Verified Voting Director of Science and Technology Policy Mark Lindeman and Senior Advisor Pamela Smith collaborated with the California Voter Foundation and other partners in submitting a public comment letter responding to California’s proposed risk-limiting audit regulations. Visit the California Secretary of State’s website to view the proposed regulations. Download the Letter (pdf)
Dear Secretary Padilla:
We write in response to your recent request for public comment on proposed regulations that would impact the procedures used by election officials to conduct risk-limiting audits.1
Thank you for your office’s efforts in developing the proposed regulations. As most of us are members of the workgroup that your office convened earlier this year, we appreciate the amount of work that went into developing these proposed regulations. We especially applaud the inclusion of the provisions regarding chain of custody, certification of contest results and reporting of audit results, public education, and the requirement for posted written audit procedures.2
We do, however, urge four modifications to the regulations. First, the regulations appear to conflict with California law which requires that when a county conducts a risk-limiting audit in place of the one percent manual tally, it must do so for each and every contest; as we discuss below, the language of the proposed regulations only requires RLAs for three contests and establishes a new auditing procedure not found in the statute. Second, we recommend that the final regulations require the Secretary to disclose the source code of the RLA software tool. Third, we urge the Secretary to ensure in the regulations that cast vote records be made publicly available online sufficient to allow the public to verify that the RLA is being conducted appropriately. Finally, we recommend that the Secretary clarify how partial RLAs will work.
Below, we respectfully provide comments on each relevant section of the regulations.
20110. General Provisions
The word “manually” is misspelled twice in this section and should be corrected to say “manual.”
Please consider moving the definition for “random seed” that appears in Section 20120 to this section.
20112. Audit Types
We believe the software used to develop this tool should be required to be publicly disclosed, as this is essential to the transparency of audits and necessary for the audit to deserve public trust.3 This is already the prevailing practice in the field, and given the nature of the job this tool is built to perform, it is necessary for the public to be able to inspect and verify the tool’s software and ensure the legitimacy of the audit process.4 The legislature also addressed this question in AB 2125, specifying that the implementing regulations “shall”:
(E) Establish procedures and requirements for testing and disclosing the algorithms and source code of any software used by the Secretary of State for the selection of ballots to be included when elections officials conduct risk-limiting audits under this article.
(G) Establish procedures and requirements to ensure the audit process is observable and verifiable by the public, including disclosing the methods used to select samples and to calculate the risk, providing public opportunity to verify that the correct ballots were inspected during the audit, and providing public opportunity to observe the inspection of the voters’ marks on the ballots during the audit.5
20114. Selection of Contests
The proposed regulations should be modified to ensure that they comply with California law. The California Elections Code states that whenever an elections official conducts a risk-limiting audit “in place of” the traditional one percent manual tally,6 each and every contest should be subject to a risk-limiting audit, not selected contests.
AB 2125 requires that “[p]articipating counties shall conduct a risk-limiting audit on each contest fully contained within the county’s borders, and partial risk-limiting audits for each cross-jurisdictional contest” (emphasis added).7 The proposed regulations, as currently written, instead state that “an elections official shall conduct an RLA or partial RLA on at least three contests,”8 and would require different auditing procedures for all other contests. As we read the proposed regulations, they provide for three types of audits:
• RLAs conducted pursuant to California Elections Code §15367. The proposed regulations contemplate that for at least three contests, the elections official shall conduct an RLA with a five percent risk limit.9
• Contests appearing on ballots selected for an RLA, but which themselves were not selected for an RLA or partial RLA. Our concern with this provision is that it introduces a new audit procedure that is not authorized under existing law. These contests will not be subject to the 5% risk limit, nor will they be subject to a one percent manual tally, nor a one-precinct manual tally. The proposed regulations provide that for such contests, the voters’ choices shall be recorded and “entered into the RLA software tool,” but do not order any further action or clarify how this process will enable the public to verify the results produced from those choices.10 Such contests will not be audited until a five percent risk limit has been reached, as the statute requires, and the proposed regulations do not require any further action even if errors or inconsistencies are found. We understand, based on the Initial Statement of Reasons provided in conjunction with the Proposed Regulations, that the purpose of this method is to allow “the RLA to verify the results of those contests.”11 Unfortunately, this method may not verify the results of those contests in any statistically meaningful or statutorily permitted way, and would introduce a potentially confusing new form of audit.
• Contests not contained on any of the ballots selected for the audit. The proposed regulations provide that for contests not contained on any of the ballots selected for an RLA, the elections official shall “select one or more precincts at random from precincts that contain the contest and manually tabulate the votes in that contest in those precincts,” as set forth in Sections 15360(a)(1)(B)(i) and (a)(2)(B)(iii)(1) of the Elections Code.12
We are aware that the statute as written is problematic given that to conduct RLAs for every contest in some jurisdictions would be burdensome and require a steep learning curve. And we deeply appreciate your staff’s effort to come up with a solution that could resolve this problem. However, we cannot support regulations that directly contradict statutory requirements, especially in an area of public policy as important as the public verification of election results, and particularly at a time when it is well known that foreign adversaries have been and will likely continue to attempt to interfere with and subvert U.S. elections.
We are also concerned that this provision could put elections officials into the difficult position of having to choose whether to comply with statute or with regulations.
In our view, the most feasible way to resolve the conflict between the proposed regulations and the statute is to revise Section 20114 to apply to all contests in participating jurisdictions, and to delete Sections 20124(d) and 20124(g). This will clarify that if an elections official chooses not to conduct RLAs for each and every contest in their jurisdiction, they must continue to conduct the one-percent manual tally pursuant to Section 15360 of the Elections Code. Numerous California county election officials have already been experimenting with risk-limiting audit processes in California on a voluntary basis for nearly a decade, while continuing to perform the one percent manual tally audit, and can continue to do so in 2020 with or without these regulations in place.
Alternatively, we recommend that the Secretary ask the legislature to pass emergency legislation that postpones the implementation of AB 2125 until the November 2020 election, and, in lieu of conducting the full one percent manual tally, permits counties to conduct a minimum of three RLAs of contests wholly contained within the county, and requires a one percent manual tally of the remaining contests as set forth in Section 15360 of the Elections Code.
Again, we understand that there may be prohibitive administrative burdens in conducting an RLA on every contest within a county and we commend your extensive and thoughtful efforts to develop a sound approach to RLAs in light of such burdens. However, we recommend that these difficulties be addressed in future legislative text rather than through regulations.
20118. Chain of Custody
We appreciate the inclusion of all these sections, and especially applaud the requirement in Section 20118 that:
The elections official shall establish written procedures to ensure the security, confidentiality, and integrity of any ballots, cast vote records, or any other data collected, stored, or otherwise used pursuant to this section. These procedures shall be published on its website at least five days in advance of the audit.
20119. Data Publication Prior to Audit
Please refer to our discussion of Section 20125 of the proposed regulations Section 20125, below.
20123. Ballot Retrieval and Manual Examination
Please refer to our discussion of Section 20114 of the proposed regulations, above. While we encourage the Secretary continue to explore alternatives to an all contest RLA requirement, such alternatives should be structured in a way that ensures that all contests are subject to an audit that provides a meaningful level of statistical verification.
20124. Public Observation and Verification of Audit This section requires election officials to:
(a)(3) Provide observers with an oral and/or written explanation of the RLA process, a written code of conduct for observation, and any documentation they will need for informed and effective observation.
(A) The code of conduct for observation will explain the rights and responsibilities of observers.
(B) Such documentation shall include but not be limited to any data the audit relies upon, including the ballot manifest and the cast vote records for ballot-level comparison audits.
To enhance the transparency of the audit process, we suggest supplementing subsection (a)(3) to read (suggested addition in boldface):
(a)(3) Provide observers with an oral and/or written explanation of the RLA process, a written code of conduct for observation, and any documentation they will need for informed and effective observation, including an explanation of what a cast vote record is and how it was generated.
We suggest this addition because it will bring greater transparency to the audit process.
20125. Certification of Contest Results and Reporting of Audit Results
We believe it is important to post the cast vote records online so that voters may verify the results of the audit and consequently the results of the election.13 Although the current regulations require a subset of the cast vote records to be published online, without the full data set there is no way for the public to independently verify the audit or the election outcome.14 If the full cast vote record is not to be published online, it is important to outline how the cast vote record will be provided to the public at the audit site in a form and format that enables the public to verify the audit process and election outcome.15
We would also appreciate modification to the language in Sections 20119(b) and 20125(a)(9)(b) to allow for the publishing of full cast vote records, if election officials choose to do so, as long as any identifiable information is redacted, obscured, or encrypted.
Thank you for proposing subsection (c), requiring the Secretary of State to publish reports from counties. In our view, it will be helpful to have any reports accessible from a central location.
Partial Risk-Limiting Audits
We believe it would be helpful to election officials if there were some clarification in how to conduct a partial RLA. The language in SB 2125 defines a partial RLA but does not fully describe the process by which a county should conduct a partial RLA.16 Notably, a partial RLA conducted in only some of the counties involved in a cross-jurisdictional race is not equivalent to a full RLA. The idea behind a partial RLA is that if each and every county involved in a race conducts a partial RLA, it will have a similar effect as a traditional RLA. The proposed regulations do not provide for this.
In addition, we note that the proposed regulations would permit each of the three RLAs the Secretary chooses to be partial RLAs.17 We do not think it would be prudent to make it possible for all of a participating county’s RLAs to be partial RLAs, which under the proposed regulations do not produce the meaningful statistical verification of election results that risk-limiting audits are designed to provide.
We understand and appreciate the extensive effort involved in developing these regulations. The proposed regulations offer valuable guidelines for how California counties can conduct risk-limiting audits. We do, however, strongly urge further clarification to ensure that the regulations do not expressly contradict existing law and to allow for greater transparency so that the public can ensure that RLAs are implemented as designed.
We appreciate your consideration and welcome the opportunity to meet and continue working together to shape California’s risk-limiting audit regulations.
Kim Alexander, President, California Voter Foundation
Jack Lerner, Board of Directors, California Voter Foundation; Clinical Professor of Law, University of California, Irvine
Pamela Smith, Senior Advisor, Verified Voting
Mark Lindeman, Director, Science and Technology Policy, Verified Voting
Kammi Foote, Clerk-Recorder and Registrar of Voters in Inyo County; Board of Directors, California Association of Clerks and Election Officials
Philip B. Stark, Professor of Statistics, University of California, Berkeley
The signatories wish to thank Hannah Green and Prachi Mistry, Certified Law Students in the UCI Intellectual Property, Arts, and Technology Clinic at the University of California, Irvine School of Law, for their assistance in preparing these comments.
- Proposed Regulatory Action: Risk-Limiting Audits, Title 2, Division 7, Chapter 2 of California Code of Regulations. (proposed October 25, 2019) (hereinafter “proposed regulations”). ↩
- Id. ↩
- Cal. Elec. Code §§ 15365-67. ↩
- Id. § 15367(g). ↩
- A.B. 2125, 2018 Leg., Reg. Sess. (Cal. 2015), codified at Cal. Elec. Code § 15365-67. ↩
- Cal. Elec. Code. § 15367. ↩
- Id. § 15367(a). ↩
- Proposed regulations § 20114. ↩
- Id. §§ 20114, 20111(j), 20112; see also Cal. Elec. Code §§ 15365-67. ↩
- Proposed regulations § 20124(d). ↩
- CA SEC’Y OF STATE, Proposed Regulatory Action: Risk Limiting Audits Initial Statement of Reasons (2019), https://admin.cdn.sos.ca.gov/regulations/proposed/elections/audits/audits-statement-reasons.pdf. ↩
- Proposed regulations § 20124(g). ↩
- Proposed regulations § 20125 (a)(9)(b); Cal. Elec. Code § 15367(g). ↩
- Id. § 15367(g). ↩
- Proposed regulations § 20119 (b); Cal. Elec. Code § 15367(g). ↩
- Cal. Elec. Code § 15366 and Cal. Elec. Code § 19209 provide definitions for “partial risk-limiting audit.” ↩
- As the Secretary indicated in the Initial Statement of Reasons that accompanies the proposed regulations regarding Section 20114, Selection of Contests, “Non-statewide contests can be either fully (for example, District Attorney, County Supervisor, or city council member) or partially (for example, a State Senate district that crosses county boundaries) contained in the jurisdiction.” CA SEC’Y OF STATE, Proposed Regulatory Action: Risk Limiting Audits Initial Statement of Reasons (2019), https://admin.cdn.sos.ca.gov/regulations/proposed/elections/audits/ audits-statement-reasons.pdf. ↩