Citizens for Verifiable Voting   ManualCountAudit UserPreferences
HelpContents Search Diffs Info Edit Subscribe XML Print View

1 Besides having a paper trail, we need to always audit it

There is widespread support for [WWW]Voter-Verified Paper Audit Trails (VVPAT). But the paper trail needs to be looked at after the voter verifies it. Therefore an automatic Manual Count Audit of at least some part of the paper trail is also a necessary part of verifiable elections. This is also known as an automatic manual tally audit, random hand count, manual recount, independent hand audit, etc.

Unfortunately, election audits are hardly ever done properly.

Manual count audits can catch a wide variety of problems, ranging from faulty software or hardware, or human error, to manipulation of the machines or results by outsiders or fraud by manufacturers, election officials or volunteers.

For example, exactly the sort of audit described here detected problems with a vote in California's Napa Valley. An audit also detected an incorrect result due to operator error and confusing user interfaces in a system used in Boulder Colorado.

The prestigious [WWW]Brennan Center Report carefully examines actual risks to elections, and concludes that good audits are among the most effective tools in ensuring election accuracy and integrity.

Manual counts, when properly done and cross-checked, are also very accurate, and typcally find more unambiguously cast ballots than any equipment. The [WWW]CalTech/MIT study says this about hand-counted ballots:

Audits are needed not only for the VVPATs associated with electronic voting devices, but also for the counts produced by optical scans of paper ballots, and the final tallies which combine early voting, absentee voting, and precinct voting. A good audit of a properly auditable election vote count report is the only way to detect many forms of bugs and tampering with the final tally systems.

This discussion focusses on auditing the votes that show up in the final tally, but of course other aspects of the process also need to be audited, as part of the overall canvass, including ballots that are disqualified, counts of ballots from poll books and other election records, etc.

There is widespread citizen support for an independent audit in which a hand count of of voter-verified paper ballots is compared to the results of the current voting system. The hand count must be performed in public by representatives of the various candidates/parties/issue campaigns.

Manual count audits are supported in [WWW]HR 550 (still pending) by Rep Holt in NJ, and by Colorado's SB-079 (now law) ([WWW]see

2 State audit requirements

Several states currently require manual counts in between 1% and 5% of precincts. As of early 2005:

Colorado also has past experience with audits via manual counting. In Boulder County an error in the original count was discovered and confirmed during a manual count of the St Vrain School District on Dec 7 2004 (see ManualCountAuditStVrain for details). Boulder used a Manual Count Audit for the March 8 2005 municipal election also. But in November of 2005, a test with live ballots was done instead of an audit, because of improper rules from the Colorado Secretary of State, which called for a partial test, rather than an audit as required by state law. The same thing happened in the 2006 Primary election.

3 Need for auditable vote count reports

An audit requires something to be audited. The process must work something like this:

4 Sample auditable vote count report

Below is a sample report for auditing. Of course in a real election it would be larger, including all devices and batches, with totals matching the overall election results. Note inclusion of undervotes (UV) and overvotes (OV). In this example, the presidential race, Device 1002, and Batch 101 are selected for audit (marked in bold).

Device/BatchPresidentProposition XTotal
Device 1001534610306631100
Device 100255440033631299
Batch 10112573117912001200
Batch 10212376218012200202

5 How to select samples

It is best if the number of results compared is large, as detailed below.

As noted by elections expert Professor Douglas Jones, the power of a hand audit can be improved by picking some of the precincts (perhaps half of them) based on "measures of suspicion":

If early and absentee ballots from all the precincts are mixed together, as they usually are, sorting thru them for the ballots for a particular precinct can be time-consuming. This is one reason for allowing batches which don't represent precincts, e.g. they could represent individual machines or stacks of paper ballots fed into an optical scanner.

But note that an election vote count report that provides results by precinct is also very important, for comparison with historical trends. Precinct results are also important to candidates and political party organizations, who judge campaign effectiveness on these results.

Jonathan Wand at Stanford has a paper [Auditing an Election using sampling: the impact of bin size on the probability of detecting manipulation] about the degree of confidence that manual counts can provide, which depends in large part on the number of batches examined. If the goal is e.g. detecting a bug or hack that causes _all_ machines to give incorrect results, not many batches need to be counted.

More savvy hackers might manipulate just 10% of machines. They would have to swing ten times as many votes in each hacked machine in order to have the same overall effect on the election. That helps evade detection, but still with a random sample of 20 batches, there is only a 12% chance that they will get away with it. Auditing 40 batches would reduce that to 1.4%, and for 60 batches there is a 0.17% chance of getting away with it. The size of the batches again doesn't matter much. So in circumstances like this, counting more batches/precincts, even if they are smaller, is better than counting fewer big ones.

Even more efficient and robust audits are possible when each paper record has a serial number that allows it to be matched with an electronic representation of the same vote. (Of course this has to be done in a way that preserves the anonymity of the voter.) If they can be truly randomly selected, even an audit of only 230 individual ballots would be likely to detect a problem (it would have a 90% chance of finding a mismatched ballot if there are 1% mismatched ballots.)

One context in which this is useful is auditing a DRE via a paper trail that it produces. The document [WWW]Preliminary Report: NIST Approach to VVPAT Requirements for the VSS 2002 Addendum by John Wack discusses this possibility.

Paul Walmsley's submission of [WWW]Overview of Live Auditing Procedures for Incorporation in the Voluntary Voting System Guidelines to the Election Assistance Commission provides more detail on this sort of audit.

It may be surprising that it is easy to make random selections in publicly verifiable ways. This is in fact regularly used in an elections context, when organizations like the Internet Engineering Task Force choose a nominating committee. This technique should be used by elections officials for all random selections. See [WWW]Publicly Verifiable Nominations Committee (NomCom) Random Selection - RFC 3797 for details and free source code.

6 See also

EditText of this page (last modified 2006-11-19 17:37:07)
FindPage by browsing, title search , text search or an index
Or try one of these actions: LikePages, LocalSiteMap, SpellCheck