Connecting state and local government leaders

How Much State Interest Is There in Proper Election Audits?

Republican U.S. Senate candidate Roy Moore talks to the media on election day as he votes in Gallant, Alabama. The state is the latest to hold a special election without an adequate audit structure in place, according to security experts.

Republican U.S. Senate candidate Roy Moore talks to the media on election day as he votes in Gallant, Alabama. The state is the latest to hold a special election without an adequate audit structure in place, according to security experts. Brynn Anderson / AP Photo


Connecting state and local government leaders

As Colorado pioneers best practices, races in Georgia and Alabama show how futile efforts are to verify votes without the right protocols in place.

Post-election, risk-limiting audits are being considered by a growing number of states, and not only the ones you’d expect, following Colorado’s completion of the first-of-its-kind assessment of its voting systems.

In accordance with a 2009 state law, after a three-year delay, all of Colorado’s 56 counties that recently purchased new voting equipment capable of supporting RLAs and had November elections performed audits and passed.

Election security experts recommend RLAs because they compare random samples of paper ballots, which can’t be hacked at a time when fears of Russian tampering are high, to their digital counterparts more efficiently and accurately than simple random audits.

“They’re really learning how to run these audits,” Joe Kiniry, the CEO of Portland, Oregon-based Free & Fair, told Route Fifty by phone.

Colorado Secretary of State Wayne Williams must by law expand RLAs as jurisdictions purchase new voting equipment and broaden the sets of races under audit.

In the state’s “first pass,” one contest in each participating jurisdiction was selected to drive the audit. Because everything on the paper ballot is being input in the process, all contests wind up being audited.

Eventually the goal is to audit all contests independently, but whether that happens in 2018 is a decision for the secretary of state.

Colorado is also wrestling with how to audit its primaries, Kiniry said, as well as contests that span multiple jurisdictions with independent auditors. Still, he’s convinced the state’s 2018 midterm elections audits will be “the best ever seen on the planet.”

Already they’ve gained the attention of Rhode Island, where lawmakers passed legislation in September adopting RLAs and had its Board of Elections staff join federal officials in observing Colorado’s process.

Virginia also passed legislation requiring RLAs in 2017, according to the National Conference of State Legislatures, while elected officials in Washington state enhanced election reconciliation reporting requirements. A half-dozen other states have RLA bills in their legislatures, Kiniry said, and Congress has another three that are unlikely to get out of committee.

States like Virginia getting burned by their lack of paper-based audits has been a strong impetus for modernization, Kiniry said.

“Sometimes crisis is what moves positive change forward,” he said.

Holdout Georgia is even in the process of replacing its voting equipment with machines that produce a paper ballot record, and Kiniry said he’d be “unsurprised” if RLAs were tackled next legislative session.  

That won’t help in the recount of the Atlanta mayoral runoff, a tight race where no paper ballot record exists and Democratic candidate Keisha Lance Bottoms leads independent candidate Mary Norwood by a mere 832 votes. Were an RLA possible, it could conclude before the full recount, Kiniry said, saving time, money and turning into a full recount only if tech mistakes were identified—allowing for a deeper analysis of the electoral process.

While the U.S. House special election in Georgia’s 8th congressional district in June was a far more appetizing race for hackers given it was the most expensive contest in the chamber’s history, in neither that case nor the Atlanta runoff will the computers involved in the elections ever be forensically analyzed.

“If somebody wanted to experiment to better understand their attack method—not influence the outcome of the election but impact the confidence of voters—indeed, we hypothesize it would be in a down-ballot race or jurisdiction that was highly contested,” Kiniry said.

Then there’s Tuesday’s heated Senate election in Alabama for U.S. Attorney General Jeff Sessions’ vacated seat. The Alabama Supreme Court stayed a lower court’s order requiring the preservation of digital ballot images in case of a recount, despite the concerns of advocacy groups like Verified Voting that the state’s lack of an audit structure would see paper ballots tabulated by optical scanner re-tabulated by possibly compromised machines, instead of a hand count.

Alabama Secretary of State John Merrill, who has previously described questionable Russian elections as “free and fair” after observing them, pushed for the stay arguing the two election officials looking to preserve records lacked the authority and would only cause confusion among other local election officials about proper procedure.

Nationally, President Trump’s Advisory Commission on Election Integrity has come under fire from the Obama administration’s director of national intelligence, Jim Clapper, and other national security and cybersecurity experts over its plan to create a U.S. voter database that could become the target of hackers. Clapper and the other experts backed an amicus brief filed in federal court in support of nonprofit Common Cause’s lawsuit against the commission.

“In 2016, America experienced an unprecedented attack against our democracy by a foreign nation-state seeking to influence the outcome of the presidential election through cyber operations. We should do everything we can to increase our defenses against such attacks,” said former National Counterterrorism Center Director Matt Olsen in a statement. “To that end, the Commission on Election Integrity should ensure that it has established basic data security measures as it sets about gathering the highly sensitive information of millions of Americans into one centralized, potentially vulnerable location where the database may quickly become an appealing target for foreign powers and criminal enterprises alike.”

A national voter database is actually standard procedure for many Western democracies, Kiniry said, though government hasn’t proven to be a good steward of such information previously.

Within the U.S., the Electronic Registration Information Center already ensures the voter records of people moving between member states are updated.

Kiniry doesn’t view Social Security numbers as personal information with most peoples’ having already been leaked online and added that if the federal government properly protects the database, so information couldn’t be gleaned from it if downloaded, it could ultimately help engage more voters and improve turnout.

“I don’t hold concern in the existence of such a database personally,” Kiniry said. “That’s all good process—having a clean voter record.”

Dave Nyczepir is a News Editor at Government Executive’s Route Fifty and is based in Washington, D.C.

NEXT STORY How Colorado Is Trying to Stay Ahead of Evolving Transportation Technology