risk limiting audits

Tag Archive

Rhode Island: Russia Wants to Undermine Trust in Elections. Here’s How Rhode Island Is Fighting Back | Time

When a group of Rhode Island’s top officials gathered in a chilly warehouse in Providence in mid-January to fight foreign interference in U.S. elections, the mood was festive. After Secretary of State Nellie Gorbea’s name was pulled out of a knit Patriots hat, the crowd applauded and cheered uproariously. And when she leaned over a plastic table to roll a 10-sided die typically used for Dungeons and Dragons, people watched intensely. Then the work began. The number generated from 20 rolls of the dice was used to pick the ballots that would be pulled and tested to see if November’s vote counting had been done correctly, a final fail-safe against a hacked election, all done in plain view of the public. “Democracy and elections are only as good as whether people trust them or not,” Gorbea said. “Confidence in our democracy is critical to every other public policy issue.” Voting experts say this kind of election audit is critical to thwarting attempts to meddle with American democracy. It not only detects problems with ballot counting, but the open nature of the audit itself also helps restore voters’ confidence in the system.

Full Article: Rhode Island Seeks to Restore Voters' Trust in Elections | Time.

Rhode Island: To enhance election security, Rhode Island tests a new way to verify election results | Uprise RI

Rhode Island is making good on its promise to road-test risk-limiting election audits, following 2017 passage of legislation by the Rhode Island General Assembly, requiring them. Beginning with the presidential primary in April 2020, Rhode Island will become the second state to require these audits to verify election results. A “risk limiting” audit checks if the election result is correct. Specifically it checks the counting of the votes. A “risk-limiting” audit limits the risk that the wrong election result will be certified. It can catch errors which change the result and correct a wrong result. To prepare for next year’s full implementation, the Rhode Island Board of Elections will conduct three pilot audits on January 16 and 17 at 50 Branch Avenue in Providence, Rhode Island beginning at 9:30 a.m. These pilot audits will be conducted with local election officials from Bristol, Cranston and Portsmouth, Rhode Island.

Full Article: To enhance election security, Rhode Island tests a new way to verify election results – Uprise RI.

National: American Statistical Association endorses post-election audits principles | EurekAlert

The American Statistical Association Board of Directors announces its endorsement of Principles and Best Practices for Post-Election Tabulation Audits. The December 2018 document–which updates a 2008 document with the latest statistical research and best practices–“is meant to provide guidance to relevant legislative bodies, state and local election administrators and vendors…” because a “healthy democracy requires widespread trust in elections… [and] people need to be sure that the official election outcomes match the will of the voters.” Imagine someone counted hundreds of blue, red and white marbles in a bag and concluded there are many more red marbles than blue marbles. How can you trust that conclusion? You could dump out the marbles and count each one. Or you could use statistics to do the job faster.

Full Article: American Statistical Association endorses post-election audits principles | EurekAlert! Science News.

Voting Blogs: Pilots of risk-limiting election audits in California and Virginia | Andrew Appel/Freedom to Tinker

Orange County, CA Pilot Risk-Limiting Audit, by Stephanie Singer and Neal McBurnett, Verified Voting Foundation, December 2018.
City of Fairfax,VA Pilot Risk-Limiting Audit, by Mark Lindeman, Verified Voting Foundation, December 2018.

In order to run trustworthy elections using hackable computers (including hackable voting machines), “elections should be conducted with human-readable paper ballots. … States should mandate risk-limiting audits prior to the certification of election results.

What is a risk-limiting audit, and how do you perform one? An RLA is a human inspection of a random sample of the paper ballots (or batches of ballots)—using a scientific method that guarantees with high confidence that if the voting machines claimed the wrong winner, then the audit will declare, “I cannot confirm this election,” in which case a by-hand recount is appropriate.  This is protection against voting-machine miscalibration, or against fraudulent hacks of the voting machines.

That’s what it is, but how do you do it?  RLAs require not only a statistical design, but a practical plan for selecting hundreds of ballots from among millions of sheets of paper.  It’s an administrative process as much as it is an algorithm.

In 2018, RLAs were performed by the state of Colorado.  In addition, two just-published reports describe pilot RLAs performed by Orange County, California and Fairfax, Virginia.  From these reports (and from the audits they describe) we can learn a lot about how RLAs work in practice.

Full Article: Pilots of risk-limiting election audits in California and Virginia.

Michigan: ‘Risk-Limiting’ Audits Could Provide Election Assurances | Government Technology

Three Michigan cities are testing a new process designed to provide strong statistical evidence that the election outcome is correct. The “risk-limiting audit” is a relatively new election security measure being tested across Michigan this week. It’s designed to detect irregularities that could influence reported election outcomes, including cyber-attacks and unintentional machine or human errors. The goal of the pilot will be to determine how risk-limiting audits could be rolled out statewide. Kalamazoo, Lansing and Rochester Hills will also pilot the procedure during the first week of December. “Our goal as election administrators is to foster confidence in the electoral process, the results of that process, and ultimately our democratic institutions,” said Kalamazoo City Clerk Scott Borling. “Michigan voters put their faith in us to conduct free and fair elections. The Risk-Limiting Audit provides another tool and opportunity to demonstrate their trust is well placed.”

Full Article: ‘Risk-Limiting’ Audits Could Provide Election Assurances.

Michigan: New election security test will audit 2018 results in 3 Michigan cities | MLive.com

Three Michigan cities are testing a new process designed to provide strong statistical evidence that the election outcome is correct. The “risk-limiting audit” is a relatively new election security measure being tested across Michigan this week. It’s designed to detect irregularities that could influence reported election outcomes, including cyber-attacks and unintentional machine or human errors. The goal of the pilot will be to determine how risk-limiting audits could be rolled out statewide. Kalamazoo, Lansing and Rochester Hills will also pilot the procedure during the first week of December. “Our goal as election administrators is to foster confidence in the electoral process, the results of that process, and ultimately our democratic institutions,” said Kalamazoo City Clerk Scott Borling. “Michigan voters put their faith in us to conduct free and fair elections. The Risk-Limiting Audit provides another tool and opportunity to demonstrate their trust is well placed.”

Full Article: New election security test will audit 2018 results in 3 Michigan cities | MLive.com.

Michigan: Rochester Hills to conduct post-election risk-limiting audit | The Oakland Press

On Monday, Dec. 3, Rochester Hills will conduct Michigan’s first pilot of a risk-limiting post-election audit. Risk-limiting audits provide a check on election results. The procedure is designed to detect irregularities that may include intentional cyber attacks or unintentional error that may change the reported election outcomes. “Michigan voters put their faith in us as election administrators to conduct free and fair elections,” said Rochester Hills Clerk Tina Barton. “This procedure will provide us with another opportunity to confirm their trust is well placed.” The pilot is one of three to be conducted the first week of December and part of the first multi-jurisdictional risk-limiting audit pilot in the country. Lansing and Kalamazoo will hold their pilots later in the week.

Full Article: Rochester Hills to conduct post-election audit | Local News | theoaklandpress.com.

California: California doesn’t need better voting machines — it needs better audits, experts say | The Peninsula Press

When voters in Alameda and Santa Clara County head to the polls on Nov. 6, about one percent will cast their ballots on electronic voting machines that have known security vulnerabilities. California has safeguards in place. In addition to requiring paper records for votes cast on electronic machines, California also manually audits one percent of all ballots cast, to make sure there’s no discrepancy in the numbers. Now, experts like David Dill, a computer science professor at Stanford and founder of Verified Voting, are saying that isn’t enough, and are pushing states like California to implement more rigorous auditing methods. “The problem of protecting machines is pretty unmanageable, even with the best and most modern hardware … so what you need to do is select a bunch of ballots at random and hand count them in order to make sure the electronic counts are accurate,” says Dill.

Full Article: California doesn’t need better voting machines — it needs better audits, experts say - Local: In The Peninsula.

Editorials: Protect public trust by auditing elections: It’s easier than you might think  | Marc Schneider/The Hill

Pick one word for how the Russians interfered with the 2016 presidential election. How about “distrust?” They used trolling, false stories, fake accounts, and cyberattacks to sow distrust among the American people. And without a doubt, Russians and other adversaries are working hard now to spark anger, confusion, and conflict along economic, gender, political, and racial lines within our country. While an effort to reduce confidence in our voting systems — the actual machines and processes we use to register voters and elect our leaders — was a factor in 2016, I believe it will be an even greater factor moving forward. Why? Because it would be so effective. The objectives of campaigns like Russia’s are to divide and demoralize the public, muddy discourse, and discredit and undermine whoever they see as opponents. What better way to do that than by delegitimizing the election results, particularly in hotly contested races where a small number of votes can make all the difference? 

Full Article: Protect public trust by auditing elections: It’s easier than you might think  | TheHill.

National: Risk-Limiting Audits Can Support an Election’s Legitimacy | StateTech

The National Academy of Sciences report is blunt: “There is no realistic mechanism to fully secure vote casting and tabulation computer systems from cyber threats.” But election officials can and should audit votes — rather than performing time-consuming full recounts — before election results are certified to confirm their legitimacy, the report states. Risk-limiting audits are a relatively new way to double-check the results of an election after the fact. First implemented in Colorado in 2017, the audits examine a randomly chosen, statistically significant number of paper ballots and compare the results in those ballots to the actual result.  They’re done no matter the margin of victory; suspicious results may trigger a full recount. “It’s an abbreviated recount, in a sense,” said Ronald Rivest, one of the inventors of the RSA public-key cryptosystem and a member of the NAS panel that wrote the report. 

Full Article: Risk-Limiting Audits Can Support an Election’s Legitimacy - StateTech Magazine.

National: Experts assess voting security as midterm elections approach | Princeton University

Since the adoption of electronic voting machines in the 1990s, election experts have argued that paper records are critical for auditing elections and detecting potential tampering with vote tallies. The issue gained new prominence following the 2016 elections, which spurred multiple investigations into allegations of Russian interference in the electoral process. In a panel discussion hosted by Princeton’s Center for Information Technology Policy (CITP), experts examined the state of U.S. election security. The moderator Ed Felten, the Robert E. Kahn Professor of Computer Science and Public Affairs and director of CITP, opened the discussion by noting that “Princeton has quite a bit of expertise in this area.” He cited two faculty members working in election technology and policy, Andrew Appel and Jonathan Mayer. Appel, the Eugene Higgins Professor of Computer Science, recently served as a member of the National Academies’ Committee on the Future of Voting, while Mayer, assistant professor of computer science and public affairs, recently developed bipartisan election security legislation as a staffer in the United States Senate. Also on the panel was Marian Schneider, a former Pennsylvania elections official and the president of Verified Voting, a nonprofit organization that aims to improve election security practices.

Full Article: Experts assess voting security as midterm elections approach.

Michigan: State to test out risk-limiting election audits | WILX

The State of Michigan will be running a pilot program auditing election results after the general election on November 6. Michigan will be part of a pilot program that will verify that voting equipment and election officials performed properly. “With this pilot of risk-liming audits, Michigan further bolsters its reputation as a national leader in election security and integrity,” Secretary of State Ruth Johnson said. “With our new election equipment and secure voter file, and now with our pilot of risk-limiting audits, we are well ahead of other states in strengthening election integrity.” Three cities in Michigan will participate in the pilot program, Rochester Hills, Kalamazoo and Lansing. “I thank the clerks in Kalamazoo, Lansing and Rochester Hills for stepping up and being willing to pioneer how these audits could work in Michigan,” Johnson said. “Their participation shows how much election officials across Michigan take election protection seriously and are working to further strengthen voting security and integrity.”

Colorado: How Colorado voting became a cybersecurity leader long before Russians tried to hack it | TechRepublic

Colorado was one of 21 states targeted by Russian operatives during the 2016 election. But unlike many others, the state has spent years implementing top-tier cybersecurity measures and audits to prevent hackers from entering its systems and interfering with the election process. Colorado receives top marks in the three most important election security categories, according to a February report from the left-leaning Center for American Progress comparing the election security of all 50 states:

Adhering to minimum cybersecurity standards for voter registration systems
Carrying out elections with paper ballots
Conducting robust post-election audits

… In 2017, Colorado became the first state to carry out mandatory risk-limiting post-election audits, which are widely considered the gold standard, according to the Center for American Progress. Risk-limiting audits involve manually checking a sample of ballots, and providing statistical evidence that the election outcome is correct. They have a high probability of correcting a wrong outcome, according to the US Election Assistance Commission. A risk-limiting audit could lead to a full manual recount if there is not enough evidence to prove that the reported outcome is correct, the commission stated.

Full Article: How Colorado voting became a cybersecurity leader long before Russians tried to hack it - TechRepublic.

Colorado: A Safe Place for Elections | State of Elections

Colorado is known for more than just picturesque mountain views and crystal-clear rivers. The Centennial State touts some of the best education, healthcare, and the best state economy in the nation. To add to this impressive list of achievements, Colorado has been christened as the safest state in the nation to host an election. Colorado’s impressive new title come from two different sources: The Washington Post and Homeland Security Secretary Kristjen Nielsen. Over the last decade, Colorado took several steps forward in election security to ensure the integrity of its elections. First, Colorado implemented a first-of-its-kind risk-limiting audit. In 2013, the Colorado legislature codified this new auditing technique (Colo. Rev. Stat. § 1-7-515 (2013)), which was required for the 2017 elections and all “primary, general, coordinated, or congressional vacancy elections thereafter.” A risk-limiting audit is a form of statistical analysis that requires officials to match certain paper ballots with the electronic voting machines’ interpretation of the ballots. This ensures that the machine read the ballot correctly.

Full Article: A Safe Place for Elections - State of Elections.

National: Risk Limiting Audits (RLAs) Gain Traction With State & Local Election Officials In Advance Of 2018 U.S. Midterm Elections | Free & Fair

To guard against the multitude of election security threats ahead of the 2018 U.S. midterms, state and local jurisdictions are turning to Risk Limiting Audits (RLAs). Two of the more notable RLA initiatives – State of Colorado and Orange County, Ca. – leverage software developed by election technology startup Free & Fair. A Risk Limiting Audit is an evidence-based method that checks the integrity of election tabulation outcomes by comparing a random manual recount sampling of paper ballots to their corresponding digital versions. RLAs are better and more efficient than the random post-election audits used by jurisdictions today, because they generally require a smaller number of ballots to be audited but still provide a much higher statistical probability that the outcome is correct. In November 2017, Colorado completed the first U.S. statewide set of risk-limiting post-election audits in binding elections – with all 56 Colorado counties that had a November election passing. State of Colorado recently earned the Government Innovation Award for its pioneering use of RLAs in binding elections. Free & Fair, which offers transparent, cyber secure and verifiable election systems, developed the software tools for this first U.S. statewide implementation of RLAs beginning with the November 2017 general election.

Full Article: Risk Limiting Audits (RLAs) Gain Traction With State & Local Election Officials In Advance Of 2018 U.S. Midterm Elections.

National: Scientific collective calls for paper-based voting machines, no more internet voting | StateScoop

The United States should stop holding elections conducted without human-readable paper ballots as soon as possible, urges a report published Thursday by the National Academies of Sciences, Engineering, and Medicine. In a press release announcing the NASEM report, Lee Bollinger, president of Columbia University and co-chair of the committee that produced the report said “this is a critical time for our country” and called on all levels of government to prioritize the use of paper ballots. NASEM’s recommendations are all oriented around ensuring that election infrastructure is not vulnerable to tampering and that results can be verified. Chief among the recommendations is that all voting machines that do not create a paper trail allowing for independent auditing be “removed from service as soon as possible.” The report follows two years of federal and state activity centered on protecting election systems from foreign meddling, specifically groups linked to Russian intelligence agencies. State chief information officers first got a warning from the Department of Homeland Security in August 2016 about potential outside attacks, and federal agencies have increased their attention on the issue throughout 2018.

Full Article: Scientific collective calls for paper-based voting machines, no more internet voting.

National: Senators duel over audit requirements in election security bill | FCW

As the Secure Elections Act barrels towards a crucial markup in the Senate, two of its original cosponsors expressed divergent views on whether the bill must mandate hand counted post-election audits. The latest version of the bill released by Senate Rules Committee chair Roy Blunt (R-Mo.) would, like its predecessors, mandate that every state conduct a post-election audit to verify the results. However, Blunt’s version would allow states to conduct those audits by hand as well as through electronic means. Previous versions of the bill specified that audits be inspected “by hand and not by device.” During a hearing on cybersecurity, Sen. Amy Klobuchar (D-Minn.), one of the original co-sponsors of the bill, pressed her colleagues to fight to reinsert the language. “I would love to see that risk-limiting audit requirement across the country,” said Klobuchar. “What we have right now in the bill is a requirement that simply audits be required and they have to report back to us. We have backup paper ballots in 14 states now, nine as you know have partial [paper backups], five don’t have any at all….I don’t know how you could prove what happened in an election if there was a hacking.”

Full Article: Senators duel over audit requirements in election security bill -- FCW.

Editorials: Election Security Bill Without Paper Records and Risk Limiting Audits? No Way. | Electronic Frontier Foundation

The Senate is working on a bill to secure election infrastructure against cybersecurity threats, but, unless amended, it will widely miss the mark. The current text of the Secure Elections Act omits the two most effective measures that could secure our elections: paper records and automatic risk limiting audits. Cybersecurity threats by their very nature can be stealthy and ambiguous. A skillful attack can tamper with voting machines and then delete itself, making it impossible to prove after the fact that an election suffered interference. Paper records ensure that it is possible to detect and quickly correct for such interference. Automatic audits ensure that such detection actually happens.

Full Article: Election Security Bill Without Paper Records and Risk Limiting Audits? No Way. | Electronic Frontier Foundation.

Virginia: First new election results audit held in Fairfax city | WTOP

In a first for Virginia, elections officials gathered Thursday and Friday at the Fairfax County Courthouse to prove that election results from June’s primary were correct. The risk-limiting audit was for the Republican U.S. Senate primary results in the city of Fairfax. It was a demonstration of what could be done statewide in future elections as a statistical check to provide more evidence that the final results based on counts from ballot scanners are correct. The audits, when done for an entire election, are meant to show statistical confidence that the winner really won and the loser or losers really lost. Results of the first audit completed Friday showed the results of 69 randomly selected ballots scanned by a machine Thursday matched the hand count of those same ballots done Friday morning. (One ballot was selected twice by the random process).

Full Article: First new Va. election results audit held in Fairfax city | WTOP.

Voting Blogs: Passing Your Vote Through Security: The Rise of Risk Limiting Audits in Rhode Island | State of Elections

In the 2016 election’s aftermath, United States intelligence agencies speculated that the Russian government hacked various government entities and the major political parties in order to influence the election’s results. It was recently confirmed that twenty-one  states were subject to that foreign attack. Experts cautioned states to take responsive measures since many states take little to no precaution at all.   Rhode Island, like sixteen other states, does not presently have a statutory requirement to conduct post-election audits. But on September 19, 2017, Rhode Island’s State Legislature responded to the 2016 election cycle by passing a new bill through both chambers (Senate Bill 413A and House Bill 5704A) which would begin post-election audits in 2018 and mandate them in every county by 2020. The bill received bipartisan and unanimous support, passing 36-0 in the State Senate, and 70-0 in the House of Representatives. Governor Gina Raimondo is expected to sign the legislation. The proposed legislation allows the Board of Elections to decide which elections (i.e., primary, state, multijurisdictional) are subject to a risk limiting audit or partial recount in order to verify voting results. This audit would be conducted by hand, in public view, and completed within seven days after an election.  

Full Article: Passing Your Vote Through Security:  The Rise of Risk Limiting Audits in Rhode Island  - State of Elections.