Verified Voting is pleased to see the VVSG 2.0 principles and guidelines finally moving forward. We are enthusiastic about the VVSG 2.0 structure and, with some reservations, about the content of the principles and guidelines. Full implementation of the VVSG 2.0 will, in time, help bring about voting systems that set new standards for universal usability, security, and verifiability. All these properties – backed by sound procedures – are essential to enable officials to run resilient elections, and to reassure voters that their votes have been cast as intended and counted as cast.
We urge the EAC to allow the technical requirements and test assertions to be approved and revised without a vote of the commissioners. We agree with the TGDC, the NASED executive council, and others that for several reasons, these documents are best managed by technical staff, adhering to a well-defined process with broad consultation and opportunity for public comment.
Verification and the VVSG
Verified Voting especially welcomes Principle 9, which stipulates that a voting system “is auditable and enables evidence-based elections,” and the associated guidelines. No matter how otherwise usable and reliable a voting system may be, it is unacceptably dangerous if it cannot provide trustworthy, software-independent evidence that people’s votes have been accurately recorded and counted.
A voting system alone can “enable” evidence-based elections but cannot provide them. As Philip Stark and David Wagner wrote in their seminal paper, the basic equation is that “evidence = auditability + auditing.” A voting system with a voter-verifiable audit trail, such as a voter-marked paper ballot, provides auditability. Compliance audits to ensure that the audit trail is substantially complete and accurate, and risk-limiting tabulation audits of the audit trail, provide actual evidence that outcomes are correct.