I recommend that Congress pass and adopt the following Federal Guidelines for Elections.
Whereas honest, reliable, and reviewable elections are an essential part of our system of governance, and whereas the electoral process is subject to various accidental or deliberate inaccuracies, which can be (and history informs us sometimes are) sufficiently gross as to influence the result of the election, the following recommendations are offered.
The primary sources of inaccuracies include:
- Voting by unauthorized people, such as non-citizens or under-age citizens.
- More than one vote by an authorized citizen.
- Loss or corruption of a legitimate vote.
- Miscalculation of voting totals and results.
- Inability of each political candidate or party to review and recount the ballots and results.
- Sometimes mass insertion of fraudulent ballots.
- Inability to track each accepted ballot back to its submitter, to verify their eligibility to vote.
The following federal guidelines address such sources as these.
- Each and every ballot shall be individually accepted by a registered officer or agent of the government of the State receiving the ballot, be that a poll worker, a public notary, or other such identifiable registered official or agent of the government, who has sworn to faithfully execute the laws applicable to their position. Such officials or agents might include notaries public or USPS postal clerks and carriers, if so authorized, en masse or individually, to act as agents of the State receiving the ballot.
- The time and place of this acceptance shall be recorded with that ballot, along with the identify of the voter and of the accepting official or agent. There must be some reasonable grounds, in this process of acceptance, that the receiving official or agent has verified the identify of the submitter of the ballot.
- A separate, non-erasable, public, append-only (only add new data items, not modify or remove old data items) distributed ledger “audit trail” database of these acceptances shall be maintained, updated in near real-time, with sufficient anonymization to preserve individual vote privacy while enabling at least public, precinct level analysis of ballots being handled in the system, and (once tallied) of the summary vote totals by precinct. This provides one of the most robust ways available, long term, for private citizens to detect potential fraud or defects in the electoral process. Some would say that this audit trail calls for the use of “blockchain” technology, though for technical reasons, I would recommend more capable distributed ledgers such as Hedera’s hashgraph.
- Any individual or entity with reasonably sufficient Internet, computing and storage facilities may participate in the distributed ledger database recording this audit trail, without permission or pre-authorization of any sort, beyond reasonable (as in not triggering typical low level spam, hacking, and denial of service filters) access to a public IP address, so that there is no enforced single or small set of control points at which that database can become, deliberately or accidentally, corrupted by the misfeasance or malfeasance of a few.
- On the other hand, to prevent some adversary with sufficient resources from overwhelming and corrupting the audit trail, additions to the audit trail should only be permitted by sufficiently large, self-forming or officially blessed parties, which should include at least the various parties and candidates in each contest, and which audit trails should be kept forever separable by such parties, so that an audit trail variant from such a party deemed untrustworthy, or just not relevant to a particular purpose, can be ignored, whenever so desired, by those examining the audit trail data.
- The actual votes made on any particular ballot would not be part of this public “audit trail”. Only the actual, retained, paper ballot for those votes would retain that primary source for that data.
- Precinct level and above voting results, including when and where and by whom tallied, would however be part of this public audit trail.
- The identify of those voting, and when and where they submitted their ballot to an authorized official or agent, is public information, not anonymized confidential information.
- To “anonymize”, does not mean “include in the audit trail distributed ledger database, albeit encrypted somehow”, but rather “keep in a separate, secure database controlled by election officials and/or others so designated by state legislatures”, with each such record in that separate database, such as the votes on a particular ballot, given a Unique ID or similar, unique, random looking, identifier, to which the public audit trail can refer, without revealing confidential voting data of individual voting choices.
- Access to that separate secure database, with individual ballot data, may be, and must be able to be, granted to state or federal law enforcement agents, given a proper search warrant.
- Each significant step in the transmission, storage, handling and processing of each ballot, individually or in batches of identified ballots, shall be recorded in this public audit trail as well.
- Ballots shall exist on individual pieces of paper, one or a few pieces per ballot, that are, at least, easily human readable by most authorized voters, and that may also be machine readable.
- Records of both the actual paper ballots and of the public audit trail shall be available, by authorized election officials, agents, and representatives of all election contestants, with sufficient anonymization, for at least three years after an election.
- If a number of ballots sufficient to make a difference in the outcome of a particular election can no longer be tracked back to authorized voters, one vote per authorized voter, no votes by unauthorized voters, with an unbroken chain of custody as recorded in the public audit trail, then that election shall be considered “inconclusive”. Each election shall have some back up plan for how the issues or positions being considered on the ballot shall be decided, in the event that that election is inconclusive.
- Ballots in shipment or storage, individually or in batches, shall be sealed in containers or envelopes that are identified and trackable, showing at least at their origin, and again whenever reopened, when, where, and by which authorized government official or agents the sealing, and later reopening, of that envelope or container, occurred, and which ballot or ballots were in that envelope or container.
Be it also resolved to pass a Constitutional Amendment that only legal citizens of the United States may vote in the election of Federal representatives, officers, electors, or other such issues and matters as may come to vote on a Federal level.
Of course, the above, except for the detail that only citizens should be allowed to vote, is way too much detail, of technologically evolving matters, to consider including in the Constitution. The legislatures of each state retain the over-riding authority to handle such elections within their individual states. However, the House of Representatives might choose, when accepting state electors for a Presidential election, to consider the failure of a state to follow such guidelines, or anything adequately close, along with evidence of a fraudulent or defective election that might have been exposed or inhibited had such guidelines been followed, as grounds for not accepting those electors. That would be an essentially political decision that is left to the House of Representatives, as stated in the Constitution.
Thus by doing the above:
- It will be more difficult to covertly add fraudulent or defective votes, especially in large quantity.
- It will be more difficult to covertly discard legitimate votes, especially in large quantity.
- It will be practical for election officials to thoroughly audit and recount elections, including the entire chain of custody of each ballot.
- It will be easier for private citizens to examine all the precinct and above activity, without authorization or practical limitation.
- Each step of the process shall be auditable to an appropriate level of privacy, by all parties concerned, including any private citizen examining the process, handling and results of any federal election.
- The always present potential for a “failed” or “spoiled” election shall be recognized, whether by fraudulent or accidental cause, and the process for identifying and handling such understood and agreed to, prior to the election.
The level of tracking of ballots in the above described “audit trail” would have seemed impractically challenging technically,in past decades. It is now fairly routine and quite reliable in handling package shipping and delivery by various major corporations.