New York, NY, October 13, 2022 – The Association for Computing Machinery’s global Technology Policy Council (TPC) has released "Election Security: Risk-Limiting Audits.” It is the latest in a series of ACM TechBriefs—short technical bulletins that present scientifically grounded perspectives on the impact of specific technological developments in computing.
“Election Security: Risk-Limiting Audits” defines an “RLA” as a process by which humans can ensure within a specified risk tolerance that the computerized tallies of paper ballots are correct by examining a random sample of paper ballots by hand.
This new ACM TechBrief was written to call attention to a specific problem: although risk-limiting audits are a highly accurate, efficient, and economical means of confirming the accuracy of election outcomes, they are infrequently used in the United States and almost never elsewhere in the world.
Specifically, while RLA’s were introduced in 2008 (and will be used in the US general election this year), only five states will require RLAs in November’s US elections. Just ten additional states either have RLA pilot programs or permit their use. Outside the US, Denmark is the only other country to have conducted an RLA of an actual election.
Among the important considerations listed in the “Policy Implications” section of the TechBrief, the TPC authors note that because multiple RLA techniques are available—each of which may have different requirements—the laws, regulations, and policies governing their use must be appropriately flexible. The TechBrief also underscores that RLAs require paper ballots. Therefore, governments hoping to use RLAs in the future must not adopt internet or paperless electronic voting systems.
"Risk-limiting audits have seen modest growth in their use within the United States, but they should be more widespread,” says Matthew Bernhard, a research engineer at the non-profit organization VotingWorks and co-lead author of the new ACM TechBrief. “Computerized ballot scanners, while providing enormous benefits to the speed of tallying ballots, are vulnerable to misconfiguration and hacking. Counting millions of complex ballots by hand is impractical, however. RLAs give us the best of both worlds: a high degree of accuracy and transparency without the enormous undertaking that is counting every contest on every ballot by hand. As we saw in Georgia in 2020, they can be an important tool for election officials to provide more transparency and robust analysis of election processes, as they surface issues that other post-election auditing techniques miss. We hope this TechBrief serves as a jumping off point to a wide audience of decision-makers and stakeholders to promote more widespread adoption of RLAs in the United States and beyond."
"The news is full of discussions around election integrity and security for the upcoming mid-term elections," added Dan S. Wallach, a Professor of Computer Science and Electrical and Computer Engineering at Rice University and a co-lead author of the new ACM TechBrief. "Improving election integrity doesn't need to be a partisan argument. With straightforward tools like risk-limiting audits, election officials can increase public assurance that election outcomes are correct, even in the face of hypothetical corruption or tampering with computerized tabulation systems. This TechBrief helps explain how risk-limiting audits work and will assist the public dialogue to hasten their adoption."
The key conclusions of “Election Security: Risk Limiting Audits” are:
- RLAs are a powerful, efficient means to assure election accuracy and encourage public confidence in their certified results.
- RLAs mitigate the risk of software bugs, procedural mistakes, and security flaws in electronic tallying systems by permitting randomly sampled paper ballots to be checked against their electronic equivalents but are not possible with internet or paperless electronic voting systems.
- While the use of RLAs has been increasing, many more jurisdictions potentially could benefit from their adoption.
ACM’s TechBriefs are designed to complement ACM’s activities in the policy arena and to inform policymakers, the public, and others about the nature and implications of information technologies. As with other TechBriefs in the ACM series, “Election Security: Risk Limiting Audits,” includes an overview of the major policy implications of the technology, key statistics to put the issues in context, a narrative introduction to educate the general public, and key conclusions. Previous ACM TechBriefs focused on climate change, facial recognition, smart cities, and quantum simulation. Topics under consideration for future issues include AI and trust, encryption security, media disinformation, content filtering, blockchain, accessibility and more.
About the ACM Technology Policy Council
ACM’s global Technology Policy Council sets the agenda for global initiatives to address evolving technology policy issues and coordinates the activities of ACM's regional technology policy committees in the US and Europe. It serves as the central convening point for ACM's interactions with government organizations, the computing community, and the public in all matters of public policy related to computing and information technology. The Council’s members are drawn from ACM's global membership.
ACM, the Association for Computing Machinery, is the world’s largest educational and scientific computing society, uniting computing educators, researchers, and professionals to inspire dialogue, share resources and address the field’s challenges. ACM strengthens the computing profession’s collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.