New Paper: Evidence Based Elections

A new paper by Andrew Appel and Philip Stark: EVIDENCE-BASED ELECTIONS:CREATE A MEANINGFUL PAPER TRAIL,THEN AUDIT Provides a thorough description of how the public can be assured of election outcomes, in spite of hack-able voting equipment.

The bottom line: The only reliable method available is Voter-Marked Paper Ballots, with strong security for the ballots, followed by sufficient post-election audits. Other technologies, including Ballot Marking Devices and Internet voting are insufficient.

Anyone interested in trustworthy elections should read this paper – especially those who think that expensive Ballot Marking Devices should be trusted. And those who think it is impossible to use technology to count votes accurately.

A new paper by Andrew Appel and Philip Stark: EVIDENCE-BASED ELECTIONS:CREATE A MEANINGFUL PAPER TRAIL,THEN AUDIT <read> Provides a thorough description of how the public can be assured of election outcomes, in spite of hack-able voting equipment.

Anyone interested in trustworthy elections should read this paper – especially those who think that expensive Ballot Marking Devices should be trusted.

The vulnerability of computers to hacking is well understood. Modern computer systems, including voting machines, have many layers of software, comprising millions of lines of computer code; there are thousands of bugs in that code. Some of those bugs are security vulnerabilities that permit attackers to modify or replace the software in the upper layers,so we can never be sure that the legitimate vote-counting software or the vote-marking user interface is actually the software running on election day. One might think, “our voting machines are never connected to the Internet, so hackers cannot get to them.” But all voting machines need to be programmed for each new election: They need a “ballot-definition file” with the contests and candidate names for each election, and lists of the contests different voters are eligible to vote in. This programming is typically done via removable media such as a USB thumb drive or a memory card. Vote-stealing malware can piggyback on removable media and infect voting machines—even machines with no network connection. There is a way to count votes by computer and still achieve trustworthy election outcomes. A trustworthy paper trail of voter selections can be used to check, or correct, the electoral outcomes of the contest in an election…

If a BMD is hacked and systematically steals 5% of the votes in one contest and only 7% of voters inspect their ballots carefully enough to notice, then the effective rate of vote-theft is5% ?93% ,or 4.65%;this is enough to change the outcome of a moderately close election. The same analysis applies to a DRE+VVPATsystem.One might think:“not everyone needs to carefully verify their ballots;” if only 7% of voters carefully inspect their ballots, they can serve as a kind of “random audit” of the BMDs. But this sentiment fails to hold up under careful analysis…

in our hypothetical scenario in which a hacked BMD steals 5% of the votes, and 7% of voters carefully inspect their ballots (and know what to do when they see a mistake), then7% ?5% ofvoters will alert a pollworker; that is, 1 in every 285 voters will claim their paper ballot was mismarked—if the voters do not assume it was their own error. The BMD would successfully steal “only” 4.65% of the votes.One might think:“but some voters caught the BMD cheating, red-handed.” But nothing can be done. It is a rare election official who would invalidate an entire election because 1 out of 285 voters complained.

CTMirror: Connecticut’s upcoming primary election should be audited. Will it really be?

After every general election and primary, Connecticut law requires a post-election audit. Such audits are intended to provide justified confidence in our elections, that errors were not made, and that machines have not been hacked. However, unless something is done, this year the audits will be by far the weakest, least credible since audits were initiated with the adoption of optical scanners in 2007.

It is critical that we fully audit the August primary so any flaws can be fixed prior to the November election.

Paper ballots are of little use unless we actually vote and then exploit those ballots to provide justified confidence in our elections.

Op-Ed CTMirror: Connecticut’s upcoming primary election should be audited. Will it really be? <read>

Connecticut’s upcoming primary election should be audited. Will it really be?

Students at Wethersfield High School assist Secretary of the State Denise Merrill in a random drawing for the post-election audit.

Reasonably, in the COVID emergency, Gov. Ned Lamont and Secretary of the State Merrill have provided the opportunity for everyone to vote by absentee ballot in the primary. It is likely the General Assembly will do the same for the general election. Unfortunately, this will exacerbate preexisting gaps in our post-election audits.

Congress and voters are concerned with the potential for hacking by foreign governments and insiders, others do not trust the integrity of mail-in voting. The Federal Government has provided billions for protecting elections, with Connecticut spending millions of that Federal money on cyber security and absentee ballot mailings. In contrast, past audits have cost less than $100,000 in a presidential year and this year are on course to be halved in cost and effort for a second time.

In 2007 the General Assembly passed post-election audits that mandated auditing the counts in 10% of our polling place voting machines. The audits have proven useful in providing overall confidence and in identifying some flaws in the operation of those machines, uncovering persistent errors by officials, rather than computer errors, and exposing gaps in ballot security.

From the beginning, the audit law exempted hand-counted ballots, absentee ballots, and election day registration ballots — all under the flawed theory that if some machines count ballots accurately, they all do, even if they are exempted from the audit. Exempting ballots from audits provides hackers and insiders a formula for where to attack. The law includes no auditing of any of the processes around the election such as voter registration, absentee ballot applications, absentee ballot processing, or physical security of ballots.

Uniquely in Connecticut government, elections are beyond the scope of the state auditors or any sort of independent auditing. Several elections ago, the General Assembly, with the encouragement of the Registrars of Voters Association, cut the audit in half to 5%. Even with that, over 90% of ballots cast were subject to random selection for audit.

Now we face a primary, a critical election, and COVID-19. There will be a scramble to accurately process an unprecedented load of 10 to 15 times the number of absentee ballots. Since absentee ballots are excluded from the audit, less than half our votes will be subject to random selection and in the end only 1.5% to 2% will actually be audited. There will be no auditing of the absentee ballot processing and ballot security.

Registrars object to the expense and the drudgery of calling back polling-place officials to hand count selected ballots. That should no longer be a concern. The Secretary of the State’s office and the University of Connecticut have already built, tested, and paid for an electronically assisted post-election audit system. With that system registrars transport ballots to Hartford while the Secretary’s staff and UConn audit them under public observation. They verify a very small sample by hand against the UConn system. That system has been prototyped and in use for several elections. Last year it was used for over half of the towns selected for audit.

The General Assembly should act, at a minimum, to expand the current 5% audit to include all machine-counted ballots and order an independent audit of the absentee processes and ballot security. Failing that, the governor or Secretary Merrill should order those extensions. Available federal money is authorized to fund audits. There is a precedent. In 2008, facing a critical election and a public concerned with our new voting machines, using Help America Vote Act funding, Lt. Gov. Susan Bysiewicz, then Secretary of the State, ordered that the 10% audit for the primary be expanded to 30%.

It is critical that we fully audit the August primary so any flaws can be fixed prior to the November election.

Paper ballots are of little use unless we actually vote and then exploit those ballots to provide justified confidence in our elections.

Luther Weeks is Executive Director of the Connecticut Citizen Election Audit.

Courant article on Merrill/Blumenthal press conference raises concerns.

In today’s Hartford Courant a report on yesterday’s press conference: Absentee ballot process smooth so far – Blumenthal wants more election funding <read>

Gabe Rosenberg, a spokesman for Merrill, said the $45 million in additional funding would go toward new voting machines, new tabulators, more ballot boxes, voter education and enhanced cybersecurity. He said the funds, if distributed promptly, could ease a potentially chaotic Election Day in November.“It’s going to take along time to count because we don’t have high-speed ballot counters,” Rosenberg said. “That’s something we could buy with that kind of money.”…

As for the security of the new ballot boxes, Merrill said the receptacles were no less secure than a typical mailbox.“Just think of this as a mailbox,” she said. “The usual way you send back your ballot for 100 years is you send it back in the mail. This is just a fancy mailbox, and it’s here for a reason, because many town halls are still not open for business all the time.”

A crisis in nothing to waste, yet spending $45 million between now and November seems a bit excessive, especially when everything is complicated by COVID-19.

In today’s Hartford Courant a report on yesterday’s press conference: Absentee ballot process smooth so far – Blumenthal wants more election funding <read>

First a note of caution. I have been misquoted by the press, so perhaps some of that applies here. Here are the disturbing quotes:

Gabe Rosenberg, a spokesman for Merrill, said the $45 million in additional funding would go toward new voting machines, new tabulators, more ballot boxes, voter education and enhanced cybersecurity. He said the funds, if distributed promptly, could ease a potentially chaotic Election Day in November.“It’s going to take along time to count because we don’t have high-speed ballot counters,” Rosenberg said. “That’s something we could buy with that kind of money.”…

As for the security of the new ballot boxes, Merrill said the receptacles were no less secure than a typical mailbox.“Just think of this as a mailbox,” she said. “The usual way you send back your ballot for 100 years is you send it back in the mail. This is just a fancy mailbox, and it’s here for a reason, because many town halls are still not open for business all the time.”

A crisis in nothing to waste, yet spending $45 million between now and November seems a bit excessive, especially when everything is complicated by COVID-19.

The first concern is that evaluating and procuring new voting machines is very expensive and time consuming to do well, a long deliberate process. When Connecticut chose the AccuVoteOS machines in use now, the process took abut a year, with several machines evaluated by the UConn Voter Center, followed by public feedback and focus groups of voters, those with disabilities, officials, and technical experts. Even then Secretary of the State Susan Bysiewicz made a poor choice. To her credit, quickly changed for the better. Followed by close to a year of education of officials and voters along with pilot use in 25 towns. Not something to do in haste.
We do not need high speed scanners. Its a myth that our current scanners significantly slow absentee vote counting. I have led central count absentee vote processing five times. I also led a polling place where a scanner broke and we had to read 1,500 ballots into another scanner – that was done intermittently in less that two hours while voters continued to scan their votes into that same scanner. Scanning is a small part of absentee processing, perhaps 10%. In Glastonbury. in November 2016. we had less than 20,000 votes for President, 90+% counted in six polling place scanners. If we used six scanners for absentee counting, with a reasonable plan, they could count all the votes in a few hours, overlapped with the other aspects of processing absentees. Glastonbury has at least two scanners already dedicated to absentee counting. Secretary of the State Merrill has already purchased a reserve supply of AccuVoteOS scanners. Used AccuVoteOS scanners are available at about $40 at auction sites and dealers.
Its a big deal to purchase and test high speed scanners. We can’t use just any scanner. We need a high speed scanner made for vote counting. Not just any vote counting, but compatible with ballots used by our AccuVoteOS. It would help if they did not require separate programming from the AccuVoteOS scanners and did well with folded or creased ballots.
We do not currently audit absentee ballot scanners. Unless that is addressed, this August and November only the scanners in polling places will be subject to audit. Inadequate with uniform scanners, yet all but useless if a different model is used for absentees and counts the majority of ballots in the election.
These new ballot boxes are vulnerable and will be targets. Once again, if they are safe from attack, let us see the tests. Other states use them and keep them under video surveillance.

As I have said before, in this crisis I support expanded mail-in voting. Yet we cannot abandon common sense.

John Oliver on election integrity

You may not believe Scientists, yet John Oliver does…

Editorial, Bridgeport Part 2: What could/should we do

Earlier we described the general situation with regard to the recent Bridgeport Primary and some steps in the wrong direction.<read part 1> Today we will discuss some steps that could be taken to prevent these same problems in Bridgeport, Hartford, Stamford, and elsewhere in Connecticut.

Increase Enforcement
Monitor Elections With Independent Monitors
Randomly Audit Absentee Votes, Envelopes, and Applications
Do for Elections What We Have Done for Probate

Increase Enforcement: Over at least the last dozen years all the state watchdog agencies have been under assault by the General Assembly. Faced with an increasing load of complaints the relatively small State Elections Enforcement Agency (SEEC) has been considerably reduced in size. The result has been slower and slower adjudication of cases, while the General Assembly mandated that many cases not dissolved in a year must be dismissed. A start would be aiming to double its size with additional administrative staff, yet mostly more investigators and lawyers. The sooner the better as it takes years for a lawyer there to be fully knowledgeable and productive. We should also outlaw fines levied on officials being paid by their towns. (Maybe its just me, but when there is a blatant violation it makes no sense for the actual perpetrators not to bare the burden) In significant cases we would like to see the violators replaced.

Monitor Elections With Independent Monitors: Last year, Bridgeport had a primary rerun twice because of absentee ballot problems. The second time a monitor said to do it again. That was a local individual who did a good job as far as we know, yet the answer is truly independent monitors, and not just for a couple primaries. Full time expert monitors should be assigned to repeat violators such as Bridgeport – for multiple years – paid to also get registrar certifications, all at the town’s expense.

Randomly Audit Absentee Votes, Envelopes, and Applications: Connecticut has post-election audits of polling place cast votes. We do not audit the centrally counted absentee ballots or the Election Day Registration ballots. We should go way beyond that and randomly select a % of absentee ballot envelopes, checklists, and applications for signature integrity, and voter interviews to determine how pervasive these problems are in every town across the state. Where necessary enforcement actions and expanded audits undertaken based on violations found. Towns with a history of abuse should be subject to increased random selection in subsequent years. This should be a truly Independent Audit perhaps under the auspices of the State Auditors of Public Accounts or the SEEC. The state’s history with the not truly independent post-election audit should be avoided.

Finally, a robust measure of prevention and professionalism that could make a huge difference in Connecticut Elections:

Do for Elections What We Have Done for Probate: Rationalize, Professionalize, Economize.

Reminder, Cybersecurity will never be enough

States and the Federal Government are pumping millions into cybersecurity and new voting systems. That is all good, especially when the new systems are for Voter Marked Paper Ballots and Ballot Marking Devices for those with disabilities. Yet ultimately, it can provide a false sense of security. No matter how strong the cybersecurity and the quality of software, based on Turing’s Halting Problem, it is impossible to secure a computer system from errors and hacking. it is also impossible to secure systems from insiders and others with physical access.

Today’s stories at The Voting News provide a reminder of current vulnerabilities:

How state election officials are contributing to weak security in 2020 | Joseph Marks/The Washington Post
Cyber firm examines supply-chain challenge in securing election ecosystem | Charlie Mitchell/InsideCyberSecurity.com
Editorials: Cyber attacks threaten security of 2020 election | Ray Rothrock/San Jose Mercury-News
Arizona: Is Arizona doing enough to protect 2020 elections? Computer security experts weigh in | Andrew Oxford/Arizona Republic
Georgia: Check-in computers stolen in Atlanta hold statewide voter data | Mark Niesse and Arielle Kass/The Atlanta Journal-Constitution
(PS: Instead stealing these computers they could have hacked them or the voting machines.)
Louisiana: New Louisiana election, same old voting machines | Melinda DeSlatte/Associated Press
New Jersey: Activists press for federal support to upgrade New Jersey’s vulnerable voting machines | Briana Vannozzi/NJTV News
North Carolina: Experts Warn of Voting Machine Vulnerabilities in North Carolina | Nancy McLaughlin/Greensboro News & Record
North Carolina: Voting equipment approval didn’t follow law | Jordan Wilkie/Carolina Public Press
Pennsylvania: Elections officials touted new electronic poll books. Now the city says they don’t work right. | Jonathan Lai/Philadelphia Inquirer

That is why we need:

Voter Marked Paper Ballots that can be audited and recounted to verify the machine results
Strong physical security and chain-of-custody for ballots
Best is publicly scanned and reported machine totals compared to the physical ballots

Op-Ed: Election Security Isn’t That Hard

Op-Ed in Politico by two former secretaries of state, one D and one R: Election Security Isn’t That Hard

First, we need to dispel one misconception. Many people (including many election officials) believe that if a voting system or scanner is never connected to the internet, it will always be safe. Alas, that’s not the case…

What this means is that while we must make our election infrastructure as secure as possible, we need to accept that it is essentially impossible to make those systems completely secure.

Overall, we agree as far as this op-ed goes. Yet, Risk Limiting Tabulation Audits alone are not sufficient. We need additional audits to check the rest of the process, “process audits” e.g. chain-of-custody/ballot security audits, check-in process audits (appropriate voters allowed or excluded from voting?), accuracy of the voter registration database and lists etc. Like many officials the authors focus on cyber attack, yet we must also protect our systems from insider attack. Connecticut has a way to go to meet these standards. We do have voter marked paper ballots and air-gaped systems. Yet we have insufficient protection of those paper ballots and insufficient election audits.

Op-Ed in Politico by two former secretaries of state, one D and one R: Election Security Isn’t That Hard <read>

That’s not to say that it’s easy, particularly given the decentralized nature of our election administration system. Most states administer elections locally and only a few states have uniform equipment in each locality. For many years, election administration has been woefully underfunded, leading to wide variability in capacity and resources. But, as long as the equipment incorporates a voter-marked paper ballot, officials can adjust existing processes to instill confidence in elections, regardless of the equipment in place.

First, we need to dispel one misconception. Many people (including many election officials) believe that if a voting system or scanner is never connected to the internet, it will always be safe. Alas, that’s not the case…

What this means is that while we must make our election infrastructure as secure as possible, we need to accept that it is essentially impossible to make those systems completely secure.

We completely agree. Its important to take strong security measures to protect election systems – voting systems, registration systems – yet that can never be sufficient. We need systems, manual, and computer that are not dependent of electronics. Paper voter lists at every polling place to backup electronic pollbooks and online voter databases. Paper ballots to vote on when the systems fail or the power goes out. Independent audits and recounts of the paper to detect problems and to recover from errors, fraud, and disasters.

The three parts work together. Voter-verifiable paper ballots are required as a check on the computers that tabulate the ballots. The strong chain of custody prevents ballot box stuffing, as well as the theft or alteration of voted ballots. And ballot audits, known as Risk-Limiting Audits (RLAs), make it possible to recover from an attack, or even from malware or unintended mistakes, by randomly selecting ballots and using them to check the accuracy and correctness of the scanner.

It’s not enough to just have paper ballots – it’s also important that they be checked by voters. If a voter makes a mistake while marking her ballot or if a machine that marks a paper ballot for the voter misrecords the voter’s selections, then the voter’s choices will not be correctly counted. This is an important step to raise confidence in the validity of any system. A strong chain of custody also increases confidence.

Overall, we agree as far as this goes. Yet, Risk Limiting Tabulation Audits alone are not sufficient. We need additional audits to check the rest of the process, “process audits” e.g. chain-of-custody/ballot security audits, check-in process audits (appropriate voters allowed or excluded from voting?), accuracy of the voter registration database and lists etc. Like many officials the authors focus on cyber attack, yet we must also protect our systems from insider attack.

Connecticut has a way to go to meet these standards. We do have voter marked paper ballots and air-gaped systems. Yet we have insufficient protection of those paper ballots and insufficient election audits.

Why ballot images fail as the record of an election

A new paper demonstrates how to steal an election by manipulating ballot images: Unclear Ballot: Automated Ballot Image Manipulation. In fact, it is a neat solution that changes the image before the CVR is created, in a way that would be hard to detect.

For the non-technical this may seem difficult, yet for those with the appropriate computer skills it is a straight-forward task. Then anyone with access to election computer systems could install the code maliciously, unknowingly, or under threat.

A new paper demonstrates how to steal an election by manipulating ballot images: Unclear Ballot: Automated Ballot Image Manipulation <read>

The current crop of election optical scanners count elections by creating ballot images, followed by processing those images to create a record of the votes on those images, storing those votes in a computer record known as a Cast Vote Record (CVR). Some would audit elections by only examining the images, rather than the paper ballots. Such audits can be useful, yet are ultimately limited by the opportunity for the images to be manipulated. The paper shows how easy that is. In fact, it is a neat solution that changes the image before the CVR is created, in a way that would be hard to detect.

From the paper:

Using computer vision techniques, we develop an algorithm that automatically and seamlessly manipulates ballot images, moving voters’ marks so that they appear to be votes for the attacker’s preferred candidate. Our implementation is compatible with many widely used ballot styles, and we show that it is effective using a large corpus of ballot images from a real election. We also show that the attack can be delivered in the form of a malicious Windows scanner driver, which we test with a scanner that has been certified for use in vote tabulation by the U.S. Election Assistance Commission. These results demonstrate that post-election audits must inspect physical ballots, not merely ballot images, if they are to strongly defend against computer-based attacks on widely used voting systems…

Uses for image audits. So long as image audits are not the sole mechanism for verifying election results, they do provide substantial benefits to election officials.Using an image audit vastly simplifies some functions of election administration,like ballot adjudication in cases where marks cannot be interpreted by scanners or are otherwise ambiguous. Image audits can be used to efficiently identify and document election discrepancies,

Read the paper. It shows why there is more to it than making a few marks on a ballot.

The Case Against Trusting Democracy to BMDs

Ballot Marking Devices (BMDs) are under consideration by several states for use for all in-person voting. They have paper ballots, “What could possibly go wrong?”. A recent paper makes the case that they cannot be audited or trusted to provide accurate results. The paper recommends that they should be limited to use by voters that need accessibility: Ballot-marking devices (BMDs) cannot assure the will of the voters

not only is it inappropriate to rely on voters to check whether BMDs alter expressed votes, it doesn’t work.

Yet, this paper has been very controversial in election integrity circles. Advocates for those with disabilities argue that everyone should vote the same way on the same equipment, because that is what is needed to provide equality, to incentivize and cause better BMDs that meet everyone’s needs including those for evidence based elections.

..paper ballots provide no assurance unless they accurately record the vote as the voter expresses it. Voters can express their intent by hand-marking a ballot with a pen, or using a computer called a ballot-marking device (BMD),which generally has a touchscreen and assistive interfaces. Voters can make mistakes in expressing their intent in either technology, but only the BMD is also subject to systematic error from computer hacking or bugs in the process of recording the vote on paper, after the voter has expressed it. A hacked BMD can print a vote on the paper ballot that differs from what the voter expressed, or can omit a vote that the voter expressed…

Research shows that most voters do not review paper ballots printed by BMDs, even when clearly instructed to check for errors. Furthermore,most voters who do review their ballots do not check carefully enough to notice errors that would change how their votes were counted…There is no action that a voter can take to demonstrate to election officials that a BMD altered their expressed votes, and thus no way voters can help deter, detect, contain, and correct computer hacking in elections. That is, not only is it inappropriate to rely on voters to check whether BMDs alter expressed votes, it doesn’t work.

The entire paper is readable and makes a complete case for its conclusions.

Simply stated Georgia, Pennsylvania, and other states seeking accurate, credible elections need paper ballots, sufficient post-election audits, ballot protection, and Voter-Marked Paper Ballots. BMDs are insufficient and cost several times more.

Editorial

We completely agree with the paper’s conclusions. Overall there is nothing new here, except an extensive review and clarification of older and recent work.

We are sympathetic to the needs of those with disabilities. We need better interfaces and BMDs to serve them better. Yet, spending triple on inadequate equipment is not the path forward.

As long as we have absentee voting, we will have voter marked paper ballots, as long as BMDs use multiple interfaces, all voters will not vote the same way.

Better that money and effort be spent on research and innovation, than on excessive purchases of inadequate equipment. Where is the incentive for vendors to innovate when election officials can be, all but, mandated to buy the inadequate equipment on the market? The only incentive would be for multiple rounds of modestly better BMDs followed by multiple rounds of expensive replacements.

We Must Do Better: Connecticut’s 2018 Post Election Audit

Citizens Audit Report:
We Must Do Better:
Independent Observation and Analysis of Connecticut’s 2018 Post Election Audit

From the Press Release:

Post-election vote audits of the November 2018 elections failed to meet basic audit standards. Audit should provide voters with justified confidence in elections. Instead, these audits reduce our confidence in election officials, concludes the non-partisan Connecticut Citizen Election Audit. Five percent of the State’s election districts were randomly chosen to be audited, as required by state law.

Among the Citizen Audit’s concerns:

The audits were not conducted and reported as required by law. The Secretary of the State’s Office continues to fail to take responsibility for that failure by local officials.
39% of official audit reports submitted by town registrars were incomplete.
Human error was still considered an acceptable explanation of differences between machine and manual counts. This defeats the purpose of the audits.
Weaknesses in ballot chain-of-custody and security procedures.
Continued use of flawed electronic audit procedures that are not publicly verifiable.

The Citizen Audit was pleased with the following developments:

Fewer instances of write-in ballots not properly stored in separate envelopes.
Fewer instances of write-in ballots read into scanners multiple times on election night.
Electronic Audit equipment had few if any problems reading creased, folded, or mutilated ballots.

“We are frustrated with so little improvement after 20 statewide audits over 11 years,” Luther Weeks, Executive Director of the Citizen Audit said. “Citizens deserve better. If the Secretary of the State’s Office acts to fix these problems and pursues publicly verifiable electronic audits, progress can be achieved in the near term.”

Citizens Audit Report:
We Must Do Better:
Independent Observation and Analysis of Connecticut’s 2018 Post Election Audit

From the Press Release:

Among the Citizen Audit’s concerns:

The audits were not conducted and reported as required by law. The Secretary of the State’s Office continues to fail to take responsibility for that failure by local officials.
39% of official audit reports submitted by town registrars were incomplete.
Human error was still considered an acceptable explanation of differences between machine and manual counts. This defeats the purpose of the audits.
Weaknesses in ballot chain-of-custody and security procedures.
Continued use of flawed electronic audit procedures that are not publicly verifiable.

The Citizen Audit was pleased with the following developments:

Fewer instances of write-in ballots not properly stored in separate envelopes.
Fewer instances of write-in ballots read into scanners multiple times on election night.
Electronic Audit equipment had few if any problems reading creased, folded, or mutilated ballots.