After extensive ups and downs, the election recount efforts in Michigan, Wisconsin, and Pennsylvania have concluded. The main lesson: ballot audits should be less exciting and less expensive. Specifically, we need to make audits an ordinary, non-partisan part of every election, done efficiently and quickly, so they are not subject to emergency fundraising and last-minute debates over their legitimacy. The way to do that is clear: make risk-limiting audits part of standard election procedure. After this year’s election, EFF joined many election security researchers in calling for a recount of votes in three key states. This was partly because of evidence that hackers affected other parts of the election (not directly related to voting machines). But more than that, it was based long-standing research showing that electronic voting machines and optical scanners are subject to errors and manipulation that could sway an election. In response to that call, Green Party candidate Jill Stein’s campaign raised more than $7 million to fund the recounts.
The recount processes were, to say the least, disappointing. In Pennsylvania, the campaign’s request for a recount was rejected by a federal judge. In Michigan, the recount started, but was halted a few days later. Only Wisconsin completed its recount, confirming the original vote result. However, many Wisconsin counties opted to simply run the ballots through their tabulating machine again. The obvious flaw with this technique is that if the tabulating machines were broken or compromised, the same inaccuracies they registered the first time around would show up the second time around, accomplishing nothing. However, based on the hand recounts performed in other Wisconsin counties, it’s very unlikely that recounting those counties would have changed the overall result.
It’s possible to achieve high confidence in a result and to be much more confident that the election is actually audited by only recounting some of the ballots. The technique is called a risk-limiting audit and it, roughly, works like this: you choose some percentage chance of spotting an incorrect result—say, 90% or 95%. Based on that chance, you can determine how many ballots to randomly sample for a hand recount. Close elections require you to sample more ballots than elections won by a large margin, and choosing a higher chance of spotting an incorrect result similarly means counting more ballots. There are a few other requirements. But in nearly all cases, a risk-limiting audit can be performed by hand-counting a much smaller number of ballots than a full recount. For instance, election security researcher Ron Rivest calculates that Michigan, if it had risk-limiting audits, could have counted just 11% of the ballots and achieved a 95% chance of spotting an incorrect result. Texas and Missouri, with their wider margins, could have counted 700 ballots and 10 ballots, respectively, to achieve the same confidence.