Colorado was one of 21 states targeted by Russian operatives during the 2016 election. But unlike many others, the state has spent years implementing top-tier cybersecurity measures and audits to prevent hackers from entering its systems and interfering with the election process. Colorado receives top marks in the three most important election security categories, according to a February report from the left-leaning Center for American Progress comparing the election security of all 50 states:
Adhering to minimum cybersecurity standards for voter registration systems
Carrying out elections with paper ballots
Conducting robust post-election audits
… In 2017, Colorado became the first state to carry out mandatory risk-limiting post-election audits, which are widely considered the gold standard, according to the Center for American Progress. Risk-limiting audits involve manually checking a sample of ballots, and providing statistical evidence that the election outcome is correct. They have a high probability of correcting a wrong outcome, according to the US Election Assistance Commission. A risk-limiting audit could lead to a full manual recount if there is not enough evidence to prove that the reported outcome is correct, the commission stated.
“Only a few states use the particularly good state-of-the-art audit methods called Risk-limiting audits,” said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology, who developed the auditing methodology in his post-doctoral research.
Risk-limiting audits are required in Colorado, Rhode Island, and Virginia, according to the National Conference of State Legislatures. Ohio and Washington provide counties with the option to do this audit. Beginning in 2020, California counties may conduct a risk-limiting audit instead of a traditional post-election audit.
These audits are key for identifying any problems or interference that may have occurred during voting. “We focused up until 2016 almost exclusively on vote count changing attacks—things that attacked the actual voting system,” Lorenzo Hall said. “But 2016 essentially taught us that there are so many other things that can either directly or indirectly affect the outcome of an election.”