Corporate Proposals
Companies involved in election digitization include, firstly, those specializing in the production and distribution of voting equipment, as well as the development and distribution of voting software—including for voter registration and authentication, voter notification, conducting elections, and storing information about upcoming and completed elections. Secondly, there are companies that provide election services, such as fully managing the voting process or supplying the equipment, software, and computing resources for conducting elections and preserving results. An analysis of their offerings indicates that they are primarily focused on niche and corporate segments.
Computerization of Traditional Voting
Voting Using Scanners and DRE
Ten companies specializing in the computerization of paper-ballot voting — through electronic counting via scanning and the use of DRE machines — have certified their devices and systems with the U.S. Election Assistance Commission (EAC). The EAC oversees the testing and certification program for voting equipment and software through its accredited laboratories. In total, these companies have certified 84 systems.
These companies focus on automating traditional voting processes by means of modern digital technologies. Their attention centers on maintaining voter rolls, ensuring that each voter receives the correct ballot, accurately accounting for marked ballots, performing automatic vote tabulation, tracking voting processes and voter actions, conducting audits, and storing election and audit records. However, risks such as potential bad-faith actions by election organizers, as well as vote buying and voter coercion, lie outside the scope of their attention. [c1] [c2] [c3] [c4] [c5] [c6] [c7] [c8] [c9] [c10]
Postal Voting
A separate group of companies offers systems for the computerization of vote-by-mail procedures—including ballot production, tracking, signature verification, and logistical workflows. [c11] [c12] [c13]
Online Voting
Using Special Devices
Companies have emerged offering to use personal specialized devices for online voting. [c14] [c15]
Systems Using Voters’ Own Devicesт
However, a larger number of companies have focused on conducting online votes from any user-owned device—computer, smartphone, tablet, laptop, etc.—which has proven more convenient, accessible, and natural. [c16] [c17] [c18] [c19] [c20] [c21] [c22]
The characteristics, terms, and target audiences for online voting services offered by various companies are very similar. Their listed clients include trade unions, professional associations and societies, educational institutions (including universities and K-12 schools), cooperatives, condominiums and homeowners’ associations, corporate and shareholder communities, sports and recreational clubs, any membership organizations and public associations, political parties, local governments, non-governmental and non-profit organizations, and indigenous peoples. Governments and state structures are typically not listed among the users of their voting systems.
When describing the security of their services, these companies emphasize, firstly, the reliability of software configured against failures, data loss, undetected errors, faults introduced by incorrect program operation, DDoS attacks, and data theft; secondly, the reliability of the hardware, servers, and communication systems they use; and thirdly, the reliability of personnel, their professionalism, the level of training, and the oversight of their work.
Among the capabilities provided by online voting service or software providers, the ability for the vote initiator to design the ballot, the voter’s ability to choose the ballot language, and the presence of an on-screen interface for the visually impaired in accordance with ADA and WCAG requirements are often mentioned. [c23] [c24] [c25]
None of the systems on the market that computerize the voting process prevent the possibility for election organizers or software holders to manipulate elections. None are capable of simultaneously providing the voter with the ability to verify the recording of their vote in the results while also countering vote buying and voter coercion. Many provide for proxy voting (which encourages both vote buying and coercion). None protect against voter substitution through the theft of tokens (including those carrying biometric data) or the creation of duplicate tokens.
Nevertheless, some companies providing online voting services list government structures among their consumers, though not for conducting electoral votes. [c26] [c27] [c28] [c29] Although some vendors, such as Scytl or state scientific institutes in a number of countries, are working on systems for the public sector, their implementation at the level of national elections in leading democracies faces significant obstacles. The experience of discontinuing the use of Scytl’s products in Norway and Switzerland due to potential vulnerabilities is a telling indication of the distrust in existing market systems.
The Estonian Phenomenon
A special place is occupied by the company Cybernetica, which created the digital infrastructure for electronic voting in Estonia but does not engage in disseminating its developments or providing electronic voting services elsewhere [c30] . The rights to the code operating the online voting system, named IVXV, are owned by the Estonian National Electoral Commission.
Electronic voting has been provided for by Estonian legislation since 2002, when the country began issuing plastic ID cards with chips that fully replace internal passports. These cards became the identifiers for citizens in online votes. More than half of Estonian voters participate in online voting.
Despite the scale of its implementation, the Estonian system remains a unique case, unsuitable for replication. Its architecture, based on centralized storage of personal data and the use of state ID cards, contains fundamental vulnerabilities (discovered back-doors and personal data leaks), making it unacceptable for other jurisdictions with stricter requirements for confidentiality and reliability.