Election audit


An election audit is any review conducted after polls close for the purpose of determining whether the votes were counted accurately or whether proper procedures were followed, or both.
Both results and process audits can be performed between elections for purposes of quality management, but if results audits are to be used to protect the official election results from undetected fraud and error, they must be completed before election results are declared final.
Election recounts are a specific type of audit, with elements of both results and process audits.

The need for verification of election results

In jurisdictions that tabulate election results exclusively with manual counts from paper ballots, or 'hand counts', officials do not need to rely on a single person to view and count the votes. Instead, incorporate redundancy, so that more than one person views and interprets each vote and more than one person confirms the accuracy of each tabulation. In this way, the manual count incorporates a confirmation step, and a separate audit may not be considered necessary.
However, when votes are read and tabulated electronically, confirmation of the results' accuracy must become a separate process.
Within and outside elections, use of computers for decision support comes with certain IT risks. Election-Day electronic miscounts can be caused by unintentional human error, such as incorrectly setting up the computers to read the unique ballot in each election and undetected malfunction, such as overheating or loss of calibration. Malicious intervention can be accomplished by corrupt insiders at the manufacturer, distributor or election authority, or external hackers who access the software on or before Election Day.
Computer-related risks specific to elections include local officials’ inability to draw upon the level of IT expertise available to managers of commercial decision-support computer systems and the intermittent nature of elections, which requires reliance on a large temporary workforce to manage and operate the computers. Voting machines are usually air-gapped from the internet, but they receive updates from flash drives which do come from the internet, and in any case air-gapped computers are regularly hacked through flash drives and other means. Besides traditional security risks such as lock-picking and phishing attacks, voting machines are often unattended in public buildings the night before the election. This physical access lets outsiders subvert them.
To reduce the risk of flawed Election-Day output, election managers like other computer-dependent managers rely on testing and ongoing IT security. In the field of elections management, these measures take the form of federal certification of the electronic elections system designs, though there is no way to know the certified software is what is actually installed; security measures in the local election officials’ workplaces; and pre-election testing.
A third risk-reduction measure is performed after the computer has produced its output: Routinely checking the computers' output for accuracy, or auditing. Outside elections, auditing practices in the private sector and in other government applications are routine and well developed. In the practice of elections administration, however, the Pew Charitable Trusts stated in 2016, “Although postelection audits are recognized as a best practice to ensure that voting equipment is functioning properly, that proper procedures are being followed, and that the overall election system is reliable, the practice of auditing is still in its relative infancy. Therefore, a consensus has not arisen about what constitutes the necessary elements of an
auditing program.”
Routine results audits also support voter confidence by improving election officials' ability to respond effectively to allegations of fraud or error.

Examples of wrong outcomes found by audits

In 2012 in Palm Beach County, FL, a routine audit which hand-counted a sample of precincts, changed the outcomes in two Wellington City council contests. Votes in each contest were reported for a different contest. The problem did not occur in the county's other 15 municipalities.

Examples of intrusions into election computers

Computers which tally votes or compile election results are known to have been hacked in the US in 2014
and 2016,
Ukraine in 2014,
and South Africa in 1994.
Only the Ukraine hack was disclosed immediately, so regular audits are needed to provide timely corrections.

Audit challenges unique to election results

Confirming that votes were credited to the correct candidates’ totals might seem to be a relatively uncomplicated task, but election managers face several audit challenges not present for managers of other decision-support IT applications. Primarily, ballot privacy prevents election officials from associating individual voters with individual ballots. This makes it impossible for election officials to use some standard audit practices such as those banks use to confirm that ATMs credited deposits to the correct account.
Another challenge is the need for a prompt and irrevocable decision. Election results need to be confirmed promptly, before officials are sworn into office. In many commercial uses of information technology, managers can reverse computer errors even when detected long after the event. However, once elected officials are sworn into office, they begin to make decisions such as voting on legislation or signing contracts on behalf of the government. Even if the official were to be removed because a computer error was discovered to have put that official in office, it would not be possible to reverse all the consequences of the error.
The intermittent nature of elections is another challenge. The number of elections managed by an election authority ranges from two per year in five US states to one every 4 years in parliamentary systems like Canada where different election authorities manage national, provincial and municipal elections. This intermittency limits the development of a full-time, practiced workforce, for either the elections or the audits. Turning election audits over to an independent, disinterested professional accounting firm is another option not available to election officials. Because election results affect everyone, including the election officials themselves, truly disinterested auditors do not exist. Therefore, audit transparency is required to provide credibility.

Attributes of a good election results audit

No governing body or professional association has yet adopted a definitive set of best practices for election audits. However, in 2007 a group of election-integrity organizations, including the , Common Cause, and the Brennan Center for Justice at NYU School of Law collaborated with the American Statistical Association to produce a set of recommended best practices for post-election results audits:
  • : The public must be allowed to observe, verify, and point out procedural mistakes in all phases of the audit. This requires that audit procedures and standards be adopted, in written form, and made available before the election.
  • : While the actual work of post-election audits may be best performed by the officials who conduct the elections, the authority and regulation of post-election audits should be independent of officials who conduct the elections.
  • : Vote-counting in the audit should be performed with hand-to-eye counts of voter-marked, voter-verified paper ballots.
  • : The records used in the audit must be verified to be true and complete records of the election.
  • : The audits must reach statistical confidence that the computer-tabulated results identified the correct winners.
  • : When discrepancies are found, investigation is conducted to determine cause of the discrepancies.
  • : The ballot-sample selection process includes all jurisdictions and all ballot types.
  • : The audit includes a limited non-random sample selected on the basis of factors useful for building voter confidence or improving election management, such as Election-Day problems or preliminary results that deviate significantly from historical voting patterns.
  • : Post-election audits must be completed before election results are declared official and final, and must either verify or correct the outcome.

    Current practices in election results auditing

India

India has designed and uses voting machines with one button per candidate. The button, when pressed, prints the selected candidate on a slip of paper, displays it to the voter, drops the slip into a box and tallies a vote for the candidate. The VVPAT is easy for voters to check, since voters only have one vote to cast, for one member of the lower house of Congress. However, there is no way to correct the vote if the VVPAT shows an error. The software is encoded on the machines' chip in a way that it cannot be examined. Brookings found that India's adoption of voting machines cut paper ballot stuffing noticeably in states with the most election prosecutions, and led to more voting by disadvantaged populations. Originally the voting machines lacked a paper trail, and VVPATs were added in 2013-2019 because of doubts about security of unchecked machines.
India hand tallies paper VVPATs from a 1.5% sample of election machines on the last evening of voting, before releasing results. In the April–May 2019 elections, the Election Commission of India hand-tallied the slips of paper from 20,675 voting machines and found discrepancies for 8 machines, usually of four votes or less. Most machines tally over 16 candidates, and they did not report how many of these candidate tallies were discrepant. They formed investigation teams to report within ten days, were still investigating in November 2019, with no report as of June 2021 though the VVPATs themselves were destroyed in September 2019. Hand tallies before and after 2019 had a perfect match with machine counts.