Bartow County election officials released a report Thursday from a voluntary audit confirming the results of Georgia’s Jan. 5 Senate runoffs. The audit found an 89-vote discrepancy from the original tally, a 0.2% difference, which Bartow election supervisor Joseph Kirk attributed to human error in the counting process. Candidates can request a recount in Georgia if the margin of victory is less than half a percent – Sen. Jon Ossoff won his race by 1.2%, and Sen. Raphael Warnock won by 2%. Even though the Senate races were close, neither was close enough to require a recount, but in the report, Kirk said they decided to perform the audit to discredit the “mountain of misinformation” that was spread leading up to the election. In particular, Kirk was trying to dispel rumors that the Dominion voting machines used for the first time this election cycle were subject to hacking or malfunction. “Rather than engage in speculation on whether or not the system changed votes after they were cast (it didn’t) or whether it was connected to the internet (it wasn’t), we choose to respond with the simple fact that we know every voter’s vote was accurately counted in Bartow County because we checked – one ballot at a time,” Kirk wrote in the report. Party monitors were present to observe the audit, and the monitors chose which of the Senate races was going to be audited by flipping a coin.
Virginia audits its elections every year – but state law renders the check powerless to fix mistakes | Mike Valerio/WUSA
Each election year, Virginia conducts a meticulous audit of its election system to ensure each voter the marks on their ballot are accurately recorded by voting machines. It’s called a “risk-limiting audit” – the gold standard of election integrity checks nation-wide. Ballots are hand-examined, and compared against computer records. The process ensures that bugs in election machines, dust-blocking ballot scanners or occasional software glitches are caught and no vote is inadvertently altered. But in Virginia, this meticulous audit takes place only after the results of the November 3 election are certified. That means potentially erroneous election results cannot be changed. By state law, “an audit shall have no effect on the election results.”
Media Release: To Enhance Election Security, Rhode Island Tests A New Way to Verify Election Results
Rhode Island is making good on its promise to road-test risk-limiting election audits, following 2017 passage of legislation by the Rhode Island General Assembly, requiring them. Beginning with the presidential primary in April 2020, Rhode Island will become the second state to require these audits to verify election results. A “risk limiting” audit checks if…
As voting in 2018’s midterms ends on Tuesday, November 6, there will be contests with surprising results, races separated by the slimmest of margins, or even ties. How will voters know what to believe without falling prey to partisan angst and conspiracies? What if, as Dean Logan, Los Angeles County’s voting chief, retweeted this week, “the weakest link in election security is confidence”in the reported results? The factual answers lie in the voting system technology used and the transparency — or its lack — in the vote counting, count auditing and recount process. These steps all fall before outcomes are certified and the election is legally over. … In the past decade, two differing approaches to answering that question have emerged and evolved. The first to surface is what’s called a risk-limiting audit (RLA). Jerome Lovato, now an election technology specialist with the U.S. Election Assistance Commission, was present at the start of developing and implementing RLAs a decade ago when Colorado hired him to improve their audit process. Colorado had been sued for a lack of transparency surrounding its testing and certification after buying new machines in 2006. Back then, Colorado — like many states today — grabbed and examined hundreds of ballots after every election to see if they matched the announced winners.
A group of Democratic senators is introducing a bill aimed at securing U.S. elections from hacking efforts, the latest response to attempted Russian interference in the 2016 presidential vote. The bill introduced Tuesday is specifically designed to ensure the integrity of and bolster confidence in the federal vote count. It would require state and local governments to take two steps to ensure that votes are counted correctly. Under the legislation, states would have to use voting systems that use voter-verified paper ballots that could be audited in the event a result is called into question. State and local officials would also be required to implement what are known as “risk-limiting audits” — a method that verifies election outcomes by comparing a random sample of paper ballots with their corresponding digital versions — for all federal elections.
Colorado became the first state in the nation after this month’s election to complete a “risk-limiting” audit, according to the Secretary of State’s Office. Such an audit, ordered by the Colorado Legislature in 2009, is a procedure designed to provide statistical evidence that the election outcome is correct, and has a higher-than-normal probability of correcting a wrong outcome. Risk-limiting audits require human beings to examine and verify more ballots in close races, and fewer ballots in races with wide margins. “Colorado is a national leader in exploring innovative solutions for accessible, secure and auditable elections,” said Matt Masterson, chairman of the U.S. Election Assistance Commission, who witnessed the audit. “Colorado’s risk-limiting audit provided great insights into how to conduct more efficient and effective post-election audits. (The commission) is eager to share some of the lessons learned with election officials across America.”
Colorado: State embarks on a first-of-its-kind election audit that’s drawing interest from out of state | The Denver Post
Colorado is embarking on a first-of-its-kind, statewide election audit that seeks to validate the accuracy of the state’s ballot-counting machines amid national concern about election integrity. The so-called risk-limiting audit involves a manual recount of a sample of ballots from 56 counties that had elections this year to compare them with how they were interpreted by tabulating machines. The exercise is drawing observers from Rhode Island, as well as top federal voting-oversight officials. “It’s a huge deal in the election world,” said Lynn Bartels, spokeswoman for the Colorado Secretary of State’s Office, which is implementing the audit.
States across the nation are ramping up their digital defenses to prevent the hacking of election systems in 2018. The efforts come in the wake of Russia’s interference in the 2016 presidential election, which state officials say was a needed wake up call on cybersecurity threats to election systems and infrastructure. … Security experts are still divided over the extent of hacking risks to actual voting machines. Some say that because many different voting machines are used across the country and because they are not connected to the internet, that would make any large scale attack hard to carry out. … But others contend that digital voting machines are vulnerable and could be targeted to influence actual election outcomes. “Some election functions are actually quite centralized,” Alex Halderman, a University of Michigan computer science professor, told the Senate Intelligence Committee in June. “A small number of election technology vendors and support contractors service the systems used by many local governments. Attackers could target one or a few of these companies and spread malicious code to election equipment that serves millions of voters.”
Colorado on Monday said it will become the first state to regularly conduct a sophisticated post-election audit that cybersecurity experts have long called necessary for ensuring hackers aren’t meddling with vote tallies. The procedure — known as a “risk-limiting” audit — allows officials to double-check a sample of paper ballots against digital tallies to determine whether results were tabulated correctly. The election security firm Free & Fair will design the auditing software for Colorado, and the state will make the technology available for other states to modify for their own use. The audit will allow Colorado to say, “with a high level of statistical probability that has never existed before,” that official election results have not been manipulated, said Colorado Secretary of State Wayne Williams in a statement.
The state of Colorado is moving to audit future digital election results, hiring a Portland-based startup to develop software to help ensure that electronic vote tallies are accurate. The startup Free & Fair announced on Monday that it had been selected by the state to develop a software system for state and local election officials to conduct what are called “risk-limiting audits.” A risk-limiting audit, or RLA, is a method that checks election outcomes by comparing a random sample of paper ballots to the accompanying digital versions. The development comes amid deepening fears on Capitol Hill about the possibility of foreign interference in future elections, following Russia’s use of cyberattacks and disinformation to influence the 2016 presidential election. According to the U.S. intelligence community, Moscow’s efforts also included targeting state and local election systems.
American voting relies heavily on technology. Voting machines and ballot counters have sped up the formerly tedious process of counting votes. Yet long-standing research shows that these technologies are susceptible to errors and manipulation that could elect the wrong person. In the 2016 presidential election, those concerns made their way into public consciousness, worrying both sides of the political fence. The uncertainty led to a set of last-minute, expensive state recounts—most of which were incomplete or blocked by courts. But we could ensure that all elections are fair and accurate with one simple low-tech fix: risk-limiting audits. Risk-limiting audits are specific to elections, but they are very similar to the audits that are routinely required of corporate America. Under them, a random sample of ballots is chosen and then hand-counted. That sample, plus a little applied math, can tell us whether the machines picked the right winner.
After extensive ups and downs, the election recount efforts in Michigan, Wisconsin, and Pennsylvania have concluded. The main lesson: ballot audits should be less exciting and less expensive. Specifically, we need to make audits an ordinary, non-partisan part of every election, done efficiently and quickly, so they are not subject to emergency fundraising and last-minute debates over their legitimacy. The way to do that is clear: make risk-limiting audits part of standard election procedure. After this year’s election, EFF joined many election security researchers in calling for a recount of votes in three key states. This was partly because of evidence that hackers affected other parts of the election (not directly related to voting machines). But more than that, it was based long-standing research showing that electronic voting machines and optical scanners are subject to errors and manipulation that could sway an election. In response to that call, Green Party candidate Jill Stein’s campaign raised more than $7 million to fund the recounts.
Standardizing voter registration processes, voting machines and vote tabulation is the key to eliminating most vulnerabilities plaguing U.S. elections, according to several cybersecurity experts. These standardizations would embed security, enable backups and eliminate many backdoors through which hackers and vote fraudsters currently can warp the results of an election. While voting is administered at the state and local levels, these remedies would need to be applied nationwide. The current web of diverse processes may increase the difficulty for wide-scale election tampering, but they also ensure that achieving security is too broad a challenge for any single remedy to be applied. This diversity also virtually ensures that some location will have a vulnerability that, if exploited effectively, could cast doubt on a nationwide election result. … Auditing capabilities are important, says Ron Bandes, network security analyst in the CERT division of the Software Engineering Institute of Carnegie Mellon University. He also is president of VoteAllegheny, a nonpartisan election integrity organization.
The Secretary of State’s Office chose a Denver-based company Tuesday to supply future voting machines for the state’s 64 counties, and Mesa County Clerk Sheila Reiner couldn’t be more pleased. That’s because Reiner used voting machines from that company, Dominion Voting Systems, as part of a three-year pilot project to test various machines for a uniform voting system. Having all counties use the same machines not only will allow each to get them cheaper, but also help save costs in maintenance, supplies and training time for election workers, Reiner said. She said Dominion, more than any of the other companies that were included in the pilot study, had a product that was ready to go. “Dominion … was by far the most developed and appropriate system for our state,” Reiner said. “I say that because from the simplicity of building the ballot definition all the way through the risk-limiting audit that we’re going to be required to do by statute in 2017, everything just fit with Colorado laws and current needs. The other vendors are still developing things to fit our model.”
Arapahoe County is piloting a vote-checking system this week that promises to raise the level of confidence in the accuracy of election results in Colorado. Elections officials gathered Wednesday at the county’s clerk and recorder office in Littleton to put the system — dubbed the risk-limiting audit — through the paces. The goal is to work out the bugs and have it ready for statewide rollout by election day 2017, as required by the state legislature. “The way we do audits doesn’t present a good enough picture,” Arapahoe County Clerk Matt Crane said Wednesday. “Our citizens deserve to know that we have a fair, transparent and accurate voting process.” The way a post-election audit of ballots is done currently requires a canvass team to pull at least 500 randomly selected paper ballots and compare the results to the tally recorded by the tabulation machines used in the election. Under the risk-limiting audit, random numbers generated by a software program will identify certain ballots to be pulled for inspection. The sample size is statistically determined based on the total number of ballots cast, the margin of the contest and the audit results as they unfold.
In 2010, California lawmakers approved legislation meant to reduce the incentive for expensive and contentious ballot recounts of the sort looming in the exceedingly close race for second place in the state controller’s primary. But the law went dormant at the end of last year and will have no bearing on the controller’s contest between Betty Yee and John A. Pérez. In a statement Tuesday, the Pérez campaign said it is conducting a review to “determine whether a recount is warranted. After nearly a month of counting votes and a vote margin of just 1/100th of one percent, out of more than 4 million votes cast, nobody would like to the see this process completed more than we would,” the statement said. “Since this is one of closest statewide elections in the history of California, we have an obligation to review and ensure that every vote cast is accurately counted. During our review, we will also determine whether a recount is warranted.”
Editorials: Saving throw: securing democracy with stats, spreadsheets, and 10-sided dice | Ars Technica
Armed with a set of 10-sided dice (we’ll get to those in a moment), an online Web tool, and a stack of hundreds of ballots, University of California-Berkeley statistics professor Philip Stark spent last Friday unleashing both science and technology upon a recent California election. He wanted to answer a very simple question—had the vote counting produced the proper result?—and he had developed a stats-based system to find out. On June 2, 6,573 citizens went to the polls in Napa County and cast primary ballots for supervisor of the 2nd District in one of California’s most famous wine-producing regions, on the northern edge of the San Francisco Bay Area. The three candidates—Juliana Inman, Mark van Gorder, and Mark Luce—would all have liked to come in first, but they really didn’t want to be third. That’s because only the two top vote-getters in the primary would proceed to the runoff election in November; number three was out. Napa County officials announced the official results a few days later: Luce, the incumbent, took in 2,806 votes, van Gorder got 1,911 votes, and Inman received 1,856 votes—a difference between second and third place of just 55 votes. Given the close result, even a small number of counting errors could have swung the election. Vote counting can go wrong in any number of ways, and even the auditing processes designed to ensure the integrity of close races can be a mess (did someone say “hanging, dimpled, or pregnant chads”?). Measuring human intent at the ballot box can be tricky. To take just one example, in California, many ballots are cast by completing an arrow, which is then optically read. While voters are instructed to fully complete the thickness of the arrow, in practice some only draw a line. The vote tabulation system used by counties sometimes do not always count those as votes. So Napa County invited Philip Stark to look more closely at their results. Stark has been on a four-year mission to encourage more elections officials to use statistical tools to ensure that the announced victor is indeed correct. He first described his method back in 2008, in a paper called “Conservative statistical post-election audits,” but he generally uses a catchier name for the process: “risk-limiting auditing.”