Information about ...

Technical background

There are some problems with the way we actually organize elections.

Paper ballots cause long lines at the polls

In US 2012 presidential election, there was a startling correlation between waiting times in each state and the type of voting technology employed by that state. With few exceptions, if you waited in line for many hours to vote, it meant you would be voting on a paper ballot.

Analog voting sometimes is inaccurate

Election results hinged on Florida, where the margin of victory triggered a mandatory recount. Litigation in select counties started additional recounts, and this litigation ultimately reached the United States Supreme Court. The Court's contentious decision in Bush v. Gore, announced on December 12, 2000, ended the recounts, effectively awarding Florida's votes to Bush and granting him the victory. Later studies have reached conflicting opinions on who would have won the recount had it been allowed to proceed. Because the 2000 presidential election was so close in Florida, the United States government and state governments pushed for election reform to be prepared by the 2004 presidential election. A proposed solution to these problems was the installation of modern electronic voting machines. The United States Presidential Election of 2000 spurred the debate about election and voting reform, but it did not end it.

Young people disengagement

Young people grew up around technology and it is their expectation that just about everything can be completed online in some way. They expect to use their smartphones and tablets to connect to the world. They expect to interact with the rest of the world in a digital way. Given this, they can view more traditional paper ballots for elections as an archaic and outdated practice, one that they may not wish to participate in because of this perception.

Digital voting machines do not solve these problems and they create new ones

Digital Voting Machines are machines that replace the traditional ballot boxes in poll offices. Instead of introducing a paper ballot into the box, you use a computer, connected to a secure network, and select your vote. They don't solve the problem of queues. There are still a limited number of places where you can vote. They don't solve the problems of engagement of young people. You can't vote with your smartphone. They are more expensive than using paper ballots. Obviously a computer (and the underlying software) is more expensive than a glass case.

Many problems have been reported about digital voting machines

Given the commonly false assumption that they rely on secure environments and so they need less algorithmic security, there have been identified many cases of malfunctioning of these machines. Given the high number of places and different environments in that they have to operate there is no way to guarantee the security for all these machines in every single moment. There is an HBO documentary film (Hacking Democracy) where they show how they successfully compromise one of these machines. Some university researches and public audits have also reported security problems.

Electronic voting systems often can't afford at the same time anonymity and verifiability

Without vote secrecy, the election is not open and fair and so need no verifiability. But if vote is secret, how can anybody verify that your vote has been counted correctly? In the physical world people tend to trust that a ballot box is enough guaranty. It's believed that it's not easy that anybody changes the ballot box without other people seeing it. But in the digital world all happens inside a computer. If anybody changes something inside a computer, how could a normal person notice it? This problem causes a feeling of mistrust in the voter that previously could see that his vote went to a box where it could not easily be removed, but now he can't see where his vote has gone.

Electronic voting in open networks since now required confidence on trusted authorities not conniving for finding out your vote

Electronic voting in open networks is an alternative to electronic voting machines. They are different in that they don't require to be running in a fixed place under the supervision of any authority, and they don't require a secure network to connect to central servers. It means, for example, voting online from your desktop computer or smartphone. Due to algorithm limitations, most existing electronic voting systems in open networks actually rely on the confidence that some authorities will not commit fraud or conspire to find out your vote. Usually, only with 2 members of these authorities conspiring, they can find out any voter vote. In the best case, it is needed the conspiracy of many authorities, auditors, and technicians, but still it is always technically possible.

Electronic voting in open networks since now relied in the existence of some points of failure that required very strict security measures.

If these points fail all the electoral process is compromised. So, there is the need of providing confidence about the proper operation of these points. It supposes the need of expensive audit processes that anyway don't provide full guarantee that somebody from inside could not skip the control or that somebody from outside could not skip the security measures. In example, usually there is a server that collects all votes and counts. Given that votes are indistinguishable one from another (to guarantee anonymity) all calculations done by this server are unverifiable, and so if it fails it has catastrophic consequences and there is no way to reconstruct the results or verify the failure.

Voting is expensive

Even if you use an electronic voting system over Internet, if you use any already existing technology you need to provide strong security for some very vulnerable points of failure. You have to provide confidence in the honorability and correct actuation of the personnel participating in the organization, software development, and maintenance of hardware, software or keys. So you will need expensive audits and controls. In USA usually elections have a cost around $6-12 per voter. Usually online voting actually have even a higher cost per voter. Probably it's a strong reason why many organizations do not require these levels of security for intern democracy or even they simply avoid more democracy. So it's a barrel for many organizations. Think on a company with 1000 employees that wants to poll the opinion of workers once every month. It would cost them a minimum of $6.000 per month. For smaller organizations, if they want to use electronic voting, the cost of purchasing the technology would be simply unaffordable given that the costs per voter would be even higher.

The Igloovote solution

Igloovote is a mix of the advantages of traditional voting systems and online voting systems. The main advantage of traditional voting systems is that security relies in multiple points of failure. If a polling place is compromised, only the votes of that polling place are compromised. Organizing an attack against all polling places is unthinkable (despite attacking only some of them still could have enormous consequences like in Florida 2000).


The main idea behind Igloovote is making distributed elections, with a lot of points of failure needed to compromise an election. Non-surprisingly Internet is a great tool for achieving that. In fact, the use of Internet permits elections to rely on a lot more points of failure. You don't need a point of failure for every few thousand voters. You can even have a point of failure for every 10 or 20 voters. So, there isn't a central point of failure that needs special security measures.


In a similar way that in traditional election systems, every point of failure makes public at the end of the Election Day their result, and then anybody can sum the total results. It only changes the granularity of the mixture, but the concept is the same, and the anonymity is equally guaranteed. Individual votes remain anonymous and nobody has actually expressed concerns against this system. Making use of Internet for selecting voters connected to every point of failure adds extra security measures against coercing voters based on location of the voters. Internet makes easy that anyone could get access to all these results and sum them to verify the total result. There is no need of any secure channel to transmit these results. The results of every point of failure are stored by every voter that was connected to them, so information is always replicated tens of times and the loss of information does not suppose a serious threat. Information is always protected against modification with cryptographic measures.


The fact that you can have a reduced number of voters attached to every point of failure makes also possible for every voter to get a list of all voters sharing his same point of failure. In the event of suspicions that an election could be compromised, every voter could, in a reasonable way, contact with the voters of his POF and verify results. Authorities (or anyone) could make verifications based on this method, testing that there is no statistically significant difference between published results and checked results on randomly selected points of failure.

Extra security

It is accepted by the scientific community that it is possible to achieve at the same time anonymity and verifiability in insecure networks without relying on confidence in trusted authorities. The only reason why these methods have not been used before is that they require a lot of computations and messages transferred between the nodes participating in an election. These increase exponentially with the number of voters. Despite providing a superior level of security it is unthinkable to use such methods with millions of voters. But what if instead of millions of voters you only need to apply them to some tens of voters and then publish the partial results and sum? We have invented a new algorithm that achieves these goal and we have identified some already existing algorithms that could also be used within our invention. That's IglooVote patent pending technology. It's important to understand that this superior level of security can't be achieved in previous electronic voting machines or other internet electronic voting systems if they rely on central points of failure. It's computationally unfeasible. That's why they need trusted authorities to provide at the same time anonymity and verifiability. What makes possible this level of security is our patent pending invention.


The algorithm that we actually use to control every point of failure doesn't require the installation of any new software. It's enough with the capabilities of any modern internet browser, including those actually available on any smartphone or tablet. This way, you only need to use your browser to participate in an election.

Still more security

Two levels of security are used in the voting process. The first level is the one provided by default by any browser and based on TLS (Transport Layer Security), and responsible of the security of any website on internet, including banks and payment sites. The second level of security is implemented with our own algorithms making use of available script languages in browsers.

More transparency

A common complaint against electronic voting systems is the fact that it relies on software subject to trade secret. You can't know what really is doing the software and if it has a vulnerability, nobody will know it until many time after the election was completed. In contrast, we will publish the code used on any election long time before the election takes place. Anybody will be able to test the system and notify any possible vulnerability before the election takes place. The algorithm is so easy to understand that teachers could even teach it at primary schools.