AssembleyAssembley
PricingSecurityAbout

How Vote Integrity Is Protected

A plain-language explanation of how Assembley keeps an assembly's record tamper-evident — immutable vote records, frozen vote weights, and a hash chain that makes any change detectable.

For a result to be defensible, it isn't enough to record it — you have to be able to show it wasn't changed afterwards. Assembley protects the integrity of every assembly with a few reinforcing mechanisms. This article explains them at a conceptual level, without the cryptography.

Records are immutable

The core principle is that the record of what happened is append-only: votes and the meeting's key events are written once and not edited or deleted afterwards. There is no "edit this vote" path. This removes the most obvious failure mode — a result quietly altered after the meeting — because there's simply no mechanism to alter it.

Vote weight is frozen at the moment of voting

When a voter casts a ballot, the weight that ballot carries is fixed onto it then and there. The tally uses the weight recorded with each vote, never a live lookup. So even if your register is edited later — a voter's capital or class changes — a concluded vote's result does not move, because the weight that counted is preserved on the ballot itself. See How Voting Weight Is Calculated.

A tamper-evident chain

Beyond immutability, the meeting's events are linked together so that any change is detectable. Conceptually, each record carries a fingerprint that depends on the records before it, forming a chain — so altering any single entry would break the chain and be immediately apparent. The votes for each item are summarised into a compact fingerprint of their own. The result is a record that is not just hard to change, but one where changes announce themselves.

You don't need to understand the cryptography to benefit from it: the point is that the evidence package can be independently verified, and verification would fail if anything had been tampered with.

Why this matters

These properties are what turn "we ran a vote" into "we can prove how the vote went". They're aimed squarely at the moments that test a governance process:

  • An auditor checking that decisions were taken properly.
  • A regulator requesting documentation.
  • A shareholder or member disputing a result.

In each case, a tamper-evident, independently verifiable record is far stronger than a number in the minutes. See The Evidence Package Explained.

Integrity and identity together

Integrity protects the record of the votes; identity verification protects who cast them. Both are needed for a defensible result — a perfect record of anonymous votes proves little. See Identity Verification Levels.

Where to go next

See The Evidence Package Explained and How Votes Are Counted.

Related articles