When Logan Lamb visited the website of Georgia’s Center for Election Systems in Aug. 2016, what he found left him speechless. Although the cybersecurity researcher had no password or special authorization, he was able through a Google search to download the state’s voter registration list, view files with Election Day passwords, and access what appeared to be databases used to prepare ballots, tabulate votes, and summarize vote totals. He also discovered a vulnerability that would allow anyone to take full control of a server used for Georgia’s elections. It was everything a Russian hacker – or any malicious intruder – might need to disrupt the vote in Georgia. “Had the bad guys wanted to just completely own the central election system, they could have,” Mr. Lamb told the Monitor in an interview … There are only a handful of states in the US that are currently performing audits that start with voter-verified paper ballots. Many counties in California have conducted pioneering work with such audits. New Mexico hires an independent CPA to oversea an audit of a few key races in that state. And Rhode Island recently enacted a law to develop a voter-verified audit system. But the single most important development in this area is about to take place in Colorado.
The election in Colorado is today, Nov. 7. More important for election security experts who will be watching closely from across the country, the key dates for the audit are Nov. 16, 17, and 18. “All eyes are on Colorado. It is immensely important,” says Marian Schneider, president of the election integrity group, Verified Voting. “This is going to be a blueprint for the rest of the country, hopefully,” adds Susan Greenhalgh, also of Verified Voting.
“A cool thing about Colorado is that we are going to gather evidence about every contest,” McBurnett says. That means that every race and issue on the ballot in Colorado, large and small, will be subject to what is called a “risk-limiting audit.”
Such an audit is a systematic post-election comparison between actual paper ballots and the computerized vote totals that are produced by Colorado’s machine tabulators.
… The basic concept behind a risk-limiting audit is that it is not necessary to perform a full hand-count of all the ballots to reliably verify an election outcome.