Category: Post-Election Audits

Rhode Island Risk Limiting Audit in Time Magazine

Not exactly person of the year or prisoner of the month, I did have my picture in Time Magazine! The occasion was the Rhode Island Risk Limiting Audit (RLA) where I participated last week.

Rhode Island wants to make sure their elections are protected from all sorts of problems, after a programming error in 2017 almost caused an incorrect result to be certified. The article contains some very good summaries of what what we and the Rhode Island Board of Elections were up to.

“Democracy and elections are only as good as whether people trust them or not,” [Secretary of State Nellie] Gorbea said. “Confidence in our democracy is critical to every other public policy issue.”…

 

Not exactly person of the year or prisoner of the month I did have my picture in Time Magazine! The occasion was the Rhode Island Risk Limiting Audit (RLA) where I participated last week.

Russia Wants to Undermine Trust in Elections. Here’s How Rhode Island Is Fighting Back <read>

Contrary to the headline, Rhode Island wants to make sure their elections are protected from all sorts of problems, after a programming error in 2017 almost caused an incorrect result to be certified.

The article contains some very good summaries of what what we and the Rhode Island Board of Elections were up to:

“Democracy and elections are only as good as whether people trust them or not,” [Secretary of State Nellie] Gorbea said. “Confidence in our democracy is critical to every other public policy issue.”…

Amid this uncertainty, Rhode Island is pioneering a means of protecting its election results through a procedure called a “risk-limiting audit.” This method, which election experts consider the gold-standard of post-election checks, is essentially an efficient review of ballots that provides strong statistical evidence that the reported vote tallies in an election are correct…

In addition to public officials and election staffers, the “protectors of democracy” in Providence included a substantial number of volunteers offering their time and expertise for free, simply because they were passionate about securing their fellow citizens’ votes. Teams from Worcester Polytechnic Institute and MIT developed the software that selected votes for the pilot, which will be open source so other states can use it in the future. The leader of a Connecticut citizens’ group[, Luther Weeks, Executive Director of Connecticut Citizen Election Audit] provided input on one ballot-counting method, and a woman who independently advocates for audits organized observers to gather timing data throughout the event. Many in the group greeted each other like summer camp friends after a winter away, eager to catch up on issues they’d seen in other elections and share tips on the newest democracy-defending tactics…

at the Board of Elections warehouse in Providence, where 22 election staffers overseen by Deputy Director of Elections Miguel Nunez and Warehouse and Logistics Manager Steve Taylor retrieved and manually counted ballots for three different kinds of risk-limiting audits to see which method worked best for their state…

I was there to learn and also to lead the demonstration of two methods of performing the batch comparison audit. In the end both methods demonstrated that the two voting machines we audited were accurate last November 6th and with good methods and the dedicated officials present we were also accurate.

At the end of Rhode Island’s pilot, the batch-level comparison and ballot-level comparison audits were both successful, meaning they provided strong statistical evidence confirming the reported election results. The ballot-polling audit fell very slightly outside the accepted risk, which in a real audit would trigger another round using a slightly larger sample. But in this pilot, the goal was simply to test the methods, not to meet a particular level of evidence.

It was an to participate in the months of planning and three days of execution.

Deputy Scott Bates Selects 36 Districts for Audit

On Thursday Deputy Secretary of the State Scott Bates selected 36 districts for the post-primary audit.<press release with selected districts>

Departing from past practice, the Official Audit Procedures, and the law as it has always been interpreted, the Deputy selected three statewide races from each party to be audited in their respective primaries and then selected only one party primary to be audited in each district. The Official Audit Procedures, and the law indicate that 5% of the districts in each primary be audited with a minimum of 20% of the races randomly selected by the municipal clerk from all races on each ballot.

On Thursday Deputy Secretary of the State Scott Bates selected 36 districts for the post-primary audit.<press release with selected districts>

Departing from past practice, the Official Audit Procedures, and the law as it has always been interpreted, the Deputy selected three statewide races from each party to be audited in their respective primaries and then selected only one party primary to be audited in each district. The Official Audit Procedures, and the law indicate that 5% of the districts in each primary be audited with a minimum of 20% of the races randomly selected by the municipal clerk from all races on each ballot.

Three days at the Fairfax Risk Limiting Audit Prototype

Last Wednesday through Friday I attended and observed the City of Fairfax, VA Risk Limiting Audit Prototype.  I was most impressed by the level of participation and cooperation of the State, County, and Local Officials. Was it partially because they are all appointed? I can’t be sure.

Here is a news story that explains it at a very high level. No doubt other reports and the official City of Fairfax report will go into more depth: First new Va. election results audit held in Fairfax city <read>

Any doubt I was there? Check out the photo of the group watching a presentation. I am last row, last on the right.

Last Wednesday through Friday I attended and observed the City of Fairfax, VA Risk Limiting Audit Prototype.  I was most impressed by the level of participation and cooperation of the State, County, and Local Officials. Was it partially because they are all appointed? I can’t be sure.

Here is a news story that explains it at a very high level. No doubt other reports and the official City of Fairfax report will go into more depth: First new Va. election results audit held in Fairfax city <read>

Any doubt I was there? Check out the photo of the group watching a presentation. I am last row, last on the right.

 

Five pieces of testimony on six bills

On Thursday the GAE Committee held testimony on most election bills this year. (There was one last week and a couple more will be on Monday). For once, I was able to support more bills than I opposed!

Opposition and support by the Secretary of the State and Registrars was mixed. In addition to supporting and opposing various bills, I offered several suggestions for improvement. And one suggestion for radical improvement.

On Thursday the GAE Committee held testimony on most election bills this year. (There was one last week and a couple more will be on Monday). For once, I was able to support more bills than I opposed!

Opposition and support by the Secretary of the State and Registrars was mixed. In addition to supporting and opposing various bills, I offered several suggestions for improvement. And one suggestion for radical improvement.

It would be a very instructive exercise for you to read my testimony, that from individual registrars, ROVAC (Registrars Of Voters Association, Connecticut), the Secretary of the State, and others.

The bills were:
H.B.5422 Election Day Registration for Primaries
[Supported]

H.B.5459 Wording Change to Closing Polls
[Provided extensive comments and changes, pointing out that polling-
place ballots are insufficiently protected and how to change that.]

H.J.28 and S.J.31 Constitutional Amendment Authorizing Early Voting
[Supported. This is a much safer alternative than proposed and
rejected by the voters in 2014. I suggested modifications that
would save municipalities a lot, and provide even more
hours for voters.]

S.B.410 Post-Election Audit Drawing Date and SOTS Posting of Rulings
[Supported the bill with changes.]

S.B.411 Curing a Civil Rights Violation with EDR
[Supported. For several years I have been warning of the
potential violation]

You can see all the testimony <here>

Links to the bills are at the top of my testimony on each bill.

Citizen Audit Report: After 10 Years, Serious Flaws Continue

Citizens Audit Report:
After 10 years, 18 post-election audits, and 800 local audit counting sessions, serious flaws continue

From the Press Release:

Post-election vote audits of the November 2017 elections continue to fail to meet basic audit standards. They again undermine confidence in the accuracy of our elections, concludes the non-partisan Connecticut Citizen Election Audit.

Among the group’s concerns:

  • 41% of reports required to be submitted to the Secretary of the State by registrars were incomplete or were not submitted. The Secretary’s Office failed to follow up on those reports.
  • Weaknesses in ballot chain-of-custody and security.
  • Continued use of flawed electronic audit procedures that are not publicly verifiable.

On the bright side, developments related to the electronic audit point the way to improvement:

  • The Secretary of the State’s Office and UConn Voter Center solicited feedback on improving the electronic audits.
  • Write-in counting issues and failure to separate ballots as required were clearly identified by the electronic audit and observed by the Secretary of the State’s Office.

Luther Weeks, Executive Director of the Citizen Audit said, “We are frustrated with so little improvement after 18 statewide audits over 10 years. Citizens deserve better. Yet, if the Secretary of the State’s Office follows up on these problems and pursues publicly verifiable electronic audits, progress can be achieved in the near term.”

<Press Release .pdf> <Full Report pdf> <Detail data/municipal reports>

Citizens Audit Report:
After 10 years, 18 post-election audits, and 800 local audit counting sessions, serious flaws continue

From the Press Release:

Post-election vote audits of the November 2017 elections continue to fail to meet basic audit standards. They again undermine confidence in the accuracy of our elections, concludes the non-partisan Connecticut Citizen Election Audit.

Among the group’s concerns:

  • 41% of reports required to be submitted to the Secretary of the State by registrars were incomplete or were not submitted. The Secretary’s Office failed to follow up on those reports.
  • Weaknesses in ballot chain-of-custody and security.
  • Continued use of flawed electronic audit procedures that are not publicly verifiable.

On the bright side, developments related to the electronic audit point the way to improvement:

  • The Secretary of the State’s Office and UConn Voter Center solicited feedback on improving the electronic audits.
  • Write-in counting issues and failure to separate ballots as required were clearly identified by the electronic audit and observed by the Secretary of the State’s Office.

Luther Weeks, Executive Director of the Citizen Audit said, “We are frustrated with so little improvement after 18 statewide audits over 10 years. Citizens deserve better. Yet, if the Secretary of the State’s Office follows up on these problems and pursues publicly verifiable electronic audits, progress can be achieved in the near term.”

<Press Release .pdf> <Full Report pdf> <Detail data/municipal reports>

Colorado Completes Nation’s first Risk Limiting Audit

Now it’s in the history books: Colorado has become the first state to complete a “risk-limiting audit” designed to catch mistakes when ballots are tabulated…

“Colorado is a national leader in exploring innovative solutions for accessible, secure and auditable elections,” [Matt} Masterson [Chair of the U.S. Election Assistance Commission] said. “Colorado’s risk-limiting audit provided great insights into how to conduct more efficient and effective post-election audits. The EAC is eager to share some of the lessons learned with election officials across America.”

NPR, All Things Considered: Colorado Launches First In The Nation Post-Election Audits <read>

Press Release, Colorado Secretary of State:  A new kind of election audit: Colorado is the first to complete it  <read>

From the Press Release:

DENVER, Nov. 22, 2017 — Now it’s in the history books: Colorado has become the first state to complete a “risk-limiting audit” designed to catch mistakes when ballots are tabulated.

The Colorado legislature ordered the use of risk-limiting audits in 2009 — long before widespread media coverage of fears about hacking election equipment and interference by foreigners — but the timeline to implement the RLAs was delayed until this year’s Nov. 7 coordinated election.

“I think it’s fair to say that both state and county election officials were a little anxious because this has never been done before,” Colorado Secretary of State Wayne Williams said. “But it turned out to be an amazing success, and that’s because our staff and our county clerks have done a phenomenal job. I am thankful for their hard work and dedication.”

The process attracted attention nationwide. Matt Masterson, chairman of the U.S. Election Assistance Commission, and fellow commissioner Thomas Hicks were among those who witnessed the procedure.

“Colorado is a national leader in exploring innovative solutions for accessible, secure and auditable elections,” Masterson said. “Colorado’s risk-limiting audit provided great insights into how to conduct more efficient and effective post-election audits. The EAC is eager to share some of the lessons learned with election officials across America.”

A risk-limiting audit is a procedure that provides strong statistical evidence that the election outcome is right and has a high probability of correcting a wrong outcome. Risk-limiting audits require human beings to examine and verify more ballots in close races (exactly when you want to examine more ballots), and fewer ballots in races with wide margins.  The procedures for conducting risk-limiting audits are spelled out in Secretary of State Election Rule 25.

If you’re an in-the-weeds kind of election junkie or math wonk, you might be interested in the results the Secretary of State’s office posted on its Audit Center. Under the subheads “Round # 1” and “Round # 2” click on “State report (XLSX)” for a county-by-county review.

I am pleased to have played a very small part in this project, moderating weekly conference calls for the State Audit Working Group.  Members of the group assisted with extensive comments and contributions to the regulations to implement the law, contributing to the Free and Fair software, and observation of the audit in progress, on the ground in Colorado.  It represents months and years of effort by several members of the group, along with enthusiastic support by many Colorado election officials.

 

 

 

34 Districts Selected for Audit at Wethersfield High School

This morning Secretary of the State, Denise Merrill selected 34 district for audit with the help of students at Wethersfield High School:

This morning Secretary of the State, Denise Merrill selected 34 district for audit with the help of students at Wethersfield High School:

List of selected districts: <press release>

A Year After, Our Elections Aren’t Much More Secure

From Buzzfeed’s Cyber Security Correspondent, Kevin Collier:  A Year After Trump’s Victory, Our Elections Aren’t Much More Secure

But the focus on how Facebook and Twitter were used to sow division in the US electorate has diverted attention from one of the weakest spots in the system: … a simple cyberattack can be effective against weak infrastructure and unprepared IT workers. Whether that can be fixed by 2018 or even 2020 is an open question…

“We’re not doing very well,” Alex Halderman, a renowned election security expert, told BuzzFeed News. “Most of the problems that existed in 2016 are as bad or worse now, and in fact unless there is some action at a national policy level, I don’t expect things will change very much before the 2018 election.”

From Buzzfeed’s Cyber Security Correspondent, Kevin Collier:  A Year After Trump’s Victory, Our Elections Aren’t Much More Secure  <read>

The halfway point between the election of President Donald Trump and the 2018 midterms has come and gone, and it still isn’t fully clear what Russian hackers did to America’s state and county voter registration systems. Or what has been done to make sure a future hacking effort won’t succeed.

US officials, obsessed for now with evidence that Russia’s intelligence services exploited social media to sway US voters, have taken solace in the idea that the integrity of the country’s voting is protected by the system’s acknowledged clunkiness. With its decentralized assortment of different machines, procedures, and contractors, who could possibly hack into all those many systems to change vote totals?

But the focus on how Facebook and Twitter were used to sow division in the US electorate has diverted attention from one of the weakest spots in the system: the gap between those locally operated voting systems that are well-protected by sophisticated technology teams and those that are less prepared. Russia knows those gaps exist and that a simple cyberattack can be effective against weak infrastructure and unprepared IT workers. Whether that can be fixed by 2018 or even 2020 is an open question.

Most states’ elections officials still don’t have the security clearances necessary to have a thorough discussion with federal officials about what’s known about Russian, or others’, efforts to hack into their systems.

Seven states still use all-electronic voting systems whose results cannot be verified because there is no paper trail.

And hundreds of US counties rely on outside contractors to maintain their registration records and update the software on voting machines. Some of those contractors are small operations with few employees and minimal computer security skills.

Here we caution that it is not just Russia to be concerned with.  Those same vulnerabilities are open to other foreign actors, foreign and U.S. hackers, along with elements of the the U.S. Government. Beyond that open to official and contractor insiders.  Not being connected to the Internet does not preclude attack from any of these actors, especially insiders.

Seven states still use all-electronic voting systems whose results cannot be verified because there is no paper trail.

And hundreds of US counties rely on outside contractors to maintain their registration records and update the software on voting machines. Some of those contractors are small operations with few employees and minimal computer security skills.

Many local officials are reluctant to seek federal help, worried about ceding authority to outside agencies.

“We’re not doing very well,” Alex Halderman, a renowned election security expert, told BuzzFeed News. “Most of the problems that existed in 2016 are as bad or worse now, and in fact unless there is some action at a national policy level, I don’t expect things will change very much before the 2018 election.”…

But in the aftermath of last year’s vote, it has become clear that the sheer complexity of the system is no reassurance that it can’t be exploited by a determined hostile power. Halderman, the election security expert, says that just because it didn’t happen last time — or in the voting completed Tuesday — doesn’t mean it won’t.

“It’s only a matter of time, if we don’t have coordinated national action, until a major US election is disrupted, or even its outcome changed, by a foreign nation-state in a cyberattack,” [former FBI director James Comey] said.

To this day, DHS points to the fact that it’s never found evidence that vote tallies were changed

We add that DHS, as far as we know has not looked for such evidence anywhere, let alone everywhere.

As we have said before. Protecting databases and votes requires Prevention, Detection, and Recovery.

  • Protection alone is insufficient.  Large corporations, the Federal Government agencies, and technology companies are regularly hacked.  State and Local officials can’t come close to those ultimately limited efforts.
  • Detection is necessary to provide assurance that hacking did not occur.
  • Recovery is necessary for all sorts of potential errors, hacks, and fraud.

Paper ballots, properly secured, are the first requirement for detection and recovery of votes.  Strong pre-election voter database backup and audits along with paper voter checkin lists are part, just a part, of recovery from corrupted or electronic voter lists, or election day power failure, equipment failure, and cyber attack.

 

Signup TODAY! for the November 2017 Audit Observation

November Audit Signup Is Now Open <Signup>

The Purpose of the Citizen Audit is to increase integrity and confidence in elections, for the benefit of the voters of Connecticut. We provide independent audits, audit observations, and reports focusing on the integrity of elections and election administration. <More about the Citizen Audit>

Voters
Want
To Know:

 

 

 

You can Help Provide Answers!
Volunteer one day as a Post-Election Audit Observer.

The Connecticut Citizen Election Audit coordinates volunteers, like you, to observe the state’s post-election audit of voting machines. Non-partisan volunteers go “behind the scenes” with a checklist of best practices and interview questions. They gather information which is compiled into reports submitted to the public, election officials, and the Legislature.

  • Who can volunteer? Anyone. You, for example!
  • Where? Throughout the State of Connecticut.
  • When? Generally within the 2nd to 3th weeks following an election.
  • How? <Learn More> <Sign Up>

Why Volunteer?
For good Government, to preserve our right to a free and accurate vote!

See the Results of Our Efforts In the Audit Reports Below:

November Audit Signup Is Now Open <Signup>

The Purpose of the Citizen Audit is to increase integrity and confidence in elections, for the benefit of the voters of Connecticut. We provide independent audits, audit observations, and reports focusing on the integrity of elections and election administration. <More about the Citizen Audit>

Voters
Want
To Know:

 

 

 

You can Help Provide Answers!
Volunteer one day as a Post-Election Audit Observer.

The Connecticut Citizen Election Audit coordinates volunteers, like you, to observe the state’s post-election audit of voting machines. Non-partisan volunteers go “behind the scenes” with a checklist of best practices and interview questions. They gather information which is compiled into reports submitted to the public, election officials, and the Legislature.

  • Who can volunteer? Anyone. You, for example!
  • Where? Throughout the State of Connecticut.
  • When? Generally within the 2nd to 3th weeks following an election.
  • How? <Learn More> <Sign Up>

Why Volunteer?
For good Government, to preserve our right to a free and accurate vote!

See the Results of Our Efforts In the Audit Reports Below:

Just a step in the right direction: Merrill meets with Homeland Security

“Yesterday, along with representatives from the state’s information technology and public safety departments, I met with regional officials from the United States Department of Homeland Security to discuss how we can work together to ensure that Connecticut elections are safe from outside interference or manipulation. We had a productive meeting and I look forward to working together in the months and years to come to protect our elections, the bedrock of our democracy.” – Denise Merrill, Connecticut Secretary of the State

We applaud this step in the right direction.  Last year as leader of the National Association of Secretaries of State, Merrill opposed the designation of elections as critical infrastructure, leading in expressing the concern for a Federal take-over of elections. We were critical of that stand then and remain so.

In our opinion this is just a step. There are several aspects to election security/integrity that should be addressed,. This  step may assist in those that are under direct control of the of the the State, yet less so those under local control.

Secretary Merrill met with Homeland Security on Thursday:

Merrill Statement on Meeting with DHS Officials Regarding Election Cybersecurity

“Rosenberg, Gabe” <Gabe.Rosenberg@ct.gov>: Oct 27 04:57PM

“Yesterday, along with representatives from the state’s information technology and public safety departments, I met with regional officials from the United States Department of Homeland Security to discuss how we can work together to ensure that Connecticut elections are safe from outside interference or manipulation. We had a productive meeting and I look forward to working together in the months and years to come to protect our elections, the bedrock of our democracy.” – Denise Merrill, Connecticut Secretary of the State

Gabe Rosenberg
Communications Director
Connecticut Secretary of the State Denise Merrill

We applaud this step in the right direction.  Last year as leader of the National Association of Secretaries of State, Merrill opposed the designation of elections as critical infrastructure, leading in expressing the concern for a Federal take-over of elections. We were critical of that stand then and remain so.

In our opinion this is just a step. There are several aspects to election security/integrity that should be addressed,. This  step may assist in those that are under direct control of the of the the State, yet less so those under local control.  It’s not an issue of a State take-over of local elections, but the impossibility of every town in the State doing what even the NSA has failed at – protecting their most sensitive systems from attack. Yet, like the NSA, the State is capable of doing ever better.

  • We need to protect our Centralized Voter Registration System (CVRS) from corruption and denial of service attacks on election day.
  • We need to protect the CVRS from incremental loss or corruption of data over time.  That means independently logging of every add, change, and delete of the file, balancing, and auditing those changes against the database regularly, and especially in the days and weeks before an election.
  • Making sure that if we use electronic pollbooks that there is a usable paper pollbook in every polling place and a copy of that in the Registrars’ Offices during every election.  We want to avoid the disaster that occurred in a NC county in the last election

Cybersecurity from “outside interference or manipulation” is insufficient. We must prevent insider attacks. We must be able to recover from “interference and manipulation”, since complete prevention is not possible.. As we have said before, database and election integrity depends on Prevention, Detection, and Recovery.

  • We have paper ballots everywhere in Connecticut.  Yet, they need to be protected better.  In the majority of Connecticut municipalities they can be accessed by either Registrar for hours, undetected.  In many, they can be accessed by any official in the Registrars’ Offices, sometimes by other officials.  Without paper that we can trust there can be no detection or recovery from insider attack.
  • We need to have sufficient audits of results we can trust, from the accurate counting/adjudication of paper ballots to the totals reported by the State.  Where necessary those audits ending in full recounts to determine and certify the correct winners.
  • We also need process audits to verify various aspects of the election process:  Comparing checkoffs to ballots counted; verifying ballot security; verifying the integrity of checkoffs to actual legal voters; the integrity of the absentee ballot process, from application integrity,  mail delivery. signature verification, counting etc.