe?
A: Dominion machines and almost all other voting machines in use in the United States are certified by the EAC (Election Assistance Commission), a bi-partisan government agency created by the Help America Vote Act of 2002. The EAC rigorously and extensively tests voting hardware and software for flaws and vulnerabilities through highly accredited test laboratories, which is why 48 of 50 states require federal certification of their voting machines. The issue with voting machines is the perception that tampering is possible. Remember showing your work in math class in high school? When any calculation was involved, you had to write down enough of what you did to let someone familiar with the course reproduce your outcome using your work. If you could not show an end-to-end representation of your work, a correct answer was still marked wrong because you could not defend it.
The EAC is addressing this by requiring the next generation of electronic voting systems to operate on open-source/publically available code providing fully transparent, end-to-end data integrity and security in a direct reporting electronic voting system. The Redo Voting system is the very first functional, fully scalable E2E DRE voting system in existence.
Q: How do I scan a QR Code?
A: You simply open the camera on your phone just like you’re taking a picture and point the phone camera at the QR Code. The camera app will then present a button to follow the link to a web browser page. It does not matter which web browser your phone uses.
Q: How secure is a QR code? Can a QR code be hacked?
A: Hacking a QR code would mean that the action triggered when it was scanned would have been modified through manipulation. This is not possible because it is the arrangement of the small square modules by which the data is encoded that determines this action. To change this action, one would have to change the arrangement of the modules after it was printed out.
It is possible to replace a QR code with another or to create a QR code that will redirect to malicious content, but because the individual user of the Redo Voting ballot card will be the only person to ever see the QR codes, hacking this ballot card would require the active cooperation of the voter. Even then, the only vote that could be “hacked” would be their own.
Q: How do I get a Ballot?
A: You visit any location that your local election officials have allowed to carry Ballots. This might include polling places, government buildings like court houses or the Department of Motor Vehicles etc.
Q: Isn’t 512-bit encryption easy to hack? I read that it can be hacked in a matter of hours.
A: There are several types of 512-bit encryption, some of which are vulnerable to hacking attacks. Redo Voting uses the most current secure hash technology available from the SHA family of cryptographic secure hash algorithms, compatible with a 512-bit variant. The hash algorithms are one-way, based on a non-linear function, and specifically designed to prevent decryption. The only possible method for cracking a SHA family bit encryption is to assume that the hash content is a password, recover a database of online passwords belonging to a specific voter, and compare the hash to that list.
Because there are no passwords used in the Redo Voting system, the encryption cannot be hacked by any means known to man.
Q: Un-hackable? How can you say your system is un-hackable? EVERYTHING IS HACKABLE!
A: That is true. Given enough computing power and time, theoretically, everything is hackable.
The un-hackable claim rests on two important aspects.
First, the use of QR codes for access. It is, of course, possible to spoof/replace a QR code with another or to create a QR code that will redirect to malicious content. However, because our secure ballots are distribution-controlled from the printer to your hands, the QR codes under the scratch materials have NEVER been seen before they are used by YOU. Trying to spoof a QR code that has never been seen would be akin to trying to accurately guess the exact weight of a rock on the first try when the size range is somewhere between a grain of sand and the sun.
Secondly, each individual QR code contains a unique one-way secure hash algorithm (SHA) shared only by the other three QR codes on that ballot. SHA is a mathematical algorithm that converts an input string of an arbitrary length to an output string of a fixed length. Think of it as a universally unique value that cannot be reversed like normal encryption. The individual voter’s identity is cryptographically disassociated from their ballot when registration is confirmed. After that, the system recognizes only legitimate transactions for the activated ballot itself. The ballot is verified, secure, and irreversibly anonymous.
Given enough computing power and time, theoretically, everything is hackable. To hack into even one voter transaction encrypted with one-way SHA encryption, you would need the computing power of a modern nation state and more time than the universe has been in existence.
Q: What about absentee voting? How does that work?
A: Absentee voting can be conducted electronically and in real time. An absentee vote is requested online with verified registration. The requestor creates a personalized four-digit PIN to be associated with the ballot serial number on the scratch-off ballot access card mailed to them by the state. When the requestor accesses the voter registration/registration confirmation page with the first QR code, they must enter their four-digit PIN to continue the transaction. An absentee ballot may be cast securely in real time from anywhere on earth, but only by the voter who requested it. If an astronaut takes their scratch-off ballot access card with them, they can vote securely and in real time from space.
Q: So, you are saying that elections are now going to be electronic? Some people will never accept that!
A: No, we are not saying that. We are saying that our system is fully compliant with all state and federal election legislation and can be tailored to support 100% in person voting, 100% remote voting, or any combination of the two. We are also fully capable of seamlessly complementing any election system in existence.
Q: What if the ballot card is lost or destroyed?
A: Grab another one, repeat. Unlike a lottery scratch-off card, the ballot card has no intrinsic value until the first QR code is scanned and the card is associated with a specific voter registration. The system tracks fraud attempts cryptographically so multiple cast ballots cannot be tallied. In fact, this system can provide real time fraud tracking down to the precinct level during an election, both voting precincts and police precincts.
Q: Won’t my personal information be at risk if you use a digital repository on the cloud?
A: Your personal information would never be on the cloud; only your secure vote in the digital repository which, if you recall, cannot ever be traced back to you.
Q: What if the cloud is owned and operated by a foreign company who uses it to steal information and assets?
A: Unethical use of cloud services has occurred with both foreign and domestic companies. Even though the technology itself is secure, there is the potential for malevolent behavior by cloud operators. Breaking into a secure digital repository containing votes cast under the Redo Voting system, however, would be a monumental waste of time. The results would already be public, so it would be like stealing yesterday’s newspaper. That is one of the huge advantages offered by the Redo Voting system.
Q: What about the elderly who have no access to technology?
A: You raise an important question. Although Redo Voting does provide more universal and complete voter access than any election system in existence, there are some people, like the elderly with technology access challenges, who will need additional assistance.
Another feature of Redo Voting is that the average cost per voter is about 40% lower than any other system available. This is a permanent cost-saving, because our system has no hardware replacement costs. Additionally, with 100% mathematically provable results, the costs of post-election litigation will evaporate. These permanent cost savings can be applied as a line item to the state social services budget for measures to address this gap in access.
Redo Voting is eager to partner with states to help them find effective social service based solutions.
Q: This system sounds incredible. Is there not any way to beat it?
A: Actually, there is a way. As mentioned before, Redo Voting is compatible with any voting system currently in use. If combined with a system that does not have an unbreakable, fully auditable chain of custody, however, there is the potential for someone to vote on the insecure system before voting on the Redo Voting system without being detected. For unassailably accurate, trustworthy results, use of the Redo Voting system alone is recommended.
Q: What about Russian interference? Can you stop that?
A: The Redo Voting system puts a stop to any and all direct interference in the voting process, regardless of its source. Registration is secure. Submitting a ballot is secure. Tabulation is secure and results are mathematically provable.
We cannot stop social engineering, rumors on social media, conspiracy theories, or any rhetoric external to the voting process itself. Redo Voting fully supports freedom of speech, even when we do not agree with what is being said. We do not, will not, and cannot guarantee any election outcome; only that the outcome accurately reflects the will of the legitimately voting public.
Q: I can see where secure access and encryption protect the chain of custody on election day, but what about before? Is it really an unbroken chain of custody if it can be tampered with before then?
A: Once printed, ballots are securely shipped to an in-state warehouse. From there they are distributed to government offices and retailers approved by the state as needed. If a box or packet of ballots gets lost or goes missing before arriving at the distribution POS (Point of Service), they cannot be used because they cannot be activated. Fake ballots cannot be introduced to the system because ballots are serial controlled by a scratch-off bar code. It is the scanning of that bar code at the POS that begins the chain of custody. Every state is slightly different and each has its own set of regulations governing ID check requirements, but ballot activation generally works like this:
- A voter enters the facility and requests a ballot.
- The attendant asks for identification (driver’s license or state issued ID) as if the voter was purchasing alcohol or cigarettes.
- The attendant scratches off the rectangular pad under the state seal to reveal a bar code and scans it with the same scanner used in their existing transaction infrastructure.
- The attendant scans the bar code on the back of the voter’s driver’s license or state issued ID.
- The credit/debit card terminal prompts the voter to create and enter a private four-digit PIN.
The ballot is now associated with that voter and that voter only. On election day when the voter scratches off the first QR code to complete or update their voter registration, they will have to enter their four-digit PIN to access their ballot slate with the second QR code. If they happen to lose their ballot or forget their PIN, they can just pick up another ballot by the same process as described above. A voter can register as many ballots as they like, but can only vote with one of them. No one can use any of the other ballots without the four-digit PIN, and even with the PIN, the ballot cannot be used if the associated voter has already voted.
Q: How will quantum computing affect the security of Redo Voting’s encryption?
A: Current theory says it will not. Cryptographic hashes like SHA are considered to be quantum-safe. It is important to understand that there is a distinct difference in both definition and use between a hash algorithm and an encryption key/exchange algorithm. In this case, the choice of the more secure and theoretically more resistant hash (theoretical because quantum computing does not yet have applicable set use cases to prove resistance) has been chosen as opposed to the less secure encryption key/exchange algorithm.
Quantum computing relies on qubits, which are bits held in superposition using quantum principles to complete calculations. Adding more qubits does not increase the computation speed. A quantum computer with four qubits does not factorize any faster than one with two qubits because qubits are just the “memory” of the quantum computer. The information captured or generated by a quantum system benefits from the ability of qubits to be in more than one physical state at a time (superposition), but there is information decay in capturing the state of the system and it is impossible to create an independent and identical copy of an arbitrary, unknown quantum state.
On a traditional computer, finding a collision for a 256-bit hash takes √2^256 steps. Even earlier iterations of the SHA family have 2^128 crypto-strength, which is 1.1 with 77 zeroes behind it. Quantum computers might find hash collisions in ∛2^256 operations, but even this is disputed.
Now, bear in mind that this is what it would take to break into ONE vote, which is why quantum computing should not affect Redo Voting’s security.
Q: I like the idea of a state issued ID check to activate a ballot, but how would that stop someone from just faking IDs?
A: As of March of 2021, all 50 states and the five major territories are Real ID compliant. Certain states (Georgia, Colorado, Texas, and California) also require finger or thumb print identification to procure a state issued ID. Real ID requirements for state compliance can be found here>
The process of activating a ballot requires a scan of the barcode on the back of a state issued ID. With any service agreement, Redo Voting must accept the state’s secure document standards and accept any official state ID as having been certified by that state. The state’s internal enforcement of ID issuing standards is outside of Redo Voting’s purview or control.