When asked at a congressional hearing if Russia would attack U.S. election systems again in 2020, Special Counsel Robert Mueller was unequivocal: “It wasn’t a single attempt,” he said. “They’re doing it as we sit here, and they expect to do it during the next campaign.” Presidential campaigns are now underway, and election systems are still vulnerable. From voter registration databases to result-reporting websites to the voting machines themselves, researchers have identified soft spots across the system for hackers to exploit, meaning cybersecurity is now a front line of defense for American democracy. There are many parties working on this problem — secretaries of state, the Department of Homeland Security (DHS), EI-ISAC (Elections Infrastructure Information Sharing and Analysis Center), various nonprofits and private companies — and a few common refrains between them. They’re all pushing for paper ballots, vulnerability screenings, staff training, contingency plans, audits and, above all, more consistent funding. And they all have the same basic message for state and local officials: The security of our elections is riding on you.Full Article: Cybersecurity and Democracy Collide: Locking Down Elections.
risk limiting audits
Rhode Island: Report examines ways to adopt election audit system in Rhode Island | Jennifer McDermott/Associated Press
A new report recommends how to adopt a system for auditing election results required in Rhode Island. Common Cause, Verified Voting and The Brennan Center for Justice at NYU School of Law released the report Tuesday. They helped the state design and test the risk-limiting audit system this year. Rhode Island will first use risk-limiting audits for the 2020 presidential primaries. There are three ways to do the postelection audit. The report recommends a ballot-level comparison because of its efficiency, transparency and relatively predictable cost. That type of audit would compare the vote on an individual ballot to the machine’s recording of the vote on that ballot, which requires the fewest number of ballots to be examined. The other methods, ballot polling and batch comparison, compare more ballots to totals produced by the machines and require the examination of far more ballots, John Marion, executive director of Common Cause Rhode Island, said Tuesday.Full Article: Report examines ways to adopt election audit system in Rhode Island - News - providencejournal.com - Providence, RI.
The Lansing community was invited to observe a new post-election audit Monday morning. Lansing City Clerk Chris Swope partnered with the Secretary of State’s Bureau of Elections, other local election officials and national election security experts to conduct a risk-limiting audit of the May 7, 2019 Lansing School District Special Election. After checking 337 randomly selected ballots as part of a new election audit pilot, Swope declared the Lansing School Millage Election results are confirmed accurate. “It was great to work with election officials at the national, state, county and local level to develop best practices to confirm election results,” Lansing City Clerk Chris Swope. “Each election we learn more, and the City of Lansing will be very experienced by the Presidential Election in November 2020. Nationally, risk-limiting audits are considered to be the gold-standard method for confirming results. This type of audit uses statistical methods that can detect possible discrepancies in areas that may need further attention due to factors such as human error, possible manipulation, cyber attacks,or a variety of other things.Full Article: Lansing city clerk pilots new post-election audit.
Editorials: Knowing It’s Right: Limiting the Risk of Certifying Elections | Tammy Patrick/Democracy Fund
Every election we ask ourselves, what motivates voters to participate? Could it be the love of a charismatic candidate? The dislike of a less-than-desirable one? Passion for a specific ballot initiative? Do voters show up to the polls out of habit? The answer is as varied as the voting population, as is the reason voters do not participate. Research shows that while voters’ confidence in their own vote being counted accurately remains relatively constant, their belief that results at the national level are correct is in decline. As we work through reestablishing trust in our elections following Special Counsel Robert Mueller’s 22-month long investigation, the threat of interference in our elections by another nation-state remains. The American public wants to believe that when they vote it means something—we are teaching elections officials about a new way to audit our elections and check for the accuracy every voter deserves. As with most election administration processes, implementation success lies in preparation—and Risk Limiting Audits (RLAs), which some proponents often refer to as the “cheap and easy” method to check the accuracy of the results, are no exception.Full Article: Knowing It's Right: Limiting the Risk of Certifying Elections: Democracy Fund.
Michigan: Three communities auditing May election results as part of election security pilot program | Lauren Gibbons/mlive.com
Michigan elections officials are continuing pilot tests of an auditing system to check election results, with the ultimate goal of perfecting a process for verifying outcomes of both local and statewide races. The pilot audit kicked off in Lansing Monday, where local and state elections officials joined national experts and observers from around the country in overseeing a “risk-limiting audit” of the results in a May ballot question regarding a millage for the Lansing School District. The risk-limiting audit process relies on a mathematical formula to randomly select ballots for auditors to review, and is intended to detect any potential irregularities that could have influenced the outcome of the election. Colorado currently uses risk-limiting audits to test election results.Full Article: Three Michigan communities auditing May election results as part of election security pilot program - mlive.com.
Oregon: On Election Day, Oregon Senate passes bill requiring future election audits | Associated Press
County clerks in Oregon would be required to audit results after each election under a bill that overwhelmingly passed the Senate on Election Day. The bill approved Tuesday requires county clerks to conduct hand-count or risk-limiting audits after every primary, general and special election. Risk-limiting audits are based on counts of statistical samples of paper ballots. Sen. Lew Frederick, a Portland Democrat, said the bill ensures more audits happen to make sure election results are correct. The bill requires audits after every election, instead of just general elections. It goes next to the House. Heading into the 2020 cycle, a new report out Tuesday provides a stark warning about the cyber-insecurity of the highest-profile U.S. political organizations even after years of concerted efforts to improve digital safeguards and an intense focus in Washington on the need to secure campaigns and elections.Full Article: On Election Day, Oregon Senate passes bill requiring future election audits;.
Media Release: Verified Voting Applauds Oregon’s Senate for Passing Bill Requiring Robust Post-Election Audits to Verify Elections
Marian K. Schneider: “Oregon is leading the way towards better integrity and security with the passage of SB 944.”
The following is a statement from Marian K. Schneider, president of Verified Voting, on Oregon’s Senate passage of SB 944, offering counties the option to audit elections using a process known as risk-limiting audits, which are designed to bolster public confidence in elections. For additional media inquiries, please contact firstname.lastname@example.org
“Oregon is leading the way towards better election integrity and security with the Senate’s passage of SB 944. This bill requires county clerks across the state to conduct audits after every election — not just general elections — and lets them choose between a partial hand count and risk-limiting audits (RLAs). An RLA examines a sample of the paper ballots to check if the election outcome is correct. RLAs provide strong evidence when election outcomes are correct, and have a guaranteed large chance of correcting wrong outcomes or, outcomes that are wrong because of counting errors.
Verified Voting Blog: Verified Voting Testimony Before the House Administration Committee hearing on “Election Security”
Election administration depends on computers at multiple points in the election process. Equipment for voting is but one part of a broad array of election technology infrastructure that supports the conduct of elections today. Some of that technology infrastructure includes voter registration databases, internet facing applications such as online voter registration and polling place lookup, network connections between state government and local jurisdictions, the computers that program the voting devices that record and count votes in addition to the voting devices themselves. Some jurisdictions also use electronic poll books to check voters in at polling sites and most states and localities report election night returns via a website. To the extent that any of these can be compromised or manipulated, can contain errors, or can fail to operate correctly—or at all—this can potentially affect the vote. Election system security requires not only efforts to prevent breaches and malfunctions, but also fail-safes that address breaches and malfunctions that do occur. The security of election infrastructure has taken on increased significance in the aftermath of the 2016 election cycle. During the 2016 election cycle, a nation-state conducted systematic, coordinated attacks on America’s election infrastructure, with the apparent aim of disrupting the election and undermining faith in America’s democratic institutions. Intelligence reports and recent investigations demonstrate that state databases and third-party vendors not only were targeted for attack, but were breached. The consensus among the intelligence community is that future attacks on American elections are inevitable.2 The inevitability of attacks is a key concept in cyber security: it’s not whether a system will be attacked, but when. Moreover, cyber security experts now agree that it is impossible to thwart all attacks on computer systems. Rather, best practice demands a multi-layered approach built around the concept of resiliency. Systems are resilient if owners can monitor, detect, respond and recover from either an intentional attack or a programming mistake or error. The capacity to recover from even a successful attack is integral to the security of U.S. elections. Despite considerable progress in the last few years, much work must be done to secure our nation’s elections infrastructure. Two primary areas that require immediate and sustained attention are 1) securing both the state and county networks, databases and data transmission infrastructure that touch elections; and 2) instilling confidence in election outcomes by replacing older, vulnerable legacy voting systems with new systems that permit reliable recounts and post-election audits. Full Article: Written Testimony for U.S. House Committee on House Administration hearing on “Election Security.”.Full Article: Written Testimony for U.S. House Committee on House Administration hearing on “Election Security.”.
East Texas state Sen. Bryan Hughes’ signature bill on election security won passage Monday in the Texas Senate and moves to the House of Representatives for debate. Senate Bill 9 creates a paper trail for electronic voting. It also takes aim at voter fraud that can occur when people who help disabled voters try to influence how they vote. It enhances the penalty for making a false statement on a mail ballot application from a misdemeanor to state jail felony and requires those who help voters who are not family members to sign a form documenting their role. The bill also would require people who help disabled voters cast a mail-in ballot officially certify that the voter they help is physically unable to enter a poll without risk to harm. In addition, it allows poll watchers to accompany both the voter and helper into the voting area. “The heart of the bill is that paper ballot, that paper backup,” Hughes, R-Mineola, said as he urged passage of the measure. “This is not a partisan issue. … It says if you’re going to bring someone to the polls and help them cast their ballot … then, yes. We want to know your names.” Hughes chaired a Select Committee on Election Security last summer in preparation for the legislative session that opened in January. Many of the provisions in his Senate Bill 9, he told senators, came from sworn testimony from Democrats and Republicans. The bill passed on a 19-12 vote along party lines. “For whatever reason, the national Democrats made this a lightning rod,” he said. “Election integrity is important to all of us.”Full Article: Hughes' election security bill passes in Senate | Elections | news-journal.com.
Rhode Island: Russia Wants to Undermine Trust in Elections. Here’s How Rhode Island Is Fighting Back | Time
When a group of Rhode Island’s top officials gathered in a chilly warehouse in Providence in mid-January to fight foreign interference in U.S. elections, the mood was festive. After Secretary of State Nellie Gorbea’s name was pulled out of a knit Patriots hat, the crowd applauded and cheered uproariously. And when she leaned over a plastic table to roll a 10-sided die typically used for Dungeons and Dragons, people watched intensely. Then the work began. The number generated from 20 rolls of the dice was used to pick the ballots that would be pulled and tested to see if November’s vote counting had been done correctly, a final fail-safe against a hacked election, all done in plain view of the public. “Democracy and elections are only as good as whether people trust them or not,” Gorbea said. “Confidence in our democracy is critical to every other public policy issue.” Voting experts say this kind of election audit is critical to thwarting attempts to meddle with American democracy. It not only detects problems with ballot counting, but the open nature of the audit itself also helps restore voters’ confidence in the system.Full Article: Rhode Island Seeks to Restore Voters' Trust in Elections | Time.
Rhode Island: To enhance election security, Rhode Island tests a new way to verify election results | Uprise RI
Rhode Island is making good on its promise to road-test risk-limiting election audits, following 2017 passage of legislation by the Rhode Island General Assembly, requiring them. Beginning with the presidential primary in April 2020, Rhode Island will become the second state to require these audits to verify election results. A “risk limiting” audit checks if the election result is correct. Specifically it checks the counting of the votes. A “risk-limiting” audit limits the risk that the wrong election result will be certified. It can catch errors which change the result and correct a wrong result. To prepare for next year’s full implementation, the Rhode Island Board of Elections will conduct three pilot audits on January 16 and 17 at 50 Branch Avenue in Providence, Rhode Island beginning at 9:30 a.m. These pilot audits will be conducted with local election officials from Bristol, Cranston and Portsmouth, Rhode Island.Full Article: To enhance election security, Rhode Island tests a new way to verify election results – Uprise RI.
The American Statistical Association Board of Directors announces its endorsement of Principles and Best Practices for Post-Election Tabulation Audits. The December 2018 document–which updates a 2008 document with the latest statistical research and best practices–“is meant to provide guidance to relevant legislative bodies, state and local election administrators and vendors…” because a “healthy democracy requires widespread trust in elections… [and] people need to be sure that the official election outcomes match the will of the voters.” Imagine someone counted hundreds of blue, red and white marbles in a bag and concluded there are many more red marbles than blue marbles. How can you trust that conclusion? You could dump out the marbles and count each one. Or you could use statistics to do the job faster.Full Article: American Statistical Association endorses post-election audits principles | EurekAlert! Science News.
Voting Blogs: Pilots of risk-limiting election audits in California and Virginia | Andrew Appel/Freedom to Tinker
Orange County, CA Pilot Risk-Limiting Audit, by Stephanie Singer and Neal McBurnett, Verified Voting Foundation, December 2018.
City of Fairfax,VA Pilot Risk-Limiting Audit, by Mark Lindeman, Verified Voting Foundation, December 2018.
In order to run trustworthy elections using hackable computers (including hackable voting machines), “elections should be conducted with human-readable paper ballots. … States should mandate risk-limiting audits prior to the certification of election results.”
What is a risk-limiting audit, and how do you perform one? An RLA is a human inspection of a random sample of the paper ballots (or batches of ballots)—using a scientific method that guarantees with high confidence that if the voting machines claimed the wrong winner, then the audit will declare, “I cannot confirm this election,” in which case a by-hand recount is appropriate. This is protection against voting-machine miscalibration, or against fraudulent hacks of the voting machines.
That’s what it is, but how do you do it? RLAs require not only a statistical design, but a practical plan for selecting hundreds of ballots from among millions of sheets of paper. It’s an administrative process as much as it is an algorithm.
In 2018, RLAs were performed by the state of Colorado. In addition, two just-published reports describe pilot RLAs performed by Orange County, California and Fairfax, Virginia. From these reports (and from the audits they describe) we can learn a lot about how RLAs work in practice.Full Article: Pilots of risk-limiting election audits in California and Virginia.
Three Michigan cities are testing a new process designed to provide strong statistical evidence that the election outcome is correct. The “risk-limiting audit” is a relatively new election security measure being tested across Michigan this week. It’s designed to detect irregularities that could influence reported election outcomes, including cyber-attacks and unintentional machine or human errors. The goal of the pilot will be to determine how risk-limiting audits could be rolled out statewide. Kalamazoo, Lansing and Rochester Hills will also pilot the procedure during the first week of December. “Our goal as election administrators is to foster confidence in the electoral process, the results of that process, and ultimately our democratic institutions,” said Kalamazoo City Clerk Scott Borling. “Michigan voters put their faith in us to conduct free and fair elections. The Risk-Limiting Audit provides another tool and opportunity to demonstrate their trust is well placed.”Full Article: ‘Risk-Limiting’ Audits Could Provide Election Assurances.
Three Michigan cities are testing a new process designed to provide strong statistical evidence that the election outcome is correct. The “risk-limiting audit” is a relatively new election security measure being tested across Michigan this week. It’s designed to detect irregularities that could influence reported election outcomes, including cyber-attacks and unintentional machine or human errors. The goal of the pilot will be to determine how risk-limiting audits could be rolled out statewide. Kalamazoo, Lansing and Rochester Hills will also pilot the procedure during the first week of December. “Our goal as election administrators is to foster confidence in the electoral process, the results of that process, and ultimately our democratic institutions,” said Kalamazoo City Clerk Scott Borling. “Michigan voters put their faith in us to conduct free and fair elections. The Risk-Limiting Audit provides another tool and opportunity to demonstrate their trust is well placed.”Full Article: New election security test will audit 2018 results in 3 Michigan cities | MLive.com.
On Monday, Dec. 3, Rochester Hills will conduct Michigan’s first pilot of a risk-limiting post-election audit. Risk-limiting audits provide a check on election results. The procedure is designed to detect irregularities that may include intentional cyber attacks or unintentional error that may change the reported election outcomes. “Michigan voters put their faith in us as election administrators to conduct free and fair elections,” said Rochester Hills Clerk Tina Barton. “This procedure will provide us with another opportunity to confirm their trust is well placed.” The pilot is one of three to be conducted the first week of December and part of the first multi-jurisdictional risk-limiting audit pilot in the country. Lansing and Kalamazoo will hold their pilots later in the week.Full Article: Rochester Hills to conduct post-election audit | Local News | theoaklandpress.com.
California: California doesn’t need better voting machines — it needs better audits, experts say | The Peninsula Press
When voters in Alameda and Santa Clara County head to the polls on Nov. 6, about one percent will cast their ballots on electronic voting machines that have known security vulnerabilities. California has safeguards in place. In addition to requiring paper records for votes cast on electronic machines, California also manually audits one percent of all ballots cast, to make sure there’s no discrepancy in the numbers. Now, experts like David Dill, a computer science professor at Stanford and founder of Verified Voting, are saying that isn’t enough, and are pushing states like California to implement more rigorous auditing methods. “The problem of protecting machines is pretty unmanageable, even with the best and most modern hardware … so what you need to do is select a bunch of ballots at random and hand count them in order to make sure the electronic counts are accurate,” says Dill.Full Article: California doesn’t need better voting machines — it needs better audits, experts say - Local: In The Peninsula.
Editorials: Protect public trust by auditing elections: It’s easier than you might think | Marc Schneider/The Hill
Pick one word for how the Russians interfered with the 2016 presidential election. How about “distrust?” They used trolling, false stories, fake accounts, and cyberattacks to sow distrust among the American people. And without a doubt, Russians and other adversaries are working hard now to spark anger, confusion, and conflict along economic, gender, political, and racial lines within our country. While an effort to reduce confidence in our voting systems — the actual machines and processes we use to register voters and elect our leaders — was a factor in 2016, I believe it will be an even greater factor moving forward. Why? Because it would be so effective. The objectives of campaigns like Russia’s are to divide and demoralize the public, muddy discourse, and discredit and undermine whoever they see as opponents. What better way to do that than by delegitimizing the election results, particularly in hotly contested races where a small number of votes can make all the difference?Full Article: Protect public trust by auditing elections: It’s easier than you might think | TheHill.
The National Academy of Sciences report is blunt: “There is no realistic mechanism to fully secure vote casting and tabulation computer systems from cyber threats.” But election officials can and should audit votes — rather than performing time-consuming full recounts — before election results are certified to confirm their legitimacy, the report states. Risk-limiting audits are a relatively new way to double-check the results of an election after the fact. First implemented in Colorado in 2017, the audits examine a randomly chosen, statistically significant number of paper ballots and compare the results in those ballots to the actual result. They’re done no matter the margin of victory; suspicious results may trigger a full recount. “It’s an abbreviated recount, in a sense,” said Ronald Rivest, one of the inventors of the RSA public-key cryptosystem and a member of the NAS panel that wrote the report.Full Article: Risk-Limiting Audits Can Support an Election’s Legitimacy - StateTech Magazine.
Since the adoption of electronic voting machines in the 1990s, election experts have argued that paper records are critical for auditing elections and detecting potential tampering with vote tallies. The issue gained new prominence following the 2016 elections, which spurred multiple investigations into allegations of Russian interference in the electoral process. In a panel discussion hosted by Princeton’s Center for Information Technology Policy (CITP), experts examined the state of U.S. election security. The moderator Ed Felten, the Robert E. Kahn Professor of Computer Science and Public Affairs and director of CITP, opened the discussion by noting that “Princeton has quite a bit of expertise in this area.” He cited two faculty members working in election technology and policy, Andrew Appel and Jonathan Mayer. Appel, the Eugene Higgins Professor of Computer Science, recently served as a member of the National Academies’ Committee on the Future of Voting, while Mayer, assistant professor of computer science and public affairs, recently developed bipartisan election security legislation as a staffer in the United States Senate. Also on the panel was Marian Schneider, a former Pennsylvania elections official and the president of Verified Voting, a nonprofit organization that aims to improve election security practices.Full Article: Experts assess voting security as midterm elections approach.