Colorado to require advanced post-election audits
Source: Politico
By ERIC GELLER 07/17/2017 01:01 PM EDT Updated 07/17/2017 12:49 PM EDT
Colorado on Monday said it will become the first state to regularly conduct a sophisticated post-election audit that cybersecurity experts have long called necessary for ensuring hackers aren't meddling with vote tallies.
The procedure known as a risk-limiting audit allows officials to double-check a sample of paper ballots against digital tallies to determine whether results were tabulated correctly. The election security firm Free & Fair will design the auditing software for Colorado, and the state will make the technology available for other states to modify for their own use.
The audit will allow Colorado to say, with a high level of statistical probability that has never existed before, that official election results have not been manipulated, said Colorado Secretary of State Wayne Williams in a statement. Colorado enacted the audit requirement in 2009 but delayed its implementation to allow counties to test different methods. Beginning in November, according to a rule still being drafted, Williams office will select at least one statewide and one countywide race for each county to audit.
The move comes as election officials around the country scramble to strengthen their digital defenses ahead of the 2018 elections, the first time most Americans will cast ballots for state and federal offices since 2016 a year filled with a series of alleged Russian cyberattacks that rattled peoples confidence in the security of the countrys electoral process. U.S. intelligence officials have warned that they expect Russia to be back in 2018 with an even more sophisticated digital interference campaign and have pressed election officials to prepare for the worst.
Read more: http://www.politico.com/story/2017/07/17/colorado-post-election-audits-cybersecurity-240631
msongs
(67,413 posts)diva77
(7,643 posts)snip...I. WHAT IS A RISK LIMITING AUDIT
A risk-limiting audit is a method to ensure that at the end
of the canvass, the hardware, software, and procedures used
to tally votes found the real winners. Risk-limiting audits do
not guarantee that the electoral outcome is right, but they
have a large chance of correcting the outcome if it is wrong.
They involve manually examining portions of an
audit trail of (generally paper) records that voters had the opportunity to
verify recorded their selections accurately.
Risk-limiting audits address limitations and vulnerabilities
of voting technology, including the accuracy of algorithms
used to infer voter intent, configuration and programming
errors, and malicious subversion. Computer software cannot be
guaranteed to be perfect or secure, so voting systems should
be software-independent: An undetected change or error in
voting system software should be incapable of causing an
undetectable change or error in an election outcome [Rivest
and Wack, 2006, Rivest, 2008]. A well-curated audit trail
provides software independence; a risk-limiting audit leverages
software independence by checking the audit trail strategically....snip
---------
I strongly disagree with this take:
snip...The simplest risk-limiting audit is an accurate full hand tally
of a reliable audit trail: Such a count reveals the correct out-
come. However, a full hand count generally wastes resources:
Examining far fewer ballots often can provide strong evidence
that the outcome is correct, if those ballots are chosen at
random by suitable means. Hence, to keep the counting burden
as low as possible, the methods described here conduct an
intelligent incremental recount that stops when the audit
provides sufficiently strong evidence that a full hand count
would confirm the original (voting system) outcome...snip
-----------
The voting machines are the waste not the handcounting of all of the paper ballots
--------------------
I don't think this risk limited audit goes far enough. Why spend all that money for hackable systems and then "risk-limiting audits" when hand counted paper ballots would do the actual job in the first place. HCPB techniques have built in audits...
Ligyron
(7,633 posts)...for some odd reason.
mr_lebowski
(33,643 posts)What's an extra few million $$$ amongst GOP Crony companies?
All to avoid simply doing the cheapest and most logical thing ... i.e. paper ballots?
I SUPPOSE even those could 'accidentally' end up in someone's trunk somewhere, but I'd have to imagine that overall there's no other method that's as likely to be accurate, and it's certainly unhackable ...
TheFrenchRazor
(2,116 posts)TheFrenchRazor
(2,116 posts)mr_lebowski
(33,643 posts)I do wonder though who's actually going to operate the software that does this audit? Where will the servers be? Can the program do it's work WITHOUT the internet, like disconnected entirely, so as to reduce the possibility it could be hacked as well? CO should probably insist that the audit package works while disconnected from the web, AND have the requirement that a certified/genuine fresh copy of the package is installed RIGHT at the time it's going to be utilized, rather than have it sitting around year round, living on some internet-connected server. That would be 'asking for it'.
EarnestPutz
(2,120 posts)Colorado is one of three states (the others are Washington
and Oregon) that conducts all of their elections by mail-in ballot.
This is thought to be the most secure, especially if there is an audit
process that examines results for irregularities, which is exactly what
this is doing. Mississippi and Alabama will no doubt adopt this system
a few years after hell freezes over or they legalize marijuana, whichever
occurs first.
Wounded Bear
(58,666 posts)sure, the coutning machines and software can probably be compromised, but the ballots are there for re-counting.
In WA we have tracking apps that show where the ballot is in the process, too. Might be a gimmick, but it does add a bit of credulity to the process that the "all electronic" states don't have.
I applaud CO for taking this step, whatever the outcome.
bucolic_frolic
(43,180 posts)Double entry bookkeeping was a big invention in the history of the world
Trial balance, general ledger, and financial statement are a system of checks and balances
on each other. It usually takes one person controlling all three for an embezzlement to go
undetected for any period of time
It not only catches financial fraud, but detects theft of physical goods because the numbers
account for the flow of physical goods too. Inventory walking out of the warehouse will
eventually be caught
When we have close elections locally, representatives of either or both parties may be on site to
log their voters.
Angry Dragon
(36,693 posts)diva77
(7,643 posts)At least the doc. on the vendor's website (see post #2 above) acknowledges that voting technology has problems:
"Risk-limiting audits address limitations and vulnerabilities
of voting technology, including the accuracy of algorithms
used to infer voter intent, configuration and programming
errors, and malicious subversion"
---------------
I hope eventually we will build momentum towards removing such voting technology altogether.
bluestarone
(16,976 posts)ELECTIONS ARE NOT ONE OF THEM!!! Paper ballots only please Just a good feeling with ballots on hand to double check!!