RSA Conference: More 2008 Election Tech Lessons Learned – Auditing
John Sebes
Election audit was the second lessons-learned topic from the RSA panel that I wrote about earlier. I illustrate with two examples.
Minnesota in 2008 showed us how to have a very auditable election process using hand-marked and machine-marked paper ballots counted by scanning machines. Minnesota and Connecticut did the first-ever election conducted with the same equipment and that same process, statewide. And if there was any doubt about feasibility and value of those states’ regular audit (to check the scanning machines’ performance by statistical sampling), the re-count in Minnesota showed how this voting method and election process to in fact enable the people to re-do the work done the first time around by the machines. It works, and it is not difficult – though of course very time consuming.
And again, the Humboldt County experience shows both the feasibility and value of audits, and some interesting limits. By recounting all of the ballots in the 2008 election, the Humboldt team found more recounted ballots than their Premier system reported, and that was the tip-off that led to discovering the software problem that lost some votes. In some sense, it was an extra-ordinary effort beyond what most election audits would do — buying a separate and independent scanning device, going through the chain of custody controls to re-scan every ballot, writing a brand new software package to interpret the scanned ballot images. Yes that effort was what discovered the Deck Zero Problem, rather than the more common partial statistical manual audit.
Both stories taught us more about the importance of auditability and machine independence — how vital it is to be able to have people re-check machines’ work and machines to check peoples’ work. And how especially important auditability is to running an election with the voting system you have at the moment, warts and all. That’s a point the David Wagner spoke on during the RSA panel, and has published repeatedly. And I think that his point goes beyond the situation where we’re using what we know to be very flawed systems. No matter how confident you may be in the future about some better voting system (soapbox alert: even if it is open source!), it will always be necessary to "trust but verify" the technology we use to conduct elections.
And as David gave as his last word "audit" my last word was "audit, yes, but transparency, yes, yes, and yes!" there is still one more lesson learned to discuss another day.
— EJS