Security & Compliance
This section covers the technical and legal aspects of how Electobox protects election integrity and voter privacy.
In this section
- Anonymisation — How voter identity is permanently separated from ballots
- Key management — How trustee keys are generated, stored, and used
- Mathematical proofs — The cryptographic guarantees underpinning the system
- Audit — How elections can be independently verified
- GDPR — Data protection and privacy compliance
Core principles
Privacy by design — Voter choices are encrypted before transmission and anonymized before decryption. No configuration change or administrative action can expose how an individual voted.
No single point of trust — Results require the combined participation of all trustees. Neither Electobox nor any individual administrator or trustee can access results alone.
Verifiability — The cryptographic record of an election can be independently audited. Anyone with the anonymized ballot export and the published results can verify the tally without learning anything about individual voters.
Irreversibility — Anonymization is a one-way operation. Once the link between a voter and their ballot is severed, it cannot be reconstructed — not by Electobox, not by administrators, not by trustees.