The National Academy of Sciences report is blunt: “There is no realistic mechanism to fully secure vote casting and tabulation computer systems from cyber threats.” But election officials can and should audit votes — rather than performing time-consuming full recounts — before election results are certified to confirm their legitimacy, the report states. Risk-limiting audits are a relatively new way to double-check the results of an election after the fact. First implemented in Colorado in 2017, the audits examine a randomly chosen, statistically significant number of paper ballots and compare the results in those ballots to the actual result. They’re done no matter the margin of victory; suspicious results may trigger a full recount. “It’s an abbreviated recount, in a sense,” said Ronald Rivest, one of the inventors of the RSA public-key cryptosystem and a member of the NAS panel that wrote the report.
“Recounts are expensive. Is there a way to get most of the assurance of a recount through statistics? That’s what a risk-limiting audit does. If the sample is large enough, it’ll tell you where the truth lies,” he said during a press conference at the report’s September release.
The Colorado Secretary of State’s office describes the risk limit as “the largest chance that an incorrect outcome escapes correction. If the risk limit is 1 percent, then, in the long run, at least 99 out of 100 wrong outcomes would be corrected by the audit.”