Voter.Care logo
Voter.Care
In Development — Phase 3
Votercare Max

Gold Standard.
Uncompromising.

Maximum-assurance digital voting for political parties, trade unions, and national ballots. Anonymous credentials, threshold trustee decryption, coercion resistance, and full UK Code of Practice compliance.

Votercare Max
What is Votercare Max?

More trustworthy than paper — provably

Votercare Max is designed against a documented threat model covering 17 adversary classes — from ineligible individuals to nation-state-capable quantum adversaries. Every control traces to a published design decision, so independent reviewers can check coverage rather than trust claims.

The system's central claim is that it is more secure and more cost-effective than the UK's current voting infrastructure (predominantly in-person paper and postal voting) — not that it achieves theoretical perfection. Paper voting is retained as a mandatory parallel channel precisely because the broader caution about internet voting is taken seriously.

Before any real votes go through Votercare Max, an independent third-party cryptographic and security audit is a non-negotiable prerequisite — not an optional extra.

Full feature set

Every control listed here is documented with its threat-model rationale, not just asserted.

Anonymous credential + nullifier scheme

Based on the Semaphore protocol. The system detects duplicate votes without ever holding a database linking identity to voting activity.

In-person identity proofing (IAL3-equivalent)

A trained human operator verifies identity in person or via supervised remote session — a one-time cost per voter, amortised across all future elections.

Maker-checker credential issuance

No single operator can issue a credential unilaterally. Every issuance requires a second, independent reviewer — eliminating the single-corrupt-operator threat.

Threshold (k-of-n) trustee decryption

Based on ElectionGuard. The private decryption key is never held by any single party — it requires a quorum of independent trustees to act jointly.

Revoting + coercion resistance

Voters may cast multiple times during the advance period; only the last vote counts. A coercer can never be certain a supervised vote stayed final.

Paper ballot override

An in-person paper vote always overrides any digital vote from that voter — full fallback for coercion scenarios and system-wide resilience.

Split-device verification

Vote verification happens on a device with an independent compromise path from the voting device. Match/no-match only — no vote content shown.

Population reconciliation

Aggregate credential counts are checked against the known eligible population at national, constituency, and per-operator granularity — catching bulk fraud statistically.

UK Code of Practice compliant

Designed against the 2026 statutory Code of Practice on Electronic and Workplace Balloting. The credential model exceeds the Code's literal personal-email/SMS requirement by design.

A rigorous trust model

Security properties that can be verified, not just claimed.

No single point of trust

Power is deliberately split across voters, operators, trustees, and auditors. No single party can compromise integrity alone.

Statistical deterrence

Where absolute guarantees are cryptographically impossible (Benaloh challenge, revoting), the system provides well-designed statistical deterrents with a high, unpredictable detection probability.

Defence in depth

Multiple independent controls address the same threat — device malware, credential fraud, trustee collusion — rather than relying on any single mechanism.

Documented threat model

A full adversary table (A1–A17) is published alongside the design, so every assumed attacker and every mitigation can be independently reviewed.

Target markets

Who Votercare Max is built for

🏛️

Political parties

Leadership elections, policy ballots, and internal governance for new and established political parties.

⚒️

Trade unions

Industrial action ballots, leadership elections, and political fund ballots under the 2026 UK Code of Practice on Electronic and Workplace Balloting.

📋

Professional bodies

High-stakes governance elections for medical, legal, engineering and other regulated professional membership organisations.

UK Regulatory context

2026 Trade Union Electronic Balloting Reform

The Employment Rights Act 2025 and the Trade Unions (Permissible Means of Voting) Order 2026 authorise electronic balloting for trade unions for the first time, with a draft Code of Practice expected in force August 2026. The Code requires the "responsible person" to actively assess the security of the proposed voting method. Votercare Max is designed to make that assessment straightforward — every security control is documented, sourced, and independently verifiable.

Technology

Built on established prior art

ZK Proofs & Credentials
Semaphore protocol (PSE)
Key management
Shamir's Secret Sharing (k-of-n trustees)
Coercion resistance
Revoting (last-vote-wins) + paper override
Codebase
Open source, reproducible builds

No novel cryptographic primitives are invented. The design reuses established, peer-reviewed protocols — Semaphore, ElectionGuard, Shamir's Secret Sharing — rather than designing new schemes from scratch.

Interested in Votercare Max?

We're seeking pilot partners — political parties, trade unions, and professional bodies interested in a rigorously documented, independently auditable voting system.

Register your interest