Election audit

Election-Day electronic miscounts can be caused by unintentional human error, such as incorrectly setting up the computers to read the unique ballot in each election and undetected malfunction, such as overheating or loss of calibration.

[3][4] Computer-related risks specific to elections include local officials’ inability to draw upon the level of IT expertise available to managers of commercial decision-support computer systems[5] and the intermittent nature of elections, which requires reliance on a large temporary workforce to manage and operate the computers.

Besides traditional security risks such as lock-picking and phishing attacks, voting machines are often unattended in public buildings the night before the election.

Outside elections, auditing practices in the private sector and in other government applications are routine and well developed.

[16] In 2012 in Palm Beach County, FL, a routine audit which hand-counted a sample of precincts, changed the outcomes in two Wellington City council contests.

[17][18] Computers which tally votes or compile election results are known to have been hacked in the US in 2014[19] [20] [21] and 2016,[22] [23] Ukraine in 2014,[24] and South Africa in 1994.

[25] [26] [27] Only the Ukraine hack was disclosed immediately, so regular audits are needed to provide timely corrections.

This makes it impossible for election officials to use some standard audit practices such as those banks use to confirm that ATMs credited deposits to the correct account.

In many commercial uses of information technology, managers can reverse computer errors even when detected long after the event.

However, once elected officials are sworn into office, they begin to make decisions such as voting on legislation or signing contracts on behalf of the government.

No governing body or professional association has yet adopted a definitive set of best practices for election audits.

However, in 2007 a group of election-integrity organizations, including the Verified Voting Foundation, Common Cause, and the Brennan Center for Justice at NYU School of Law collaborated with the American Statistical Association to produce a set of recommended best practices for post-election results audits: India has designed and uses voting machines with one button per candidate.

[31] India hand tallies paper VVPATs from a 1.5% sample of election machines on the last evening of voting, before releasing results.

Two more states hand-tally all contests on a representative sample of all ballots, so they can check official results, though not necessarily correcting them if that were needed: DE, UT.

In PA, UT and WV sample sizes are usually adequate for state-wide contests, but not for close county and local results.

A lower risk limit would let fewer errors through, but would require larger sample sizes.

[93] With use of statistical sampling to eliminate the need to count all the ballots, this method enables efficient, valid confirmation of the outcome (the winning candidates).

[95] In 2017, Colorado became the first state to implement risk-limiting audits statewide as a routine practice during the post-election process of certifying election results.

[96] Clear Ballot is certified by the US Election Assistance Commission for voting,[97] and they also have an auditing system, ClearAudit.

The "Brakey method" is an approach using electronic ballot images already created by most current US election systems.

Independent systems to tally ballot images include Audit Engine,[100] [101] [102] Free and Fair,[103] OSET Institute (under development),[104] [105] and the Elections Transparency Project, as used in Humboldt County, California, a medium-sized county with 58,000 ballots in the 2016 general election.

Ballots with identifying marks are first hand-copied by election staff, to anonymize them, since they are valid under California law.

Scans can be made and digitally signed before ballots are stored, while other audit methods are too slow to do election night.

[109] [110] [111] Public release lets losing candidates who mistrust the election officials' security measures do their own checks.

The Verified Voting Foundation explains the difference between audits and recounts: Post-election audits are performed to “routinely check voting system performance…not to challenge to the results, regardless of how close margins of victory appear to be", while "recounts repeat ballot counting (and are performed only) in special circumstances, such as when preliminary results show a close margin of victory.

They have only a small chance of catching a hack or bug which was limited to a few precincts or machines, even though that could change the result in close contests.

[48] Ballots are at risk when being transported from drop boxes and polling places to central locations, and may be protected by GPS tracking,[113] guards, security systems,[c] and/or a convoy of the public.

[d] Security recommendations include preventing access by anyone alone,[118] which would typically require two hard-to-pick locks, and having keys held by independent officials if such officials exist in the jurisdiction; having storage risks identified by people other than those who design or manage the system; and using background checks on staff.

[125] Auditing in the US is done several days after the election, so paper ballots and computer files need to be stored securely.

[e] A faster start for the audit makes it feasible for independent parties to guard storage sites.

Boss Tweed : As long as I count the votes, what are you going to do about it?
Most States Check Computer Counts Only on a Few Contests
Colorado elections in 2017, sample sizes needed for risk-limiting audits
Ballots or scanned images available to public for independent audits
Ballot mages saved by election scanners
Samples used for election audits