Vendor-controlled elections are un-auditable
Texas uses KnowInk brand poll pads. In 2020, Wisconsin cities received over $10 million from the Center for Tech and Civic Life (CTCL) — a nonprofit funded almost entirely by Facebook founder Mark Zuckerberg and his wife Priscilla Chan — to administer their elections. Dozens of states have subscribed to ERIC, the Electronic Registration Information Center, a private nonprofit that manages voter roll data on behalf of member states. In each case, a core function of democratic governance has been handed to an outside party.
Every jurisdiction that conducts electronic voting must obtain its hardware and software from private vendors. With rare exceptions confined to small pilot programs, every one of those vendors maintains that their systems are proprietary — meaning no one outside the company is permitted to examine what is happening inside them. This claim has been used repeatedly to block independent scrutiny of tabulators, poll pads, voter roll databases, and other election-critical equipment.
My recent findings in Bexar County, Texas illustrate what this means in practice. KnowInk’s ePulse platform, which manages all Poll Pad data flow, runs on Amazon Web Services commercial cloud infrastructure — not on any county or state government server. The data generated by Texas voters on Election Day resides on servers the county does not own, does not control, and cannot compel to produce records. KnowInk’s own documentation acknowledges that poll pads “may need to be left on for a time after the polls have closed to update information with the elections office.” What moves during that update process is known only to the vendor.
A small nonprofit vendor called VotingWorks has built its system around a different model: air-gapped hardware with no remote server connections, producing paper ballots voters can verify before casting. This architectural difference matters more than any published code. A device with no network connection cannot receive remote write commands after polls close — regardless of what software it runs. VotingWorks currently represents a fraction of one percent of the national market. The architecture it demonstrates is available. It is simply not being chosen.
This creates a peculiar legal and moral situation. An election official who genuinely does not know what is happening inside a vendor’s system can plausibly claim ignorance. They pushed the buttons they were told to push. They certified what the system reported. Their hands appear clean.
This is an illusion.
An election official is a public trustee bearing personal responsibility for the integrity of the process. That responsibility cannot be subcontracted. When a county signs a vendor agreement transferring custody of election data to an offsite server in an unknown location managed by a company it cannot compel to produce records, that official has not discharged their duty — they have abandoned it. The ignorance that follows is not a defense. It is the consequence of the abdication itself.
This differs from any ordinary business arrangement. When Wells Fargo carried cargo in the nineteenth century, they accepted liability for its safe delivery even when using subcontractors. If cargo was lost, Wells Fargo paid in full. Elections have no equivalent mechanism. If votes are altered or fabricated within a vendor’s system, the outcome stands, the vendor invokes proprietary privilege, and the voters — the only parties with a genuine stake — have no avenue of recourse.
Consider a licensed pharmacist who dispenses medication from a facility he has never inspected. A patient is harmed. “I trusted the supplier” is not a defense recognized by any licensing board, because the license exists precisely to ensure that someone with verified competence stands personally accountable between the supply chain and the public. Election officials hold the same trust. Their oath of office does not say: “I will certify whatever a vendor’s system reports.” It says: “I will faithfully discharge the duties of this office.” Delegating that duty to a private contractor does not transfer the responsibility. It simply ensures that when something goes wrong, no one is accountable.
When accountability is systematically removed from vote counting, certification becomes a formality. A democracy that runs on formalities rather than verified accountability is not a democracy. It is the appearance of one.
It's me Again. Sigh.
"When a county signs a vendor agreement transferring custody of election data to an offsite server in an unknown location managed by a company it cannot compel to produce records, that official has not discharged their duty — they have abandoned it. The ignorance that follows is not a defense. It is the consequence of the abdication itself." This is Excellent!
I told a person here who has worked non-stop on "the elections" (to the point of now starting to run for office), that I didn't call the "County Commissioners" County Commissioners anymore. Instead I preferred the title "Beggars". They have given away all their authority in the name of not having the state unhappy with them. They are broke and want money, money, money, and that comes from the state.
In the meantime, the SOS yelled down from her perch that the tabulators are her property and no one outside of her control can touch the ballots. She has full control of popping out ID#s while the clerks go through some ancient ceremony to convince themselves that they are in charge of county rolls. I watched as they were trying to take voter ID#s national. ERIC, and some salesmen...
So the counties, who are the only ones that can be accountable for their voting population are neutered, then castrated, then have thier teeth pulled and are now in the process of having their bones removed. Most wait for an opportunity to fly up to the state or national level of "candidates". It's a springboard to Greater things.
I am here with a copy of the summer 2025 "state" voter roll. Per my comment on your previous post I am now able to see that the "old" voter ID#s in the July 2021 download were 1,103,656 records (those are single digits to #2,843,366). Over 4 years to June 2025 those "old" numbers dropped by 15.75%. The "new" numbers from December 2018 forward are quickly closing in on half a million records. This is occuring in a database with approx. 1.35M records between 2021 and 2025. In 2018 there were 1,261,639 "eligible" voters (that use to be called "registered voters"). The state won't even leave registering up to its citizens.
Thank you. You are helping so much with your clarity.
Agreed. I don't think that the code has to be open source as strictly defined. In other words, it doesn't have to carry a GPL or other standard open source license. But I think it has to be publicly posted and open to scrutiny, and not just scrutiny by a few individuals hand-picked by the elections board, but rather by any citizen in the USA with the time and talent. But I think it could still be owned by the company that produces it. The reason is that the public needs to be able to read and understand the code, regardless. But we actually don't care so much about ownership. Additionally, there must be traceability between the source code found at, e.g., Github versus the code that is actually running on a device in the service of an election. How do we know that the code that we're reviewing is the code that is actually running on the devices during the election? This calls for cryptographic signatures, etc. I'm not sure I see that level of traceability at VotingWorks, but I just did a quick skim.