The method is adaptive: if the technology behaves properly, this protection does not increase the audit workload. One method allows untrusted technology to be used to imprint and to retrieve ballot cards. But what if the system does not in fact print a unique number on each ballot or does not accurately report the numbers it printed? This paper gives two ways to conduct an RLA so that even if the system does not print a genuine nonce on each ballot or misreports the nonces it used, the audit's risk limit is not compromised (however, the anonymity of votes might be compromised). Printing a unique pseudo-random number ("cryptographic nonce") on each ballot card after the voter last touches it could reduce such privacy risks. But for precinct-count systems (PCOS), these strategies may compromise vote anonymity: the order in which ballots are cast may identify the voters who cast them.
#IMAGECAST PRECINCT BMD SERIAL NUMBER#
Such links can be created by keeping the ballots in the order in which they are scanned or by printing a unique serial number on each ballot. Such comparisons require the voting system to create and export CVRs in a way that can be linked to the individual ballots the CVRs purport to represent. The most efficient use ballot-level comparison, comparing the voting system's interpretation of individual ballot cards sampled at random (cast-vote records, CVRs) from a trustworthy paper trail to a human interpretation of the same cards. Risk-limiting audits (RLAs) guarantee a high probability of correcting incorrect reported outcomes before the outcomes are certified. We illustrate by simulating an audit spread across California's 58 counties. Finally, we present the first sharp method that is tractable to compute when there are many strata, allowing audits of statewide contests stratified by jurisdiction. In a simulation study, we demonstrate that a well-chosen allocation rule can dramatically reduce the workload of an audit. Further efficiency comes from optimizing how samples are allocated across strata: audits can stop earlier by preferentially using samples from strata that provide evidence against the intersection null. The second method multiplies within-stratum martingales to compute a pooled $P$-value, and decreases the measured risk by more than an order of magnitude - from 0.037 to 0.003. The first method uses Fisher's combining function to pool any valid within-stratum $P$-values, and decreases the measured risk for the 2018 pilot hybrid audit in Kalamazoo, Michigan, USA by about 40% compared to SUITE - from 0.037 to 0.022. We begin by outlining two general methods to pool $P$-values from stratified samples.
Building on the idea of union-intersection tests proposed in SUITE and SHANGRLA, we present a number of techniques to improve the efficiency and flexibility of stratified audits.
Risk-limiting audits need to use stratified samples to accommodate heterogeneous voting equipment or laws that mandate jurisdictions draw their audit samples independently, among other constraints. Replacing electronic voting machines with hand-marked paper ballots is the most affordable and secure option. This one-time transition cost is much smaller than even annual expenditures on other critical infrastructure (Copeland 2010 Halderman 2019). We propose that Congress (1) allocate $110 million exclusively for transitioning away from electronic voting machines and (2) prohibit the use of federal funds for purchasing voting systems that do not primarily use hand-marked paper ballots.
While Congress allocated $380 million in 2018 and $425 million in 2020 to improve election security, these funds were neither targeted at nor sufficient for replacing all electronic voting machines. Most states have switched to secure, hand-marked paper ballots, but roughly 30% of Americans will continue to vote using vulnerable voting machines in 2020 (Cordova et al. Many existing electronic voting machines have malfunctioned during recent elections, and many are also vulnerable to hacking (Appel et al. American democracy is critically threatened by the use of insecure voting systems.
0 kommentar(er)
