Wikimedia Foundation elections/Scrutinizing process

The scrutinizing process is a key part of a SecurePoll election. Its primary goal is to ensure the integrity of the election. This is achieved by having independent volunteers—known as "scrutineers" or "scrutinizers"—look over each vote. For a large election (such as a Board election), this process can take two weeks or more.

Who are the scrutineers?

In theory, anyone can be a scrutineer. However, due to the nature of the data involved in this work, scrutineers are almost always Stewards or, in the case of Board elections, members of the elections committee. At the very least, they are individuals who have signed the access to nonpublic personal data policy.

Scrutineers are intended to be independent. During the election set up process, the scrutineers are recruited and remain on standby until the election begins, and remain working until all votes have been validated.

What do scrutineers do?

The scrutineers ensure that each vote:

  • ...is not a duplicate
  • ...is not made by a sock puppet (i.e. one user voting with multiple accounts in violation of the election rules)
  • ...was made by a user who met the eligibility requirements at the time of the vote.

Often, these scrutineers will check every vote individually (that is, they do not "split up the work" among the scrutineers—they each go through the full list). If they find a vote that should not have counted for whatever reason, the vote will be "struck" by the scrutineer and will not be counted in the tally.

Scruntineers will also be asked to confirm the final tally once that has been completed, primarily to protect against undue influence from the tallier (or to flag inconsistencies, bugs, etc.).

What don't / can't scrutineers do?

Scrutineers do not gain direct access to the votes themselves. This means they cannot use their position to, for example, strike votes for candidates they dislike.

What data do the scruntineers have access to?

When a user votes in a SecurePoll election, their IP address and user agent are logged alongside their vote. While the vote is encrypted with GPG, the accompanying data is available to users who are designated as "admins" of that particular election and who have the electionadmin user right on votewiki. The scrutineers are granted access to the IP address and user agent information to determine whether the vote is valid.

Scrutineers do not gain direct access to the votes themselves. This information remains encrypted up until the tallying process is completed, after which the vote is considered final.