Enhanced Voting’s MyBallot and EnhancedBallot are remote ballot marking systems that each operate in a single HTML file. MyBallot is a server-side remote ballot marking system, while EnhancedBallot is a client-side system. In 2013, MyBallot was first fielded in Oklahoma, where it is hosted on the Amazon Web Services (AWS) cloud computing platform. The system imprints voter’s marked ballots with a QR code that integrates with Hart scanners for auto duplication. In Virginia, MyBallot is hosted on Microsoft Azure cloud computing service. MyBallot was developed with Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) voters in mind. EnhancedBallot is a newer remote ballot marking system, which is currently fielded in several Ohio counties. EnhancedBallot is tailored to voters with disabilities; however, voters with disabilities can use their own Audio-Tactile Interface (ATI) to mark their ballots using either system. KNOWiNK is the vendor for MyBallot in Virginia and for EnhancedBallot in the Ohio counties. Enhanced Voting contracts directly with Oklahoma.

In 2020, the systems were available only to UOCAVA voters and voters with disabilities — these systems were not available in any jurisdictions to all registered voters. KNOWiNK was the vendor for the systems in Ohio and Virginia, while Enhanced Voting had a contract directly with the state of Oklahoma. Enhanced Voting was instrumental in creating the VotingWorks Accessible Vote-by-Mail system, which is a client-side remote ballot marking system.

Voters access MyBallot or EnhancedBallot via a website link from their county. For authentication purposes, a voter must input personally identifying information, including their first and last name and date of birth. The voter must also enter either the last four numbers of their Social Security Number (SSN) or their driver license number — whichever they entered on their application to use the system. The voter next selects “Sign in.”

The voter is taken to their personal welcome screen. The top bar on this screen contains links that allow the voter to adjust the text size and contrast ratio. Under the welcome message, the voter is provided instructions, ballot download information, which displays how long the ballot is available, and ballot tracking information, which displays if and when the voter has downloaded their ballot and whether it has been received by the elections office. Here, the voter can download a blank ballot, which they may print and mark by hand.

To begin marking their ballot, a voter selects “Begin Ballot Marking.” To make a selection, the voter selects the oval to the left of the candidate of their choice. The candidate’s name and party is listed. When navigating using a screen reader, the voter will hear “check box unchecked” when an oval is not filled in, or “check box checked” when an oval is filled. The voter selects the large green “Next” screen to navigate to the next contest and the gray “Previous” to return to a previous contest. To write in a candidate, the voter navigates to the “Write-In” line and enters in their chosen candidate’s name. After finishing the ballot marking process, the voter can navigate backward or continue to the review screen.

On the review screen, the voter can view the entire ballot, which includes their selections and the candidates they did not select. The voter can choose to return to previous contests to change their selections or can select “Proceed to Download Your Ballot.” If the voter is using the EnhancedBallot system to mark and create their ballot, the voter’s ballot is created as a PDF, which can be printed. If the voter is using the MyBallot system to mark and create their ballot, the the ballot prints directly from the HTML file, which can be saved as a PDF or printed. A voter’s screen reader will instruct them how to navigate to the downloaded file.

The voter must drop off or mail their printed ballot. Enhanced Voting’s MyBallot and EnhancedBallot remote ballot marking systems do not support the electronic return of voted ballots. Depending on the jurisdiction, the voter’s ballot may be imprinted with a QR code containing the voter’s selections, or the jurisdiction may manually remake the ballot onto scannable ballot paper.

Unreadable Bar Codes and QR Codes

In jurisdictions that configure ballots to be imprinted with QR codes, a voter’s selections are encoded in the QR code, which is not readable by humans. In their Security Analysis of the Democracy Live Online Voting System — not the MyBallot or EnhancedBallot systems — Michael A. Specter and J. Alex Halderman note that an attacker could “encode false votes within barcodes, so that the ballot appears (to a human) to be marked for the voter’s selected candidate but will be counted by an optical scanner as a vote for a different candidate.” Thus, the a voter’s ballot could appear to the voter to be the selections the voter made; however, when remade onto scannable ballot stock, the QR code could transpose the voter’s actual selections for those of the hacker’s choice.

Server-Side Ballot Marking and Creation

According to Specter and Halderman, who did not review MyBallot, when server-side web apps send a voter’s identity and ballot choices to a remote server to generate a marked ballot PDF file, an attacker could learn voters’ ballot selections. Because MyBallot does not support the electronic return of voted ballots (internet voting), a voter’s review of their printed ballot would catch any interference — except if an attacker alter’s a QR code, which the voter cannot read without a QR code scanner. Specter and Halderman have not reviewed the Enhanced Voting systems; however, they note that marking ballots server-side increases risks to election integrity and ballot secrecy.