Scantegrity Mock Election at Takoma Park (summary)

A. T. Sherman, R. Carback, D. Chaum, J. Clark, A. Essex, P. S. Herrnson, T. Mayberry, S. Popoveniuc, R. L. Rivest, E. Shen, B. Sinha, P. L. Vora

NIST Workshop on End-to-End Voting Systems (2009)

PDF ← All Publications
Scantegrity Mock Election at Takoma Park (summary)

Here’s a detailed, blog-length explanation of the Scantegrity mock election research paper, tailored for an educated general audience:

The Quest for Trustworthy Elections: Lessons from Takoma Park’s Cryptographic Mock Vote

Imagine casting your ballot with confidence that your vote is counted exactly as you intended, and that anyone can independently verify the final tally is accurate. This is the promise of Scantegrity II, a pioneering cryptographic voting system, and its real-world test in Takoma Park, Maryland, offers critical insights into how we can make elections more secure and transparent.

The Problem: Broken Trust in Voting Systems

For decades, elections have relied on opaque processes that leave room for doubt. Optical-scan systems—where voters mark paper ballots read by machines—are widely used but vulnerable to tampering, errors, or even fraud. Even when systems work as intended, voters often lack proof their vote was recorded correctly. This erodes trust, especially in close or controversial races. Scantegrity II was designed to solve this by merging familiar paper voting with cryptographic verification, creating an “end-to-end” (E2E) system where both individual votes and the final tally are auditable.

What Is Scantegrity II?

Scantegrity augments traditional optical-scan voting with two key innovations:

  1. Invisible Ink Codenumbers: Voters use special pens to mark ovals on ballots. The ink reveals a unique, randomly generated code (a “codenumber”) for each choice. Voters detach a chit with these codes to take home.
  2. Online Verification: After voting, voters can enter their codenumbers on a public website to confirm their vote was recorded correctly. Crucially, the chit doesn’t reveal who they voted for—only that the system logged their choice.

The system is also “universally verifiable”: anyone can download the encrypted vote data and use open-source software to confirm the tally matches the official results. This dual layer of verification—individual and public—addresses both personal accountability and systemic integrity.

The Takoma Park Mock Election: A Real-World Test

In April 2009, researchers ran a mock election with 95 volunteers at Takoma Park’s Community Center. The goal? Stress-test Scantegrity II ahead of the city’s first binding municipal election using the system (slated for November 2009). Voters cast ballots on a “tree-themed” mock ballot (e.g., “Should the city plant more oak trees?”), mimicking real voting procedures but avoiding confusion with official races.

Key Findings: Promise and Pitfalls

The mock election revealed both strengths and areas for improvement:

  • Voter Experience: While most voters completed the process, it took an average of 8 minutes—too slow for a real election. The biggest pain points? Overwhelming instructions (delivered in one long chunk) and a finicky scanner that caused delays.
  • Poll Worker Feedback: Experienced poll workers noted the process felt disjointed. They disliked having a Scantegrity team member handle ballots during scanning and felt they lacked control over voter flow. The “locked clipboard” (designed to prevent “chain voting,” where voters collude) added unnecessary complexity.
  • Verification Uptake: 31% of voters checked their votes online, proving the feature was usable. However, many focused on the physical process (marking ballots, scanning) rather than security, suggesting usability must trump technical jargon.
  • Security vs. Simplicity: Enthusiastic voters appreciated the security, but most prioritized speed and familiarity. The team realized instructions needed streamlining—especially for optional steps like verification.

Why This Matters for Democracy

Scantegrity II represents a breakthrough: it’s the first E2E system deployed in a real U.S. election. Its hybrid design (paper + cryptography) balances innovation with familiarity, making it easier to adopt than fully digital systems. The Takoma Park test proved the concept works—but also highlighted that human factors (not just tech) determine success. Slow scanners, confusing instructions, and workflow bottlenecks could deter voters or breed frustration.

The Road Ahead: Fixing the Flaws

The team’s recommendations were clear:

  • Simplify Instructions: Break them into bite-sized steps, especially for optional features like verification.
  • Speed Up Scanning: Use multiple scanners and improve hardware reliability.
  • Reduce Complexity: Ditch the locked clipboard and redundant steps.
  • Accessibility: Address gaps for disabled voters (e.g., the blind), a critical equity issue.

By 2010, a follow-up test (“Mock2”) would compare Scantegrity to commercial systems using realistic ballots. The lessons from Takoma Park laid the groundwork for refining the system—and for reimagining how we trust elections.

The Bigger Picture: Toward Verifiable Democracy

Scantegrity II isn’t just about technology; it’s about restoring faith in the vote. In an era of misinformation and polarization, transparent, auditable elections are non-negotiable. The Takoma Park mock election showed that cryptographic voting can work—if we design it with people, not just protocols, in mind. As the paper notes, “Only through a binding election can one adequately measure the impact of Scantegrity on poll workers.” The November 2009 election would be that test. For democracy to thrive, we need systems where every vote counts—and every citizen can count on it.

This explanation distills the paper’s core contributions: a problem (unverifiable elections), a solution (Scantegrity II), real-world testing, and actionable lessons. It emphasizes why the research matters (trust in democracy) while avoiding excessive jargon, making it accessible to a broad audience.