Gold Standard.
Uncompromising.
Maximum-assurance digital voting for political parties, trade unions, and national ballots. Anonymous credentials, threshold trustee decryption, coercion resistance, and full UK Code of Practice compliance.
More trustworthy than paper — provably
Votercare Max is designed against a documented threat model covering 17 adversary classes — from ineligible individuals to nation-state-capable quantum adversaries. Every control traces to a published design decision, so independent reviewers can check coverage rather than trust claims.
The system's central claim is that it is more secure and more cost-effective than the UK's current voting infrastructure (predominantly in-person paper and postal voting) — not that it achieves theoretical perfection. Paper voting is retained as a mandatory parallel channel precisely because the broader caution about internet voting is taken seriously.
Before any real votes go through Votercare Max, an independent third-party cryptographic and security audit is a non-negotiable prerequisite — not an optional extra.
Full feature set
Every control listed here is documented with its threat-model rationale, not just asserted.
Anonymous credential + nullifier scheme
Based on the Semaphore protocol. The system detects duplicate votes without ever holding a database linking identity to voting activity.
In-person identity proofing (IAL3-equivalent)
A trained human operator verifies identity in person or via supervised remote session — a one-time cost per voter, amortised across all future elections.
Maker-checker credential issuance
No single operator can issue a credential unilaterally. Every issuance requires a second, independent reviewer — eliminating the single-corrupt-operator threat.
Threshold (k-of-n) trustee decryption
Based on ElectionGuard. The private decryption key is never held by any single party — it requires a quorum of independent trustees to act jointly.
Revoting + coercion resistance
Voters may cast multiple times during the advance period; only the last vote counts. A coercer can never be certain a supervised vote stayed final.
Paper ballot override
An in-person paper vote always overrides any digital vote from that voter — full fallback for coercion scenarios and system-wide resilience.
Split-device verification
Vote verification happens on a device with an independent compromise path from the voting device. Match/no-match only — no vote content shown.
Population reconciliation
Aggregate credential counts are checked against the known eligible population at national, constituency, and per-operator granularity — catching bulk fraud statistically.
UK Code of Practice compliant
Designed against the 2026 statutory Code of Practice on Electronic and Workplace Balloting. The credential model exceeds the Code's literal personal-email/SMS requirement by design.
A rigorous trust model
Security properties that can be verified, not just claimed.
No single point of trust
Power is deliberately split across voters, operators, trustees, and auditors. No single party can compromise integrity alone.
Statistical deterrence
Where absolute guarantees are cryptographically impossible (Benaloh challenge, revoting), the system provides well-designed statistical deterrents with a high, unpredictable detection probability.
Defence in depth
Multiple independent controls address the same threat — device malware, credential fraud, trustee collusion — rather than relying on any single mechanism.
Documented threat model
A full adversary table (A1–A17) is published alongside the design, so every assumed attacker and every mitigation can be independently reviewed.
Who Votercare Max is built for
Political parties
Leadership elections, policy ballots, and internal governance for new and established political parties.
Trade unions
Industrial action ballots, leadership elections, and political fund ballots under the 2026 UK Code of Practice on Electronic and Workplace Balloting.
Professional bodies
High-stakes governance elections for medical, legal, engineering and other regulated professional membership organisations.
2026 Trade Union Electronic Balloting Reform
The Employment Rights Act 2025 and the Trade Unions (Permissible Means of Voting) Order 2026 authorise electronic balloting for trade unions for the first time, with a draft Code of Practice expected in force August 2026. The Code requires the "responsible person" to actively assess the security of the proposed voting method. Votercare Max is designed to make that assessment straightforward — every security control is documented, sourced, and independently verifiable.
Built on established prior art
No novel cryptographic primitives are invented. The design reuses established, peer-reviewed protocols — Semaphore, ElectionGuard, Shamir's Secret Sharing — rather than designing new schemes from scratch.
Interested in Votercare Max?
We're seeking pilot partners — political parties, trade unions, and professional bodies interested in a rigorously documented, independently auditable voting system.
Register your interest