risk limiting audits

Tag Archive

Verified Voting Blog: Letter to Georgia Secretary of State regarding Verified Voting’s position and involvement with risk-limiting audit pilots

The following letter was sent to Georgia Secretary of State Brad Raffensperger on December 16, 2019. The letter addresses Verified Voting’s concerns following the November 2019 election in Georgia and provides clarity on Verified Voting’s position and involvement with risk-limiting audit pilots in the state.

Download the Letter (PDF)

Dear Secretary Raffensperger,

I am writing to address a few issues that have concerned us since the November election and so that you and your staff have clarity on Verified Voting’s position.

As an initial matter, Verified Voting did not recommend that Georgia purchase all ballot marking devices for all in-person voters. We made our position clear in a letter to the co-chairs of the SAFE Commission dated January 4, 2019 attached for your reference. Verified Voting stands by its position and notes that this continues to be our recommendation for jurisdictions who are deciding what system to purchase among commercially-available voting systems. The fact that Georgia did not follow our recommendation and purchased Dominion BMDs for all in- person voters does not change our position.

Since the summer of 2019, Verified Voting has been working with the staff of the Secretary of State to implement post-election risk-limiting audits. Mark Lindeman, Director of Science & Tech Policy at Verified Voting has been the primary contact for your staff and is a subject-matter expert on RLAs. Our work with you on the implementation phase in no way endorses Georgia’s decision to move forward with BMDs instead of our prior recommendation of both hand-marked paper ballots and ballot marking devices in the polling place.

A risk-limiting audit is a tabulation audit: it uses statistical methods to provide confidence that the paper ballots were correctly tabulated. It checks only the tabulation, namely whether a full hand-count of the cast paper ballots would reveal something different than the reported outcome. It does not check — among other things — that voters actually verified their paper ballots, or that the paper ballots being tabulated are exactly those paper ballots that should be tabulated. Nor does it check whether strong chain of custody procedures, proper ballot accounting or other processes necessary to create a trustworthy record were observed. To express or imply that doing an RLA pilot demonstrates the security of the system is simply not true. Read More

Verified Voting Blog: The Role of Risk-Limiting Audits in Evidence-Based Elections

In the aftermath of the 2016 election cycle, interest in securing American elections from tampering or hacking has intensified. Given that 99% of our votes are counted by computers, and that computers are used in every aspect of the electoral process, election security is a top priority. For over a decade, Verified Voting has advocated for the widespread adoption of post-election risk-limiting audits (RLAs) alongside other best practices to facilitate a trustworthy and auditable record of votes cast.

A post-election risk-limiting audit (RLA) is one of the pillars of cyber security. In this day and age of nation state attacks on our election systems, it is very important for election systems to be resilient and provide a way for jurisdictions to identify problems and to recover from them. Security experts agree that the best method is voter-marked paper ballots (which voters choose to mark by hand or with a ballot marking device), having a deliberate and intentional step for voters to verify their ballot selections, providing a strong chain of custody of the ballots, and checking that the computers counted them correctly (RLAs).

Evidence-Based Election Ecosystem

Risk-limiting audits are one piece of the larger ecosystem of evidence-based elections that depend upon a trustworthy record to give confidence to election outcomes. There are some things that risk-limiting audits do not do. They do not tell us whether the voting system has been hacked. They do not and cannot determine whether voters actually verified their ballots. But they can detect and correct tabulation errors that could alter election outcomes — or provide strong evidence that a full hand count would yield the same outcomes.   Read More

Pennsylvania: Philadelphia tests way to ensure no one hacks 2020 presidential election in Pennsylvania | Jonathan Lai/The Philadelphia Inquirer

Philadelphia voters can rest assured Jim Kenney really was reelected mayor this month, according to a squad of data and voting experts from around the country who ran a rigorous statistical test of the results Thursday. But while it’s no surprise that a Democrat won by 80 percentage points in an overwhelmingly Democratic city, it’s notable that the scientists were able to conduct such an audit in the first place. That’s because on Nov. 5, for the first time, Philadelphia used voting machines that leave a paper record of voters’ choices. As Pennsylvania’s counties roll out similar new machines required to create paper trails in time for the 2020 presidential election, the reported electronic returns can now be checked for accuracy. That’s an important change in a state that Donald Trump carried in 2016 by slightly more than 44,000 votes, or less than 1%. Pennsylvania is expected to be critical again next year. “We know we saw in 2016, everybody wondering, was this real, was this not real?” said Kathy Boockvar, secretary of the commonwealth, whose department oversees Pennsylvania elections. In 2020 and beyond, with what are known as risk-limiting audits, election officials will be able to confirm that the text of paper ballots lines up with what ballot-reading machines say. “The stakes are high, people are very passionate, and we have the paper that will be able to show the actual evidence,” Boockvar said. Officials hope the audits will make it harder for bad actors to tamper with the results. They also hope to increase public confidence in elections generally, following what U.S. intelligence agencies concluded was a systematic campaign by Russia to interfere in the 2016 election to boost Trump. (That campaign involved the dissemination of news and information Americans consumed, not the manipulation of actual votes or voting machines.) Read More

National: CISA and VotingWorks release open source post-election auditing tool | Catalin Cimpanu/ZDNet

The US Cybersecurity and Infrastructure Security Agency (CISA) and VotingWorks, a non-partisan, non-profit organization, have open-sourced today a tool for the post-election auditing process. Developed by VotingWorks and named Arlo, the tool is available on GitHub. It’s a web-based app designed specifically for the US election process where votes are tallied electronically using software or special machines. To safeguard the election process against hacked or faulty voting systems, the US government mandates that all counted votes go through a post-election audit to verify the results, in a process called a Risk-Limiting Audit (RLA). Arlo is designed to automate this auditing process by automatically selecting random voter ballots for the RLA process, providing auditors with the information they need to find those ballots in storage, helping officials compare audited votes to tabulated votes, and providing monitoring & reporting capabilities so that election officials and public observers can follow the audit’s progress and outcome. “The tool supports numerous types of post-election audits across various types of voting systems including all major vendors,” CISA said in a press release today. CISA did not develop Arlo — created by VotingWorks on its own — but the agency has adopted the tool and is currently working on convincing state election officials to deploy it before next year’s presidential election. Read More

Pennsylvania: State starts testing new election auditing procedures | Emily Previti/PA Post

Pennsylvania’s elections overhaul isn’t limited to deploying new voting machines and making sweeping changes to absentee voting and registration deadlines. Officials also are working on new post-election auditing procedures that employ statistical modeling. Test runs occurred earlier this week in Mercer County and are scheduled for Thursday in Philadelphia. Post-election audits already happen in Pennsylvania. State law requires counties to audit 2 percent of ballots cast – or 2,000, whichever is less – in each race. Other auditing criteria – such as sample ballot selection – are largely left up to county election officials. That’s expected to change in 2022. The state agreed to implement a more robust post-election audit system — called risk-limiting audits — as part of the settlement of a lawsuit brought by 2016 Green Party presidential candidate Jill Stein. “The process that’s in place now is practically meaningless,” Stein’s spokesman Dave Schwab wrote in an email Tuesday. “In contrast, risk-limiting audits are designed to use the paper records to ensure that the machine count didn’t produce the wrong winner.” Read More

Colorado: Secretary of State’s Office begins post-election ballot audit | Michael Karlik/Colorado Politics

Secretary of State Jena Griswold on Friday directed county clerks to begin the audit of a random selection of ballots after this month’s general election. A press release said that this risk-limiting audit, the only statewide one in the country following most elections, provides a “high statistical level of confidence that the outcome of an election is correct and reflects the will of the voters.” Colorado conducted its first statewide audit in 2017, covering all counties that used machines to tally their votes. Two counties, Jackson and San Juan, do not perform an audit because their ballots are hand counted. The secretary of state’s office randomly chose the ballots for each clerk to review using a 20-digit number, generated from multiple rolls of a 10-sided die. “If what the audit board reports matches how the voting system tabulated the ballots, the audit concludes,” Griswold’s website explains. “If there are discrepancies, additional ballots are randomly selected to compare until the outcome has been confirmed. If the wrong outcome was reported eventually all of the ballots will be examined and a new outcome will be determined.” Read More

Pennsylvania: Mercer County conducts first risk limiting election audit | Glenn Stevens/WFMJ

Mercer County is conducting a risk-limiting post-election audit for the first time in Pennsylvania. A working group assembled at the Mercer county courthouse on Monday to perform the post-election audit.   It’s described as a scientifically designed procedure that utilizes math and statistical data to confirm election outcomes. “They’ve found out a way to use the math to provide a statistical certainty that the results that we are reporting accurately reflect that’s what the voters did,” said Mercer County Elections Director Jeff Greenburg. “The math is maybe a little complicated for the average person until you get kind of hands-on experience, and that’s really what we’re doing here today,” according to Jonathan Marks, Deputy Secretary of Elections for Pennsylvania.  Pennsylvania has returned to a paper ballot, and the risk-limiting audit is viewed as another step forward for voter confidence and election integrity. Read More

Georgia: Paper ballots recounted to check election results in Georgia | Mark Niesse/The Atlanta Journal-Constitution

A recount of ballots printed out by Georgia’s new voting system confirmed the accuracy of electronically counted election results, state election officials said Wednesday. But critics say the state’s audit proved nothing, and they believe ballots created by computers remain vulnerable to tampering and inaccuracies. Election workers on Tuesday reviewed a sample of paper ballots printed by touchscreens during last week’s election in Bartow County, one of six counties that tested the state’s $107 million voting system. Voters in the rest of the state will switch to the new system starting with the March 24 presidential primary. “An important part of the new voting system is the ability to audit with the use of paper ballots. This feature provides the confidence voters deserve,” Secretary of State Brad Raffensperger said. During the audit, four teams of two election workers each pulled a random sample of 80 ballots out of 1,550 cast in Cartersville. The teams read the printed-out text on the ballots and tallied the results in the race for mayor and a referendum on Sunday morning alcohol sales. Read More

Missouri: Greene County experiments with process for verifying elections | KOLR

Greene County Clerk Shane Schoeller says election security is a top priority, which is why his team is double-checking the accuracy of its vote-counting machines. His office does this after every local election. This time though, they’re doing things differently. People from around Greene County witnessed and participated in the debut of a new election-auditing process: the risk-limiting audit. It’s a new election accuracy test using 20 multi-sided dice and real ballots from the most recent Greene County election. Schoeller says this method is much better than the state’s current post-audit process. He says when Greene County post-audits, no less than five percent of the polling locations of the casted ballots that day are evaluated. His new risk-limiting audit, however, looks at a much wider range of polling locations. He says this ensures the accuracy and election security he’s looking for. Read More

Indiana: State to start seeing voting equipment changes | John Lynch/Ball State Daily

While some Hoosier voters will start seeing changes in electronic voting systems this election, Muncie will have to wait. In late July, the Indiana Election Commission approved the first voter verifiable paper audit trail (VVPAT) for electronic voting systems — a security measure that allows voters to independently verify their vote was correctly recorded, according to a press release from the Office of the Indiana Secretary of State. Almost half of the counties in Indiana use direct record electronic (DRE) machines, the press release stated. These machines have a paper trail in the back of the machines, but not visible to the voter. As a security measure, paper trails that are visible to the voter are being added to VVPAT electronic voting equipment, it stated. “Adding VVPATs to election equipment will help boost voter confidence and allow us to implement risk limiting audits,” said Secretary of State Connie Lawson in the press release. “Together, these practices will show voters at the polls their vote is safe and secure and following up with a post-election audit will confirm their vote was counted. As we prepare for the upcoming presidential election, we will be working to protect 2020 and beyond.” Read More

Editorials: A simple step every state could take to safeguard elections | The Washington Post

Election security is a complex challenge. One essential step, however, is so simple it can be carried out with a pen and paper. Pennsylvania officials have announced that Philadelphia and Mercer County will conduct a post-election pilot next month of what’s called a risk-limiting audit. The procedure is new to most of the country, but 12 states are experimenting with it — because it’s that much of a no-brainer. Currently, 17 states are not required by law to verify the accuracy of their vote tallies at all. Those that are mostly do so the “traditional” way, which in this case means the wrong way. The process auditors typically use — manually recounting votes in a predetermined percentage of precincts — tells officials whether a particular machine or group of machines is working, but it doesn’t actually answer the essential question: Did the declared winner actually win? Risk-limiting audits instead do what any mathematician . They hand-count a statistically meaningful sample of all votes to determine whether the original tally was correct. The required sample increases as the margin of victory narrows. It’s easy, and it’s time-consuming only in the tightest elections, or when something actually has been tampered with. Of course, that’s when it’s most worth investing the time. So why isn’t everyone doing it? Read More

National: Cybersecurity and Democracy Collide: Locking Down Elections | Andrew Westrope/Governing

When asked at a congressional hearing if Russia would attack U.S. election systems again in 2020, Special Counsel Robert Mueller was unequivocal: “It wasn’t a single attempt,” he said. “They’re doing it as we sit here, and they expect to do it during the next campaign.” Presidential campaigns are now underway, and election systems are still vulnerable. From voter registration databases to result-reporting websites to the voting machines themselves, researchers have identified soft spots across the system for hackers to exploit, meaning cybersecurity is now a front line of defense for American democracy. There are many parties working on this problem — secretaries of state, the Department of Homeland Security (DHS), EI-ISAC (Elections Infrastructure Information Sharing and Analysis Center), various nonprofits and private companies — and a few common refrains between them. They’re all pushing for paper ballots, vulnerability screenings, staff training, contingency plans, audits and, above all, more consistent funding. And they all have the same basic message for state and local officials: The security of our elections is riding on you. Read More

Rhode Island: Report examines ways to adopt election audit system in Rhode Island | Jennifer McDermott/Associated Press

A new report recommends how to adopt a system for auditing election results required in Rhode Island. Common Cause, Verified Voting and The Brennan Center for Justice at NYU School of Law released the report Tuesday. They helped the state design and test the risk-limiting audit system this year. Rhode Island will first use risk-limiting audits for the 2020 presidential primaries. There are three ways to do the postelection audit. The report recommends a ballot-level comparison because of its efficiency, transparency and relatively predictable cost. That type of audit would compare the vote on an individual ballot to the machine’s recording of the vote on that ballot, which requires the fewest number of ballots to be examined. The other methods, ballot polling and batch comparison, compare more ballots to totals produced by the machines and require the examination of far more ballots, John Marion, executive director of Common Cause Rhode Island, said Tuesday. Read More

Michigan: Lansing city clerk pilots new post-election audit | Elissa Kedziorek/WILX

The Lansing community was invited to observe a new post-election audit Monday morning. Lansing City Clerk Chris Swope partnered with the Secretary of State’s Bureau of Elections, other local election officials and national election security experts to conduct a risk-limiting audit of the May 7, 2019 Lansing School District Special Election. After checking 337 randomly selected ballots as part of a new election audit pilot, Swope declared the Lansing School Millage Election results are confirmed accurate. “It was great to work with election officials at the national, state, county and local level to develop best practices to confirm election results,” Lansing City Clerk Chris Swope. “Each election we learn more, and the City of Lansing will be very experienced by the Presidential Election in November 2020. Nationally, risk-limiting audits are considered to be the gold-standard method for confirming results. This type of audit uses statistical methods that can detect possible discrepancies in areas that may need further attention due to factors such as human error, possible manipulation, cyber attacks,or a variety of other things. Read More

Editorials: Knowing It’s Right: Limiting the Risk of Certifying Elections | Tammy Patrick/Democracy Fund

Every election we ask ourselves, what motivates voters to participate? Could it be the love of a charismatic candidate? The dislike of a less-than-desirable one? Passion for a specific ballot initiative? Do voters show up to the polls out of habit? The answer is as varied as the voting population, as is the reason voters do not participate. Research shows that while voters’ confidence in their own vote being counted accurately remains relatively constant, their belief that results at the national level are correct is in decline. As we work through reestablishing trust in our elections following Special Counsel Robert Mueller’s 22-month long investigation, the threat of interference in our elections by another nation-state remains. The American public wants to believe that when they vote it means something—we are teaching elections officials about a new way to audit our elections and check for the accuracy every voter deserves. As with most election administration processes, implementation success lies in preparation—and Risk Limiting Audits (RLAs), which some proponents often refer to as the “cheap and easy” method to check the accuracy of the results, are no exception. Read More

Michigan: Three communities auditing May election results as part of election security pilot program | Lauren Gibbons/mlive.com

Michigan elections officials are continuing pilot tests of an auditing system to check election results, with the ultimate goal of perfecting a process for verifying outcomes of both local and statewide races. The pilot audit kicked off in Lansing Monday, where local and state elections officials joined national experts and observers from around the country in overseeing a “risk-limiting audit” of the results in a May ballot question regarding a millage for the Lansing School District. The risk-limiting audit process relies on a mathematical formula to randomly select ballots for auditors to review, and is intended to detect any potential irregularities that could have influenced the outcome of the election. Colorado currently uses risk-limiting audits to test election results. Read More

Oregon: On Election Day, Oregon Senate passes bill requiring future election audits | Associated Press

County clerks in Oregon would be required to audit results after each election under a bill that overwhelmingly passed the Senate on Election Day. The bill approved Tuesday requires county clerks to conduct hand-count or risk-limiting audits after every primary, general and special election. Risk-limiting audits are based on counts of statistical samples of paper ballots. Sen. Lew Frederick, a Portland Democrat, said the bill ensures more audits happen to make sure election results are correct. The bill requires audits after every election, instead of just general elections. It goes next to the House. Heading into the 2020 cycle, a new report out Tuesday provides a stark warning about the cyber-insecurity of the highest-profile U.S. political organizations even after years of concerted efforts to improve digital safeguards and an intense focus in Washington on the need to secure campaigns and elections. Read More

Media Release: Verified Voting Applauds Oregon’s Senate for Passing Bill Requiring Robust Post-Election Audits to Verify Elections

Marian K. Schneider: “Oregon is leading the way towards better integrity and security with the passage of SB 944.”

The following is a statement from Marian K. Schneider, president of Verified Voting, on Oregon’s Senate passage of SB 944, offering counties the option to audit elections using a process known as risk-limiting audits, which are designed to bolster public confidence in elections. For additional media inquiries, please contact aurora@newheightscommunications.com  

“Oregon is leading the way towards better election integrity and security with the Senate’s passage of SB 944. This bill requires county clerks across the state to conduct audits after every election — not just general elections — and lets them choose between a partial hand count and risk-limiting audits (RLAs). An RLA examines a sample of the paper ballots to check if the election outcome is correct.  RLAs provide strong evidence when election outcomes are correct, and have a guaranteed large chance of correcting wrong outcomes or, outcomes that are wrong because of counting errors. Read More

Verified Voting Blog: Verified Voting Testimony Before the House Administration Committee hearing on “Election Security”

Download the Written Testimony (pdf)

Chair Lofgren, Ranking Member Davis and members of the Committee, thank you for the invitation to submit testimony to the Committee on House Administration hearing on “Election Security.” We urge the Committee to move expeditiously to support state and local jurisdictions in strengthening their election systems and provide upfront and sustained investment in election infrastructure and security. Since 2016, it is clear that the threat to our democratic institution of voting is not theoretical, but real and persistent. We must, as a nation, adopt the clear solutions that will allow us to defuse the destructive narrative of election hacking that undermines the very fabric of our democracy.

The Scope of the Problems with Election Security and Current Election Infrastructure

Election administration depends on computers at multiple points in the election process. Equipment for voting is but one part of a broad array of election technology infrastructure that supports the conduct of elections today. Some of that technology infrastructure includes voter registration databases, internet facing applications such as online voter registration and polling place lookup, network connections between state government and local jurisdictions, the computers that program the voting devices that record and count votes in addition to the voting devices themselves. Some jurisdictions also use electronic poll books to check voters in at polling sites and most states and localities report election night returns via a website.

To the extent that any of these can be compromised or manipulated, can contain errors, or can fail to operate correctly—or at all—this can potentially affect the vote. Election system security requires not only efforts to prevent breaches and malfunctions, but also fail-safes that address breaches and malfunctions that do occur. Read More

Texas: Election security bill passes in Senate | News-Journal

East Texas state Sen. Bryan Hughes’ signature bill on election security won passage Monday in the Texas Senate and moves to the House of Representatives for debate. Senate Bill 9 creates a paper trail for electronic voting. It also takes aim at voter fraud that can occur when people who help disabled voters try to influence how they vote. It enhances the penalty for making a false statement on a mail ballot application from a misdemeanor to state jail felony and requires those who help voters who are not family members to sign a form documenting their role. The bill also would require people who help disabled voters cast a mail-in ballot officially certify that the voter they help is physically unable to enter a poll without risk to harm. In addition, it allows poll watchers to accompany both the voter and helper into the voting area. “The heart of the bill is that paper ballot, that paper backup,” Hughes, R-Mineola, said as he urged passage of the measure. “This is not a partisan issue. … It says if you’re going to bring someone to the polls and help them cast their ballot … then, yes. We want to know your names.” Hughes chaired a Select Committee on Election Security last summer in preparation for the legislative session that opened in January. Many of the provisions in his Senate Bill 9, he told senators, came from sworn testimony from Democrats and Republicans. The bill passed on a 19-12 vote along party lines. “For whatever reason, the national Democrats made this a lightning rod,” he said. “Election integrity is important to all of us.” Read More