EVT/WOTE: Keynote – How salty is the soup? And why risk limiting audits are insufficeint.

Editor’s Note: August 8th and 9th, we attended the EVT/WOTE (Electronic Voting Technology / Workshop On Trustworthy Elections) in San Francisco.  Over time, we are highlighting several papers and talks from the conference.

The keynote speaker was Professor Philip Stark, Department of Statistics, U.C. Berkeley. He is the leading researcher and advocate for single ballot auditing, which would make post election audits much more efficient, while also provides the basis for efficient auditing by machine. The talk is serious and lite covering election integrity from 10,000 feet.  I recommend reviewing the slides from the talk, with one caveat: The slides are a large download, but well worth the wait. <slides – large download> <video> <listen>

His talk is titled: Risk Limiting Audits: Soup to Nuts, and Beyond.

Soup refers to the analogy he frequently uses to describe the statistical basis of risk limiting audits. Pollsters know that the accuracy of polling depends on the number of voters polled, not the size of the population eligible to vote in a particular contest. Thus the accuracy of an audit depends on the number of ballots checked, not the number of ballots in the election. It is just like tasting soup (or an ocean):

  • To know whether the soup is too salty, don’t need to eat all of it.
  • Enough to taste a teaspoon, if soup is stirred well.
  • Doesn’t matter how big the pot is: a teaspoon is enough.

Nuts refers to the limits on the purpose of an audit, according to Professor Stark:

The purpose of elections is to convince the losers that they lost.
(D. Wallach)
The purpose of election audits is to convince everybody who isn’t
nuts that the losers lost. (Y. T.)…

What’s a nut?

  • Somebody whose biggest fear is different enough from yours.
  • Somebody who shares your biggest fear is sane (and smart!).
  • Somebody whose biggest fear is close to yours has an interesting perspective.
  • Eccentric ! preoccupied ! irrationally fixated ! nuts.
  • The “Wayne’s World” test.

Unfortunately, who is a nut is in the eye of the beholder. Some have blind trust in election machines and blind trust in security procedures, Officials with high levels of trust question the need for post-election audits of any type. They would classify anyone questioning the possibility of election errors or fraud as nuts. Others would never be convinced of election integrity, distrusting whatever evidence is presented by officials and judged sufficient by independent observers.

Professor Stark’s talk is centered on three big ideas which would produce audits sufficient to convince most of us that the losers lost:

Strongly Software-Independent Voting System
A voting system is strongly software-independent if an undetectable error or change to its software cannot produce an undetected change in the outcome, and we can find the correct outcome without rerunning the election.

Risk-limiting Audit
Large, known chance of a full hand count if the outcome is wrong, thereby correcting the outcome.

Risk is maximum chance of failing to correct an apparent outcome that is wrong, no matter what caused the outcome to be wrong.

Resilient Canvass Framework
Known minimum chance that the overall system (human, hardware, software, procedures) gives the correct election outcome—when it gives an outcome.

Combine a strongly software-independent voting system with a compliance audit and a risk-limiting audit.

Ingredients for resilient canvass framework

  • Voters create complete, durable, accurate audit trail.
    Strongly software independent voting system.
  • LEO curates the audit trail properly.
    Proper use of seals, surveillance, secure chain of custody, . . .
  • Compliance audit to ensure that the audit trail is adequately
    intact before the risk-limiting audit starts. If not, need a re-vote.
    “No smoking gun” is not affirmative evidence.
  • Timely reporting of all-but-final results for auditable batches.
    Smaller batches are better.
  • Count votes by hand until there’s strong evidence that counting
  • the rest won’t change the outcome–risk-limiting audit
    “Explaining” or “resolving” errors isn’t enough.
    Might need to count all votes by hand if margin is small or audit finds enough error.

A compliance audit is what we mean when we say that a chain is only as strong as its weakest link and that the chain of custody in Connecticut is insufficient to proved confidence in our post-election audits.

Take the time to download the slides for a non-technical introduction to post-election audits, single ballot audits, their purpose, and what is needed to provide justified confidence in elections.


Leave a Reply

You must be logged in to post a comment.