Passing Your Vote Through Security: The Rise of Risk Limiting Audits in Rhode Island
January 29, 2018
By: Eric Lynch
In the 2016 election’s aftermath, United States intelligence agencies speculated that the Russian government hacked various government entities and the major political parties in order to influence the election’s results. It was recently confirmed that twenty-one states were subject to that foreign attack. Experts cautioned states to take responsive measures since many states take little to no precaution at all.
Rhode Island, like sixteen other states, does not presently have a statutory requirement to conduct post-election audits. But on September 19, 2017, Rhode Island’s State Legislature responded to the 2016 election cycle by passing a new bill through both chambers (Senate Bill 413A and House Bill 5704A) which would begin post-election audits in 2018 and mandate them in every county by 2020. The bill received bipartisan and unanimous support, passing 36-0 in the State Senate, and 70-0 in the House of Representatives. Governor Gina Raimondo is expected to sign the legislation. The proposed legislation allows the Board of Elections to decide which elections (i.e., primary, state, multijurisdictional) are subject to a risk limiting audit or partial recount in order to verify voting results. This audit would be conducted by hand, in public view, and completed within seven days after an election.
If passed, Rhode Island would join only Colorado in requiring risk limiting post-election audits. A risk limiting audit uses statistics to limit how many ballots or machines need to be revisited in order to verify Election Day results. This differs from traditional audits because it results in far fewer ballots being audited.
In Colorado, the Secretary of State must select at least 5% of voting machines to be tested in each county. The Colorado test compares voter-verified paper records produced by machines to the votes recorded by each device on Election Day. This slightly differs from the Rhode Island process which will compare the hard copy ballots with the digital readouts from electronic voting machines. While Colorado has practiced this policy since 2014, it will become the first state to require risk limiting post-election audits in 2017. Other states, like Ohio, California, and New Mexico, conduct risk limiting audits, but they are not required.
Election security experts advocate that more states implement post-election audits because audits catch faults in the tabulation and reassure public confidence in election integrity. Opponents argue that post-election audits are time-consuming and error-prone since the process typically requires each ballot to be verified by hand. But risk limiting audits partially answer critics because these audits minimize the workload for election auditors in decreasing the amount of ballots that need to be counted in verifying results.
In signing this bill, Governor Raimondo will usher in a new election administration practice to Rhode Island even though Rhode Island was not hacked during the 2016 election. This could pave the way for other states to be proactive in their election security measures.