Credit: Pixabay/CC0 Public Domain

The Association for Computing Machinery's global Technology Policy Council (TPC) has released "Election Security: Risk-Limiting Audits." It is the latest in a series of ACM TechBriefs—short technical bulletins that present scientifically grounded perspectives on the impact of specific technological developments in computing.

"Election Security: Risk-Limiting Audits" defines an "RLA" as a process by which humans can ensure within a specified risk tolerance that the computerized tallies of paper ballots are correct by examining a random sample of paper ballots by hand.

This new ACM TechBrief was written to call attention to a specific problem: although risk-limiting audits are a highly accurate, efficient, and economical means of confirming the accuracy of outcomes, they are infrequently used in the United States and almost never elsewhere in the world.

Specifically, while RLAs were introduced in 2008 (and will be used in the US this year), only five states will require RLAs in November's US elections. Just ten additional states either have RLA pilot programs or permit their use. Outside the US, Denmark is the only other country to have conducted an RLA of an actual election.

Among the important considerations listed in the "Policy Implications" section of the TechBrief, the TPC authors note that because multiple RLA techniques are available—each of which may have different requirements—the laws, regulations, and policies governing their use must be appropriately flexible. The TechBrief also underscores that RLAs require paper ballots. Therefore, governments hoping to use RLAs in the future must not adopt internet or paperless electronic voting systems.

"Risk-limiting audits have seen modest growth in their use within the United States, but they should be more widespread," says Matthew Bernhard, a research engineer at the non-profit organization VotingWorks and co-lead author of the new ACM TechBrief.

"Computerized ballot scanners, while providing enormous benefits to the speed of tallying ballots, are vulnerable to misconfiguration and hacking. Counting millions of complex ballots by hand is impractical, however. RLAs give us the best of both worlds: a high degree of accuracy and transparency without the enormous undertaking that is counting every contest on every ballot by hand."

"As we saw in Georgia in 2020, they can be an important tool for election officials to provide more transparency and robust analysis of election processes, as they surface issues that other post-election auditing techniques miss. We hope this TechBrief serves as a jumping off point to a wide audience of decision-makers and stakeholders to promote more widespread adoption of RLAs in the United States and beyond."

"The news is full of discussions around election integrity and security for the upcoming mid-term elections," added Dan S. Wallach, a Professor of Computer Science and Electrical and Computer Engineering at Rice University and a co-lead author of the new ACM TechBrief.

"Improving election integrity doesn't need to be a partisan argument. With straightforward tools like risk-limiting audits, can increase public assurance that election outcomes are correct, even in the face of hypothetical corruption or tampering with computerized tabulation systems. This TechBrief helps explain how risk-limiting audits work and will assist the public dialogue to hasten their adoption."

The key conclusions of "Election Security: Risk Limiting Audits" are:

  • RLAs are a powerful, efficient means to assure election accuracy and encourage public confidence in their certified results.
  • RLAs mitigate the risk of software bugs, procedural mistakes, and security flaws in electronic tallying systems by permitting randomly sampled paper ballots to be checked against their electronic equivalents but are not possible with internet or paperless electronic voting systems.
  • While the use of RLAs has been increasing, many more jurisdictions potentially could benefit from their adoption.

More information: Matthew Bernhard et al, ACM TechBrief: Election Security: Risk Limiting Audits, (2022). DOI: 10.1145/3568005

Provided by Association for Computing Machinery