Secure Elections - Ben Adida
How Secure Is Your Vote? Inside the Mission of VotingWorks and the Future of Election Security
By Ron Gula
When it comes to the integrity of democratic elections, few topics generate as much concern and confusion as cybersecurity. Between widespread misinformation, genuine technical complexity, and the rising threat of disinformation campaigns, understanding how votes are cast, counted, and safeguarded has never been more important.
That's why I sat down again with Ben Adida, the founder of VotingWorks, a nonprofit that builds open-source voting technology. Ben isn’t just talking about election security—he’s building it. From paper ballots and secure scanners to post-election audits and digital transparency, VotingWorks is on a mission to raise the standard for how elections are conducted in the United States.
In this 2000-word deep dive, we unpack the nuts and bolts of how elections are secured, what threats are real (and which ones are overblown), and how citizens and cybersecurity professionals alike can play a role in protecting democracy.
The Genesis of VotingWorks
Ben's journey into election security began with a fascination with cryptography. That passion eventually converged with a love of civic infrastructure, leading to the creation of VotingWorks: a nonprofit vendor that designs and builds election equipment with security and transparency at its core.
Much like Mozilla and Firefox, VotingWorks operates under the open-source philosophy. Their goal isn't to dominate the market—it's to set the bar for how modern, secure, and verifiable voting systems should function. They build everything: ballot printers, scanners, accessible voting machines, and secure software. Everything is open source and audit-friendly.
Old Systems, New Problems
Many U.S. jurisdictions still use voting machines from the early 1990s. Some states, like New Hampshire, are only now beginning to modernize. In fact, VotingWorks is the first new vendor in 30 years to be certified in that state.
Voting equipment in New Hampshire this fall will either be a 30-year-old system or VotingWorks—no in-between. It’s a huge opportunity to rethink how we manage elections.
Vote by Mail: Trust, But Verify
Vote-by-mail is one of the most discussed (and misunderstood) elements of modern elections. The most common security concern? Signature verification.
When you register to vote, your signature is stored on file. When you return a mail-in ballot, your signature on the envelope is matched against that record—by a human. Every signature is checked, not just a sample. In many states, if there’s a mismatch, the voter is contacted and given a chance to “cure” the issue.
Ballot harvesting—the collection and submission of completed ballots by a third party—is legal in some states and illegal in others. The line between helping voters and manipulating them is a nuanced policy decision, not a cybersecurity flaw.
Could someone fabricate thousands of voters? It would be nearly impossible. Ballots are only sent to registered voters, and the registration process includes identity verification. Fake ballots or envelopes would likely be flagged due to ballot style mismatches or signature errors. And the penalties for voter fraud are severe.
Still, as Ben noted, improving coordination between states is critical. Programs like ERIC (Electronic Registration Information Center) help states identify voters registered in multiple jurisdictions. Unfortunately, some states have pulled out of ERIC due to political controversy, potentially undermining this important safeguard.
In-Person Voting: IDs, Ballots, and Accessibility
Voter ID laws spark their own set of debates. While some argue they bolster confidence, others worry about disenfranchising low-income or elderly voters without easy access to state IDs. The reality? States vary widely, and despite these differences, instances of in-person voter fraud remain rare.
Modern voting includes both traditional bubble-fill paper ballots and touchscreen-based ballot marking devices. Even touchscreen systems print a paper ballot, which serves as the voter-verifiable record. Fully electronic, paperless voting is almost gone—a relic of early 2000s convenience that introduced significant security concerns.
Counting the Votes: Evidence and Audits
Counting votes securely is not just about accuracy—it’s about transparency. Precinct scanners from VotingWorks immediately validate ballots and print results once polls close. These results are posted publicly, creating an auditable chain of evidence.
For mail-in ballots, scanning often starts before Election Day to reduce delays. But the real security layer comes afterward: the Risk-Limiting Audit (RLA).
RLAs are statistical methods used to verify election outcomes. The tighter the margin, the more ballots are reviewed. If the margin is wide (e.g., 60/40), only a small sample is needed to confirm the outcome. If it’s close (e.g., 51/49), more ballots are audited. If discrepancies arise, the process escalates to a full hand count.
VotingWorks helped conduct a full statewide RLA in Georgia after the 2020 presidential election. It was technically an audit, but due to the tight margin and audit algorithm used, every single ballot was reviewed.
What About Hacking the Machines?
Could a nation-state like China insert code to flip 0.5% of votes in a few key precincts?
Technically possible, but practically very hard. Ballots are printed and counted independently. The software is open source. Outputs are digitally signed using keys stored in secure hardware (TPMs).
Even if such tampering occurred, the RLA would likely detect it—especially in close races where more ballots are reviewed. That’s the beauty of statistical sampling: you don’t need to catch every instance, just enough to raise red flags.
The Human Element
Elections are run by everyday people: retirees, local officials, and volunteers. They sign up expecting to run quiet, civic-minded operations—not to become the targets of political vitriol. Yet despite these challenges, election administrators around the country remain committed to one thing: making sure every vote counts.
Cybersecurity professionals can help too. From volunteering as poll workers to helping local election offices with IT best practices, the door is open. Just don’t expect to walk in and start poking around—you need to build trust first.
Beyond Ballots: Disinformation, AIs, and Deepfakes
The biggest threats to election confidence may not come from voting machines but from the internet.
AI-generated deepfakes, fake polling location announcements, and robocalls impersonating political figures are already here. We saw this in the Biden robocall incident using voice cloning.
These aren’t technological vulnerabilities in the voting process—they’re psychological operations meant to sow confusion and discourage turnout.
Ben emphasized the importance of official communication. Counties are securing .gov domains, and platforms like Google and Facebook are helping elevate verified sources. But there’s more work to do.
Why You Can’t Vote on Your Phone
People ask: “If I can bank from my phone, why can’t I vote from it?”
It’s a fair question with a complicated answer.
Voting requires secrecy and verifiability. With banking, there’s a third party (your bank) to verify your transactions. With voting, the process must be anonymous and independently verifiable—without any external validation. The only secure way to do that today? Paper.
Experiments in online voting exist, but they haven’t stood up to serious threat models. And in critical edge cases like overseas military voting, we still don’t have a great solution.
Transparency, Open Source, and What’s Next for VotingWorks
VotingWorks posts all its code on GitHub. The organization embraces contributions and community discussions.
Hardware is more complicated, but plans are underway to open source CAD files and specifications. The goal: let anyone replicate their systems worldwide, from school elections to emerging democracies.
Looking ahead, 2025 and 2026 will be pivotal years. Many states are due for equipment upgrades, and a new federal standard (VVSG 2.0) will usher in a wave of modernization.
VotingWorks is positioning itself as the transparent, secure, and open alternative for election offices ready to move forward.
Final Thoughts: How You Can Help
Elections are critical infrastructure. Just like water, electricity, and internet access, voting systems must be robust, auditable, and trustworthy.
If you’re a cybersecurity professional, consider volunteering as a poll worker or helping your local county office. If you’re a voter, make sure you’re registered and stay informed through official sources.
And if you’re passionate about democracy, support organizations like VotingWorks. They’re proving that elections can be secure, verifiable, and open to all—without compromising the values that make voting such a powerful act.
Thanks again to Ben Adida for sharing his insights. For more content like this, subscribe to the Gula Tech Adventures channel and connect with us on LinkedIn. And most importantly: register, vote, and protect your democracy.