National: The key to future election security starts with a roll of the dice | Patrick Howell O’Neill/MIT Technology Review

We’re now six weeks past Election Day, and electors in every state followed the will of the voters and confirmed the victory of Joe Biden. But while the Electoral College made the results official, President Donald Trump is continuing to protest them, despite having lost dozens of court cases within the past month. In any case, Congress is slated to complete the process of electing Biden on January 6. President Trump’s attack on American elections accelerated a problem that already existed in the United States: the public doesn’t trust the vote. So how can we help more Americans believe in the most important function of our democracy? One of the states with the most contentious states votes in 2020 might have something to tell us. Georgia’s election was close. When it turned out that were only 12,000 votes separating Joe Biden from Donald Trump, the world turned its attention to the count there. The state’s election processes have changed significantly in just the last year, including a switch to more secure paper ballots and a law requiring a post-election audit, which was then used to examine this year’s tight presidential race. An audit is not a recount. Instead, it is a routine check of a portion of ballots, using statistical tests to root out anomalies. This is meant to increase everyone’s confidence that the outcome is correct. Georgia’s secretary of state, a Republican, ran the audit this year: it discovered and corrected a relatively small number of counting errors. That process was open and transparent, and the changes were too few to affect the results. In the end, it reaffirmed Joe Biden’s win in Georgia.

Full Article: The key to future election security starts with a roll of the dice | MIT Technology Review

Rhode Island Board of Elections to conduct post election Risk-Limiting Audit on Nov. 23 | Daniel Hollingworth/ABC6

The Rhode Island Board of Elections (BOE) will conduct a Risk-Limiting Audit of the state’s 2020 General Election Results which is required by state law. Rhode Island is one of 5 states conducting a Risk-Limiting Audit (RLA), according to BOE spokesman Chris Hunter. “Risk-limiting audits are considered the ‘gold standard’ of post-election auditing techniques,” said Diane Mederos, Chairwoman of the Board of Elections. “Rhode Island voters have the right to have trust and confidence in the state’s voting system, and risk-limiting audits allow us to strengthen that trust by verifying that our voting machines are functioning properly and free from error or manipulation.” Post-election audits provide an extra layer of verification of the accuracy of the voting system after the election. The verification will rely on paper ballots, which Rhode Island has utilized to record every vote cast in the state over the past 20 years.

Full Article: RI Board of Elections to conduct post election Risk-Limiting Audit on Nov. 23 | ABC6

Michigan: Secretary Of State Benson Comments On Risk Limiting Audit | Keweenaw Report

After the presidential primary election in March, a Risk Limiting Audit was performed, and the results have suggested that Michigan is ready for the August and November elections. Of Michigan’s 83 counties, 80 participated in the audit, and the results reinforced the accuracy and security of the results. The audit, the largest of its kind in the nation, was part of Secretary of State Jocelyn Benson’s ongoing efforts to strengthen Michiganders ability to vote. Benson had this to say. “The overwhelming participation from county and local clerks in this audit underscores the hard work they do to safeguard our elections, and their dedication to public service.” Throughout the state, 669 random ballots were selected in the audit, and they mirrored official election results within one percentage point for the leading candidates in each primary, suggesting had an actual audit been conducted, the outcome of the election would remain unchanged.

National: RSA Cryptographer Ronald Rivest Seeks Secure Elections the Low-Tech Way | Susan D’Agostino/Quanta Magazine

onald Rivest sports a white beard, smiles with his eyes and bestows his tech gifts on the people of the world. The Massachusetts Institute of Technology professor is the “R” in RSA, which means that he, along with Adi Shamir (the “S”) and Leonard Adleman (the “A”), gave us one of the first public key cryptosystems. It’s still common today: Nearly all internet-based commercial transactions rely on this algorithm, for which the trio was awarded the 2002 A.M. Turing Award, essentially the Nobel Prize of computing. In recent decades, Rivest has continued to work on making it computationally hard for adversaries to break a system, though he now focuses on ensuring that votes in democratic elections are cast as intended, collected as cast and tallied as collected. Elections, he has discovered, have stricter requirements than nearly any other security application, including internet-based commerce. Unlike online bank accounts and the customer names with which they are affiliated, ballots in an election must be stripped of voters’ names because of voting’s secrecy requirement. But the ballot box’s anonymity sets conditions for real or perceived tampering, which makes proving the accuracy of tallies important to voters, election officials and candidates. Another requirement is that voters can’t receive receipts verifying their candidate selections, lest the practice encourage vote selling or coercion. But without a receipt, voters might wonder if their votes were faithfully and accurately counted. It’s a tough problem to crack, and Rivest thinks the solution lies not with fancier computers, but with pen, paper and mathematics. “I mainly argue for some process by which we have confidence in our election results,” he said. “No one should say, ‘It’s right because the computer said so.’”

Voting Blogs: Ballot-level comparison audits: precinct-count | Andrew Appel/Freedom to Tinker

In my last post I described a particularly efficient kind of risk-limiting audit (RLA) of election results: ballot-level comparison audits, which rely on a unique serial number on every ballot. The serial number should not be preprinted on the ballot where the voter can learn it, otherwise the voter could sell their vote, or be coerced to vote a certain way, and the buyer or coercer could learn the vote from the file of cast-vote records (CVRs). The solution, when central-count optical scan (CCOS) is used, is that the central-count optical-scan voting machine can print the serial number onto the ballot, as it scans and counts the ballot. But many jurisdictions use precinct-count optical scan (PCOS): the voter marks a ballot, and feeds it directly into the PCOS voting machine, where it is scanned, counted, and preserved in a ballot box. This has three advantages over CCOS: PCOS machines can alert the voter about overvotes, undervotes, or blank ballots, which gives the voter a chance to correct their ballot. PCOS tabulations are ready immediately at the close of the polls, which gives faster election-night reporting. PCOS tabulations give an additional safeguard against low-tech paper-ballot tampering: if the hand-to-eye recount of this batch does not match the results claimed by the optical-scanner, then one of them is wrong. The paper ballots themselves are the presumed ballot of record; State statutes should say that in case of disagreement we trust the paper by default, not the (possibly hacked or buggy) computers; but even so, a disagreement is important evidence of possible tampering that could be worth a forensic investigation. We don’t get this safeguard with central-count scanning of precinct-marked ballots. But PCOS machines are not equipped with serial-number printers. Why is that? It would be straightforward to add one to a standard PCOS design, and it wouldn’t much affect the price of the product (so I’ve been told by the vice president of a major voting-machine company). The reason is not that the vendors can’t or won’t make the product; it’s that PCOS-ballot serial numbers are not so straightforward to use in RLAs.

Verified Voting Blog: Letter to Georgia Secretary of State regarding Verified Voting’s position and involvement with risk-limiting audit pilots

The following letter was sent to Georgia Secretary of State Brad Raffensperger on December 16, 2019. The letter addresses Verified Voting’s concerns following the November 2019 election in Georgia and provides clarity on Verified Voting’s position and involvement with risk-limiting audit pilots in the state. Download the Letter (PDF) Dear Secretary Raffensperger, I am writing…

Pennsylvania: Philadelphia tests way to ensure no one hacks 2020 presidential election in Pennsylvania | Jonathan Lai/The Philadelphia Inquirer

Philadelphia voters can rest assured Jim Kenney really was reelected mayor this month, according to a squad of data and voting experts from around the country who ran a rigorous statistical test of the results Thursday. But while it’s no surprise that a Democrat won by 80 percentage points in an overwhelmingly Democratic city, it’s notable that the scientists were able to conduct such an audit in the first place. That’s because on Nov. 5, for the first time, Philadelphia used voting machines that leave a paper record of voters’ choices. As Pennsylvania’s counties roll out similar new machines required to create paper trails in time for the 2020 presidential election, the reported electronic returns can now be checked for accuracy. That’s an important change in a state that Donald Trump carried in 2016 by slightly more than 44,000 votes, or less than 1%. Pennsylvania is expected to be critical again next year. “We know we saw in 2016, everybody wondering, was this real, was this not real?” said Kathy Boockvar, secretary of the commonwealth, whose department oversees Pennsylvania elections. In 2020 and beyond, with what are known as risk-limiting audits, election officials will be able to confirm that the text of paper ballots lines up with what ballot-reading machines say. “The stakes are high, people are very passionate, and we have the paper that will be able to show the actual evidence,” Boockvar said. Officials hope the audits will make it harder for bad actors to tamper with the results. They also hope to increase public confidence in elections generally, following what U.S. intelligence agencies concluded was a systematic campaign by Russia to interfere in the 2016 election to boost Trump. (That campaign involved the dissemination of news and information Americans consumed, not the manipulation of actual votes or voting machines.)

National: CISA and VotingWorks release open source post-election auditing tool | Catalin Cimpanu/ZDNet

The US Cybersecurity and Infrastructure Security Agency (CISA) and VotingWorks, a non-partisan, non-profit organization, have open-sourced today a tool for the post-election auditing process. Developed by VotingWorks and named Arlo, the tool is available on GitHub. It’s a web-based app designed specifically for the US election process where votes are tallied electronically using software or special machines. To safeguard the election process against hacked or faulty voting systems, the US government mandates that all counted votes go through a post-election audit to verify the results, in a process called a Risk-Limiting Audit (RLA). Arlo is designed to automate this auditing process by automatically selecting random voter ballots for the RLA process, providing auditors with the information they need to find those ballots in storage, helping officials compare audited votes to tabulated votes, and providing monitoring & reporting capabilities so that election officials and public observers can follow the audit’s progress and outcome. “The tool supports numerous types of post-election audits across various types of voting systems including all major vendors,” CISA said in a press release today. CISA did not develop Arlo — created by VotingWorks on its own — but the agency has adopted the tool and is currently working on convincing state election officials to deploy it before next year’s presidential election.

Pennsylvania: State starts testing new election auditing procedures | Emily Previti/PA Post

Pennsylvania’s elections overhaul isn’t limited to deploying new voting machines and making sweeping changes to absentee voting and registration deadlines. Officials also are working on new post-election auditing procedures that employ statistical modeling. Test runs occurred earlier this week in Mercer County and are scheduled for Thursday in Philadelphia. Post-election audits already happen in Pennsylvania. State law requires counties to audit 2 percent of ballots cast – or 2,000, whichever is less – in each race. Other auditing criteria – such as sample ballot selection – are largely left up to county election officials. That’s expected to change in 2022. The state agreed to implement a more robust post-election audit system — called risk-limiting audits — as part of the settlement of a lawsuit brought by 2016 Green Party presidential candidate Jill Stein. “The process that’s in place now is practically meaningless,” Stein’s spokesman Dave Schwab wrote in an email Tuesday. “In contrast, risk-limiting audits are designed to use the paper records to ensure that the machine count didn’t produce the wrong winner.”

Colorado: Secretary of State’s Office begins post-election ballot audit | Michael Karlik/Colorado Politics

Secretary of State Jena Griswold on Friday directed county clerks to begin the audit of a random selection of ballots after this month’s general election. A press release said that this risk-limiting audit, the only statewide one in the country following most elections, provides a “high statistical level of confidence that the outcome of an election is correct and reflects the will of the voters.” Colorado conducted its first statewide audit in 2017, covering all counties that used machines to tally their votes. Two counties, Jackson and San Juan, do not perform an audit because their ballots are hand counted. The secretary of state’s office randomly chose the ballots for each clerk to review using a 20-digit number, generated from multiple rolls of a 10-sided die. “If what the audit board reports matches how the voting system tabulated the ballots, the audit concludes,” Griswold’s website explains. “If there are discrepancies, additional ballots are randomly selected to compare until the outcome has been confirmed. If the wrong outcome was reported eventually all of the ballots will be examined and a new outcome will be determined.”

Pennsylvania: Mercer County conducts first risk limiting election audit | Glenn Stevens/WFMJ

Mercer County is conducting a risk-limiting post-election audit for the first time in Pennsylvania. A working group assembled at the Mercer county courthouse on Monday to perform the post-election audit.   It’s described as a scientifically designed procedure that utilizes math and statistical data to confirm election outcomes. “They’ve found out a way to use the math to provide a statistical certainty that the results that we are reporting accurately reflect that’s what the voters did,” said Mercer County Elections Director Jeff Greenburg. “The math is maybe a little complicated for the average person until you get kind of hands-on experience, and that’s really what we’re doing here today,” according to Jonathan Marks, Deputy Secretary of Elections for Pennsylvania.  Pennsylvania has returned to a paper ballot, and the risk-limiting audit is viewed as another step forward for voter confidence and election integrity.

Georgia: Paper ballots recounted to check election results in Georgia | Mark Niesse/The Atlanta Journal-Constitution

A recount of ballots printed out by Georgia’s new voting system confirmed the accuracy of electronically counted election results, state election officials said Wednesday. But critics say the state’s audit proved nothing, and they believe ballots created by computers remain vulnerable to tampering and inaccuracies. Election workers on Tuesday reviewed a sample of paper ballots printed by touchscreens during last week’s election in Bartow County, one of six counties that tested the state’s $107 million voting system. Voters in the rest of the state will switch to the new system starting with the March 24 presidential primary. “An important part of the new voting system is the ability to audit with the use of paper ballots. This feature provides the confidence voters deserve,” Secretary of State Brad Raffensperger said. During the audit, four teams of two election workers each pulled a random sample of 80 ballots out of 1,550 cast in Cartersville. The teams read the printed-out text on the ballots and tallied the results in the race for mayor and a referendum on Sunday morning alcohol sales.

Missouri: Greene County experiments with process for verifying elections | KOLR

Greene County Clerk Shane Schoeller says election security is a top priority, which is why his team is double-checking the accuracy of its vote-counting machines. His office does this after every local election. This time though, they’re doing things differently. People from around Greene County witnessed and participated in the debut of a new election-auditing process: the risk-limiting audit. It’s a new election accuracy test using 20 multi-sided dice and real ballots from the most recent Greene County election. Schoeller says this method is much better than the state’s current post-audit process. He says when Greene County post-audits, no less than five percent of the polling locations of the casted ballots that day are evaluated. His new risk-limiting audit, however, looks at a much wider range of polling locations. He says this ensures the accuracy and election security he’s looking for.

Indiana: State to start seeing voting equipment changes | John Lynch/Ball State Daily

While some Hoosier voters will start seeing changes in electronic voting systems this election, Muncie will have to wait. In late July, the Indiana Election Commission approved the first voter verifiable paper audit trail (VVPAT) for electronic voting systems — a security measure that allows voters to independently verify their vote was correctly recorded, according to a press release from the Office of the Indiana Secretary of State. Almost half of the counties in Indiana use direct record electronic (DRE) machines, the press release stated. These machines have a paper trail in the back of the machines, but not visible to the voter. As a security measure, paper trails that are visible to the voter are being added to VVPAT electronic voting equipment, it stated. “Adding VVPATs to election equipment will help boost voter confidence and allow us to implement risk limiting audits,” said Secretary of State Connie Lawson in the press release. “Together, these practices will show voters at the polls their vote is safe and secure and following up with a post-election audit will confirm their vote was counted. As we prepare for the upcoming presidential election, we will be working to protect 2020 and beyond.”

Editorials: A simple step every state could take to safeguard elections | The Washington Post

Election security is a complex challenge. One essential step, however, is so simple it can be carried out with a pen and paper. Pennsylvania officials have announced that Philadelphia and Mercer County will conduct a post-election pilot next month of what’s called a risk-limiting audit. The procedure is new to most of the country, but 12 states are experimenting with it — because it’s that much of a no-brainer. Currently, 17 states are not required by law to verify the accuracy of their vote tallies at all. Those that are mostly do so the “traditional” way, which in this case means the wrong way. The process auditors typically use — manually recounting votes in a predetermined percentage of precincts — tells officials whether a particular machine or group of machines is working, but it doesn’t actually answer the essential question: Did the declared winner actually win? Risk-limiting audits instead do what any mathematician . They hand-count a statistically meaningful sample of all votes to determine whether the original tally was correct. The required sample increases as the margin of victory narrows. It’s easy, and it’s time-consuming only in the tightest elections, or when something actually has been tampered with. Of course, that’s when it’s most worth investing the time. So why isn’t everyone doing it?

National: Cybersecurity and Democracy Collide: Locking Down Elections | Andrew Westrope/Governing

When asked at a congressional hearing if Russia would attack U.S. election systems again in 2020, Special Counsel Robert Mueller was unequivocal: “It wasn’t a single attempt,” he said. “They’re doing it as we sit here, and they expect to do it during the next campaign.” Presidential campaigns are now underway, and election systems are still vulnerable. From voter registration databases to result-reporting websites to the voting machines themselves, researchers have identified soft spots across the system for hackers to exploit, meaning cybersecurity is now a front line of defense for American democracy. There are many parties working on this problem — secretaries of state, the Department of Homeland Security (DHS), EI-ISAC (Elections Infrastructure Information Sharing and Analysis Center), various nonprofits and private companies — and a few common refrains between them. They’re all pushing for paper ballots, vulnerability screenings, staff training, contingency plans, audits and, above all, more consistent funding. And they all have the same basic message for state and local officials: The security of our elections is riding on you.

Rhode Island: Report examines ways to adopt election audit system in Rhode Island | Jennifer McDermott/Associated Press

A new report recommends how to adopt a system for auditing election results required in Rhode Island. Common Cause, Verified Voting and The Brennan Center for Justice at NYU School of Law released the report Tuesday. They helped the state design and test the risk-limiting audit system this year. Rhode Island will first use risk-limiting audits for the 2020 presidential primaries. There are three ways to do the postelection audit. The report recommends a ballot-level comparison because of its efficiency, transparency and relatively predictable cost. That type of audit would compare the vote on an individual ballot to the machine’s recording of the vote on that ballot, which requires the fewest number of ballots to be examined. The other methods, ballot polling and batch comparison, compare more ballots to totals produced by the machines and require the examination of far more ballots, John Marion, executive director of Common Cause Rhode Island, said Tuesday.

Michigan: Lansing city clerk pilots new post-election audit | Elissa Kedziorek/WILX

The Lansing community was invited to observe a new post-election audit Monday morning. Lansing City Clerk Chris Swope partnered with the Secretary of State’s Bureau of Elections, other local election officials and national election security experts to conduct a risk-limiting audit of the May 7, 2019 Lansing School District Special Election. After checking 337 randomly selected ballots as part of a new election audit pilot, Swope declared the Lansing School Millage Election results are confirmed accurate. “It was great to work with election officials at the national, state, county and local level to develop best practices to confirm election results,” Lansing City Clerk Chris Swope. “Each election we learn more, and the City of Lansing will be very experienced by the Presidential Election in November 2020. Nationally, risk-limiting audits are considered to be the gold-standard method for confirming results. This type of audit uses statistical methods that can detect possible discrepancies in areas that may need further attention due to factors such as human error, possible manipulation, cyber attacks,or a variety of other things.

Editorials: Knowing It’s Right: Limiting the Risk of Certifying Elections | Tammy Patrick/Democracy Fund

Every election we ask ourselves, what motivates voters to participate? Could it be the love of a charismatic candidate? The dislike of a less-than-desirable one? Passion for a specific ballot initiative? Do voters show up to the polls out of habit? The answer is as varied as the voting population, as is the reason voters do not participate. Research shows that while voters’ confidence in their own vote being counted accurately remains relatively constant, their belief that results at the national level are correct is in decline. As we work through reestablishing trust in our elections following Special Counsel Robert Mueller’s 22-month long investigation, the threat of interference in our elections by another nation-state remains. The American public wants to believe that when they vote it means something—we are teaching elections officials about a new way to audit our elections and check for the accuracy every voter deserves. As with most election administration processes, implementation success lies in preparation—and Risk Limiting Audits (RLAs), which some proponents often refer to as the “cheap and easy” method to check the accuracy of the results, are no exception.

Michigan: Three communities auditing May election results as part of election security pilot program | Lauren Gibbons/mlive.com

Michigan elections officials are continuing pilot tests of an auditing system to check election results, with the ultimate goal of perfecting a process for verifying outcomes of both local and statewide races. The pilot audit kicked off in Lansing Monday, where local and state elections officials joined national experts and observers from around the country in overseeing a “risk-limiting audit” of the results in a May ballot question regarding a millage for the Lansing School District. The risk-limiting audit process relies on a mathematical formula to randomly select ballots for auditors to review, and is intended to detect any potential irregularities that could have influenced the outcome of the election. Colorado currently uses risk-limiting audits to test election results.

Oregon: On Election Day, Oregon Senate passes bill requiring future election audits | Associated Press

County clerks in Oregon would be required to audit results after each election under a bill that overwhelmingly passed the Senate on Election Day. The bill approved Tuesday requires county clerks to conduct hand-count or risk-limiting audits after every primary, general and special election. Risk-limiting audits are based on counts of statistical samples of paper ballots. Sen. Lew Frederick, a Portland Democrat, said the bill ensures more audits happen to make sure election results are correct. The bill requires audits after every election, instead of just general elections. It goes next to the House. Heading into the 2020 cycle, a new report out Tuesday provides a stark warning about the cyber-insecurity of the highest-profile U.S. political organizations even after years of concerted efforts to improve digital safeguards and an intense focus in Washington on the need to secure campaigns and elections.

Verified Voting Blog: Verified Voting Testimony Before the House Administration Committee hearing on “Election Security"

Download the Written Testimony (pdf) Chair Lofgren, Ranking Member Davis and members of the Committee, thank you for the invitation to submit testimony to the Committee on House Administration hearing on “Election Security.” We urge the Committee to move expeditiously to support state and local jurisdictions in strengthening their election systems and provide upfront and…

Texas: Election security bill passes in Senate | News-Journal

East Texas state Sen. Bryan Hughes’ signature bill on election security won passage Monday in the Texas Senate and moves to the House of Representatives for debate. Senate Bill 9 creates a paper trail for electronic voting. It also takes aim at voter fraud that can occur when people who help disabled voters try to influence how they vote. It enhances the penalty for making a false statement on a mail ballot application from a misdemeanor to state jail felony and requires those who help voters who are not family members to sign a form documenting their role. The bill also would require people who help disabled voters cast a mail-in ballot officially certify that the voter they help is physically unable to enter a poll without risk to harm. In addition, it allows poll watchers to accompany both the voter and helper into the voting area. “The heart of the bill is that paper ballot, that paper backup,” Hughes, R-Mineola, said as he urged passage of the measure. “This is not a partisan issue. … It says if you’re going to bring someone to the polls and help them cast their ballot … then, yes. We want to know your names.” Hughes chaired a Select Committee on Election Security last summer in preparation for the legislative session that opened in January. Many of the provisions in his Senate Bill 9, he told senators, came from sworn testimony from Democrats and Republicans. The bill passed on a 19-12 vote along party lines. “For whatever reason, the national Democrats made this a lightning rod,” he said. “Election integrity is important to all of us.”

Rhode Island: Russia Wants to Undermine Trust in Elections. Here’s How Rhode Island Is Fighting Back | Time

When a group of Rhode Island’s top officials gathered in a chilly warehouse in Providence in mid-January to fight foreign interference in U.S. elections, the mood was festive. After Secretary of State Nellie Gorbea’s name was pulled out of a knit Patriots hat, the crowd applauded and cheered uproariously. And when she leaned over a plastic table to roll a 10-sided die typically used for Dungeons and Dragons, people watched intensely. Then the work began. The number generated from 20 rolls of the dice was used to pick the ballots that would be pulled and tested to see if November’s vote counting had been done correctly, a final fail-safe against a hacked election, all done in plain view of the public. “Democracy and elections are only as good as whether people trust them or not,” Gorbea said. “Confidence in our democracy is critical to every other public policy issue.” Voting experts say this kind of election audit is critical to thwarting attempts to meddle with American democracy. It not only detects problems with ballot counting, but the open nature of the audit itself also helps restore voters’ confidence in the system.

Rhode Island: To enhance election security, Rhode Island tests a new way to verify election results | Uprise RI

Rhode Island is making good on its promise to road-test risk-limiting election audits, following 2017 passage of legislation by the Rhode Island General Assembly, requiring them. Beginning with the presidential primary in April 2020, Rhode Island will become the second state to require these audits to verify election results. A “risk limiting” audit checks if the election result is correct. Specifically it checks the counting of the votes. A “risk-limiting” audit limits the risk that the wrong election result will be certified. It can catch errors which change the result and correct a wrong result. To prepare for next year’s full implementation, the Rhode Island Board of Elections will conduct three pilot audits on January 16 and 17 at 50 Branch Avenue in Providence, Rhode Island beginning at 9:30 a.m. These pilot audits will be conducted with local election officials from Bristol, Cranston and Portsmouth, Rhode Island.

National: American Statistical Association endorses post-election audits principles | EurekAlert

The American Statistical Association Board of Directors announces its endorsement of Principles and Best Practices for Post-Election Tabulation Audits. The December 2018 document–which updates a 2008 document with the latest statistical research and best practices–“is meant to provide guidance to relevant legislative bodies, state and local election administrators and vendors…” because a “healthy democracy requires widespread trust in elections… [and] people need to be sure that the official election outcomes match the will of the voters.” Imagine someone counted hundreds of blue, red and white marbles in a bag and concluded there are many more red marbles than blue marbles. How can you trust that conclusion? You could dump out the marbles and count each one. Or you could use statistics to do the job faster.

Voting Blogs: Pilots of risk-limiting election audits in California and Virginia | Andrew Appel/Freedom to Tinker

Orange County, CA Pilot Risk-Limiting Audit, by Stephanie Singer and Neal McBurnett, Verified Voting Foundation, December 2018.
City of Fairfax,VA Pilot Risk-Limiting Audit, by Mark Lindeman, Verified Voting Foundation, December 2018.

In order to run trustworthy elections using hackable computers (including hackable voting machines), “elections should be conducted with human-readable paper ballots. … States should mandate risk-limiting audits prior to the certification of election results.

What is a risk-limiting audit, and how do you perform one? An RLA is a human inspection of a random sample of the paper ballots (or batches of ballots)—using a scientific method that guarantees with high confidence that if the voting machines claimed the wrong winner, then the audit will declare, “I cannot confirm this election,” in which case a by-hand recount is appropriate.  This is protection against voting-machine miscalibration, or against fraudulent hacks of the voting machines.

That’s what it is, but how do you do it?  RLAs require not only a statistical design, but a practical plan for selecting hundreds of ballots from among millions of sheets of paper.  It’s an administrative process as much as it is an algorithm.

In 2018, RLAs were performed by the state of Colorado.  In addition, two just-published reports describe pilot RLAs performed by Orange County, California and Fairfax, Virginia.  From these reports (and from the audits they describe) we can learn a lot about how RLAs work in practice.

Michigan: ‘Risk-Limiting’ Audits Could Provide Election Assurances | Government Technology

Three Michigan cities are testing a new process designed to provide strong statistical evidence that the election outcome is correct. The “risk-limiting audit” is a relatively new election security measure being tested across Michigan this week. It’s designed to detect irregularities that could influence reported election outcomes, including cyber-attacks and unintentional machine or human errors. The goal of the pilot will be to determine how risk-limiting audits could be rolled out statewide. Kalamazoo, Lansing and Rochester Hills will also pilot the procedure during the first week of December. “Our goal as election administrators is to foster confidence in the electoral process, the results of that process, and ultimately our democratic institutions,” said Kalamazoo City Clerk Scott Borling. “Michigan voters put their faith in us to conduct free and fair elections. The Risk-Limiting Audit provides another tool and opportunity to demonstrate their trust is well placed.”