risk limiting audits and evidence based elections
play

Risk-Limiting Audits and Evidence-Based Elections Joint - PowerPoint PPT Presentation

Sep 18, 2023 •267 likes •1.21k views

Risk-Limiting Audits and Evidence-Based Elections Joint Berkeley/Davis Statistics Colloquium Sheltered in Place Philip B. Stark 21 April 2020 University of California, Berkeley 1 Many collaborators including (most recently) Andrew Appel, Josh

  1. Risk-Limiting Audits and Evidence-Based Elections Joint Berkeley/Davis Statistics Colloquium Sheltered in Place Philip B. Stark 21 April 2020 University of California, Berkeley 1

  2. Many collaborators including (most recently) Andrew Appel, Josh Benaloh, Matt Bernhard, Michelle Blom, Andrew Conway, Rich DeMillo, Steve Evans, Amanda Glazer, Alex Halderman, Mark Lindeman, Kellie Ottoboni, Ron Rivest, Peter Ryan, Jake Spertus, Peter Stuckey, Vanessa Teague, Poorvi Vora 2

  3. https://www.youtube.com/embed/cruh2p_Wh_4 3

  4. 4

  5. 5

  6. Arguments that US elections can’t be hacked: • Physical security • Not connected to the Internet • Tested before election day • Too decentralized 6

  7. Arguments that US elections can’t be hacked: • Physical security • "sleepovers," unattended equipment in warehouses, school gyms, ... • locks use minibar keys • bad/no seal protocols, easily defeated seals • no routine scrutiny of custody logs, 2-person custody rules, ... • Not connected to the Internet • Tested before election day • Too decentralized 7

  8. Arguments that US elections can’t be hacked: • Physical security • Not connected to the Internet • remote desktop software • wifi, bluetooth, cellular modems, ... https://tinyurl.com/r8cseun • removable media used to configure equipment & transport results • Zip drives • USB drives. Stuxnet, anyone? • parts from foreign manufacturers, including China; Chinese pop songs in flash • Tested before election day • Too decentralized 8

  9. 9

  10. 10

  11. 11

  12. 12

  13. 13

  14. 14

  15. 15

  16. Arguments that US elections can’t be hacked: • Physical security • Not connected to the Internet • Tested before election day • Dieselgate, anyone? • Northampton, PA • Los Angeles, CA VSAP • Too decentralized 16

  17. 17

  18. 18

  19. 19

  20. 20

  21. Arguments that US elections can’t be hacked: • Physical security • Not connected to the Internet • Tested before election day • Too decentralized • market concentrated: few vendors/models in use • vendors & EAC have been hacked • demonstration viruses that propagate across voting equipment • “mom & pop” contractors program thousands of machines, no IT security • changing presidential race requires changing votes in only a few counties • small number of contractors for election reporting • many weak links 21

  22. Security properties of paper • tangible/accountable • tamper evident • human readable • large alteration/substitution attacks generally require many accomplices 22

  23. Security properties of paper • tangible/accountable • tamper evident • human readable • large alteration/substitution attacks generally require many accomplices Not all paper is trustworthy: How paper is marked, curated, tabulated, & audited are crucial. 22

  24. 23

  25. 24

  26. 25

  27. Did the reported winner really win? • Procedure-based vs. evidence-based elections • sterile scalpel v. patient’s condition 26

  28. Did the reported winner really win? • Procedure-based vs. evidence-based elections • sterile scalpel v. patient’s condition • Any way of counting votes can make mistakes • Every electronic system is vulnerable to bugs, configuration errors, & hacking • Did error/bugs/hacking cause losing candidate(s) to appear to win? 26

  29. Evidence-Based Elections (Stark & Wagner, 2012) Election officials should provide convincing public evidence that reported outcomes are correct. 27

  30. Evidence-Based Elections (Stark & Wagner, 2012) Election officials should provide convincing public evidence that reported outcomes are correct. Absent such evidence, there should be a new election. 27

  31. Risk-Limiting Audits (RLAs, Stark, 2008) • If there’s a trustworthy voter-verified paper trail, can check whether reported winner really won. • If you accept a controlled “risk” of not correcting the reported outcome if it is wrong, typically don’t need to look at many ballots if outcome is right. 28

  32. A risk-limiting audit has a known minimum chance of correcting the reported outcome if the reported outcome is wrong (& doesn’t alter correct outcomes). 29

  33. A risk-limiting audit has a known minimum chance of correcting the reported outcome if the reported outcome is wrong (& doesn’t alter correct outcomes). Risk limit : largest possible chance of not correcting reported outcome, if reported outcome is wrong. 29

  34. A risk-limiting audit has a known minimum chance of correcting the reported outcome if the reported outcome is wrong (& doesn’t alter correct outcomes). Risk limit : largest possible chance of not correcting reported outcome, if reported outcome is wrong. Wrong means accurate handcount of trustworthy paper would find different winner(s). 29

  35. A risk-limiting audit has a known minimum chance of correcting the reported outcome if the reported outcome is wrong (& doesn’t alter correct outcomes). Risk limit : largest possible chance of not correcting reported outcome, if reported outcome is wrong. Wrong means accurate handcount of trustworthy paper would find different winner(s). Establishing whether paper trail is trustworthy involves other processes, generically, compliance audits 29

  36. RLA pseudo-algorithm while (!(full handcount) && !(strong evidence outcome is correct)) { examine more ballots } 30

  37. RLA pseudo-algorithm while (!(full handcount) && !(strong evidence outcome is correct)) { examine more ballots } if (full handcount) { handcount result is final } 30

  38. 31

  39. Risk-Limiting Audits • Endorsed by NASEM, PCEA, ASA, LWV, CC, VV, . . . 32

  40. Role of math/stat • Get evidence about the population of cast ballots from a random sample. • Guarantee a large chance of correcting wrong outcomes; minimize work if the outcome is correct. • When can you stop inspecting ballots? • When there’s strong evidence that a full hand count is pointless 33

  41. • Null hypothesis: reported outcome is wrong. • Significance level (Type I error rate) is “risk” • Frame the hypothesis quantitatively: necessary and sufficient conditions 34

  42. SHANGRLA: Sets of Half-Average Nulls Generate Risk-Limiting Audits b i is i th ballot card, N cards in all. � 1 , ballot i has a mark for candidate 1 candidate ( b i ) ≡ 0 , otherwise. A Alice , Bob ( b i ) ≡ 1 Alice ( b i ) − 1 Bob ( b i ) + 1 ≥ 0 . 2 mark for Alice but not Bob, A Alice , Bob ( b i ) = 1. mark for Bob but not Alice, A Alice , Bob ( b i ) = 0. marks for both (overvote) or neither (undervote) or doesn’t contain contest, A Alice , Bob ( b i ) = 1 / 2. 35

  43. N Alice , Bob ≡ 1 ¯ A b � A Alice , Bob ( b i ) . N i =1 Mean of a finite nonnegative list of N numbers. Alice won iff ¯ A b Alice , Bob > 1 / 2. 36

  44. Plurality & Approval Voting K ≥ 1 winners, C > K candidates in all. Candidates { w k } K k =1 are reported winners. Candidates { ℓ j } C − K reported losers. j =1 37

  45. Plurality & Approval Voting K ≥ 1 winners, C > K candidates in all. Candidates { w k } K k =1 are reported winners. Candidates { ℓ j } C − K reported losers. j =1 Outcome correct iff ¯ A b w k ,ℓ j > 1 / 2 , for all 1 ≤ k ≤ K , 1 ≤ j ≤ C − K K ( C − K ) inequalities. 37

  46. Plurality & Approval Voting K ≥ 1 winners, C > K candidates in all. Candidates { w k } K k =1 are reported winners. Candidates { ℓ j } C − K reported losers. j =1 Outcome correct iff ¯ A b w k ,ℓ j > 1 / 2 , for all 1 ≤ k ≤ K , 1 ≤ j ≤ C − K K ( C − K ) inequalities. Same approach works for D’Hondt & other proportional representation schemes. (Stark & Teague 2015) 37

  47. Super-majority f ∈ (1 / 2 , 1]. Alice won iff (votes for Alice) > f × ((valid votes for Alice) + (valid votes for everyone else)) Set  1 2 f , b i has a mark for Alice and no one else    A ( b i ) ≡ 0 , b i has a mark for exactly one candidate, not Alice  1 2 , otherwise .   Alice won iff A b > 1 / 2 . ¯ 38

  48. Borda count, STAR-Voting, & other additive weighted schemes Winner is the candidate who gets most “points” in total. s Alice ( b i ): Alice’s score on ballot i . s cand ( b i ): another candidate’s score on ballot i . s + : upper bound on the score any candidate can get on a ballot. Alice beat the other candidate iff Alice’s total score is bigger than theirs: A Alice , c ( b i ) ≡ s Alice ( b i ) − s c ( b i ) + s + . 2 s + Alice won iff ¯ A b Alice , c > 1 / 2 for every other candidate c. 39

  49. Ranked-Choice Voting, Instant-Runoff Voting (RCV/IRV) 2 types of assertions together give sufficient (not necessary) conditions (Blom et al. 2018): 1. Candidate i has more first-place ranks than candidate j has total mentions. 2. After a set of candidates E have been eliminated from consideration, candidate i is ranked higher than candidate j on more ballots than vice versa . A b > 1 / 2. Both can be written ¯ Finite set of such assertions implies reported outcome is right. More than one set suffices; can optimize expected workload. 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Evidence-Based Elections: The Role of Risk-Limiting Audits Election Integrity in the Networked

Evidence-Based Elections: The Role of Risk-Limiting Audits Election Integrity in the Networked

Evidence-Based Elections: The Role of Risk-Limiting Audits Election Integrity in the Networked Information Era Georgetown Law Washington, DC Philip B. Stark 7 February 2020 University of California, Berkeley 1 Arguments that US elections

489 views • 33 slides
Implementing Risk-Limiting Post-Election Audits in California J.L. Hall 1 , 2 L.W. Miratrix 3 P.B.

Implementing Risk-Limiting Post-Election Audits in California J.L. Hall 1 , 2 L.W. Miratrix 3 P.B.

Risk-Limiting Audits Defined Risk-Limiting Audits in CA Discussion Simpler Risk-Limiting Audits? Conclusions Implementing Risk-Limiting Post-Election Audits in California J.L. Hall 1 , 2 L.W. Miratrix 3 P.B. Stark 3 M. Briones 4 E. Ginnold 4

631 views • 23 slides
Risk-Limiting Audits Joint Mathematical Meetings Denver, CO Philip B. Stark 17 January 2020

Risk-Limiting Audits Joint Mathematical Meetings Denver, CO Philip B. Stark 17 January 2020

Risk-Limiting Audits Joint Mathematical Meetings Denver, CO Philip B. Stark 17 January 2020 University of California, Berkeley 1 Many collaborators including (most recently) Andrew Appel, Josh Benaloh, Matt Bernhard, Rich DeMillo, Steve

896 views • 72 slides
Risk-Limiting Audits Michigan Association of Municipal Clerks The Internet Philip B. Stark

Risk-Limiting Audits Michigan Association of Municipal Clerks The Internet Philip B. Stark

Risk-Limiting Audits Michigan Association of Municipal Clerks The Internet Philip B. Stark Department of Statistics, University of California, Berkeley 11 June 2020 Why audit? Why audit? Any way of counting votes can make mistakes

387 views • 23 slides
Evidence-Based Elections CDAR Risk Seminar Philip B. Stark 15 September 2020 University of

Evidence-Based Elections CDAR Risk Seminar Philip B. Stark 15 September 2020 University of

Evidence-Based Elections CDAR Risk Seminar Philip B. Stark 15 September 2020 University of California, Berkeley 1 Many collaborators including (most recently) Andrew Appel, Josh Benaloh, Matt Bernhard, Michelle Blom, Andrew Conway, Rich

1.12k views • 100 slides
Evidence-Based Elections Influencers Salon Philip B. Stark 10 October 2020 University of

Evidence-Based Elections Influencers Salon Philip B. Stark 10 October 2020 University of

Evidence-Based Elections Influencers Salon Philip B. Stark 10 October 2020 University of California, Berkeley 1 Many collaborators including (most recently) Andrew Appel, Josh Benaloh, Matt Bernhard, Michelle Blom, Andrew Conway, Rich

1.11k views • 66 slides
How to Conduct a Human Resource Risk Audit Michele Arseneau, PHR, SHRM-CP HR Consultant Course

How to Conduct a Human Resource Risk Audit Michele Arseneau, PHR, SHRM-CP HR Consultant Course

How to Conduct a Human Resource Risk Audit Michele Arseneau, PHR, SHRM-CP HR Consultant Course Objectives What are HR Risk Audits Benefits of an HR Risk Audits Types of HR Risk Audits Tools to conduct HR Risk Audits What is an

272 views • 26 slides
Trustworthy Elections: Evidence and Dispute Resolution 2019 Def Con Las Vegas, NV Philip B.

Trustworthy Elections: Evidence and Dispute Resolution 2019 Def Con Las Vegas, NV Philip B.

Trustworthy Elections: Evidence and Dispute Resolution 2019 Def Con Las Vegas, NV Philip B. Stark 9 August 2019 University of California, Berkeley 1 Suitably designed and operated paper-based voting systems can be strongly software

598 views • 39 slides
Do audits deter future non-compliance? Evidence on Self-Employed Taxpayers Sebastian Beer,

Do audits deter future non-compliance? Evidence on Self-Employed Taxpayers Sebastian Beer,

Do audits deter future non-compliance? Evidence on Self-Employed Taxpayers Sebastian Beer, Matthias Kasper, Erich Kirchler, and Brian Erard November 11, 2016 Do audits deter future non-compliance? What happens when you experience an audit?

359 views • 20 slides
Procurement and Contract Audit CIPFAs Risk based approach to planning audits and the work of

Procurement and Contract Audit CIPFAs Risk based approach to planning audits and the work of

Procurement and Contract Audit CIPFAs Risk based approach to planning audits and the work of the Procurement and Contract Audit Forum [ PACAF] By : Ken Odgers By : Ken Odgers cipfa.org.uk Overview Background to the birth of PACAF;

465 views • 34 slides
Evidence-Based Risk Communication and Pipeline Public Awareness Matthew Babcock, PhD Wider Lens

Evidence-Based Risk Communication and Pipeline Public Awareness Matthew Babcock, PhD Wider Lens

Evidence-Based Risk Communication and Pipeline Public Awareness Matthew Babcock, PhD Wider Lens Research LLC Pipeline Safety Trust - Annual Conference November 2, 2017 1 Todays Presentation 1. Challenges and importance of successful risk

552 views • 18 slides
Addiction: Will New State Policies Help or Hurt? Medicaid Evidence-Based Decisions Project June

Addiction: Will New State Policies Help or Hurt? Medicaid Evidence-Based Decisions Project June

Limiting the Duration of Medication Assisted Treatment for Opioid Addiction: Will New State Policies Help or Hurt? Medicaid Evidence-Based Decisions Project June 25, 2014 Supported by National Institute of Drug Abuse grant number R01DA029741

217 views • 21 slides
Understanding Risk: towards an evidence based approach to regulatory policy development Claire

Understanding Risk: towards an evidence based approach to regulatory policy development Claire

www.gdc-uk.org www.gdc-uk.org Understanding Risk: towards an evidence based approach to regulatory policy development Claire Herbert & Guy Rubin General Dental Council IAMRA London 2014 11th INTERNATIONAL CONFERENCE ON MEDICAL REGULATION

393 views • 27 slides
1 The High Value High Risk, or HVHR, assessments were critical inputs to government decisions for

1 The High Value High Risk, or HVHR, assessments were critical inputs to government decisions for

The Auditor-General provides assurance to Parliament on the accountability and performance of the Victorian Public Sector. The Auditor-General conducts financial audits and performance audits, and reports on the results of these audits to

239 views • 13 slides
1J DATED this 3 -day of October, 2011. ) Interim Director ORDER LIMITING PRESENTATION OF

1J DATED this 3 -day of October, 2011. ) Interim Director ORDER LIMITING PRESENTATION OF

BEFORE THE DEPARTMENT OF WATER RESOURCES FOR THE STATE OF IDAHO IN THE MATTER OF APPLICATION ORDER LIMITING ) FOR PERMIT NO. 63-32573, IN THE ) PRESENTATION OF NAME OF M3 EAGLE ASSIGNED ) EVIDENCE AT TO THE CITY OF EAGLE 1 ) SUPPLEMENTAL

292 views • 3 slides
Evidence Based Policy? Evidence Based Policy? 27/02/2005 Carcinogen in Baby Food Analytical

Evidence Based Policy? Evidence Based Policy? 27/02/2005 Carcinogen in Baby Food Analytical

Free Trade has to be Safe Trade Free Trade has to be Safe Trade WTO WTO Risk Communication Risk Perception and Human Behavior SPS SPS Dr. Patrick Wall UCD School of Public Health & Population Sciences patrick.wall@ucd.ie Sunday

300 views • 6 slides
Reforming Master Programmes in Finance in Armenia and Moldova/REFINE An Erasmus+ Capacity

Reforming Master Programmes in Finance in Armenia and Moldova/REFINE An Erasmus+ Capacity

Reforming Master Programmes in Finance in Armenia and Moldova/REFINE An Erasmus+ Capacity Building Project (2017-2020) Topic: Course Package State and Corporate Auditing Speaker: Tatiana Cerga , PhD, Associate Professor General information

333 views • 31 slides
Client Information Session May 2017 Introduction Time Topic Presenter 30 min Audit Update

Client Information Session May 2017 Introduction Time Topic Presenter 30 min Audit Update

Client Information Session May 2017 Introduction Time Topic Presenter 30 min Audit Update part 1 Rod Whitehead, Auditor-General Submission of financial statements Enhanced audit opinions Performance reporting Use of

591 views • 47 slides
PRE-AUDIT REPORT TO THE AUDIT & COMPLIANCE COMMITTEE MAY 2, 2017 BKD, LLP MARY MCKINLEY,

PRE-AUDIT REPORT TO THE AUDIT & COMPLIANCE COMMITTEE MAY 2, 2017 BKD, LLP MARY MCKINLEY,

PRE-AUDIT REPORT TO THE AUDIT & COMPLIANCE COMMITTEE MAY 2, 2017 BKD, LLP MARY MCKINLEY, PARTNER JOANIE DUCKWORTH, DIRECTOR 1 // experience access PRE-AUDIT REPORT SUMMARY Auditors Responsibility Obtain reasonable, but not absolute,

177 views • 7 slides
President Club Officer Training Agenda President President President Role

President Club Officer Training Agenda President President President Role

President Club Officer Training Agenda President President President Role Responsibilities Resources www.toastmasters.org Session Objectives Identify your role Fulfill your responsibilities Find resources that help

546 views • 21 slides
1 We will start with a reminder of the F8 exam structure which has been in place since September

1 We will start with a reminder of the F8 exam structure which has been in place since September

1 We will start with a reminder of the F8 exam structure which has been in place since September 2016. Section A is comprised of 3 OT cases, which are mini scenarios, for each scenario there are then 5 related objective test questions each

350 views • 11 slides
Welcome Service Desk Standard Event We hope you have a nice day! SDI Team @SDI_Insititute

Welcome Service Desk Standard Event We hope you have a nice day! SDI Team @SDI_Insititute

Welcome Service Desk Standard Event We hope you have a nice day! SDI Team @SDI_Insititute #SDIEvents www.servicedeskinstitute.com What youll learn today: About the SDI Service Desk Standard and the benefits of aligning to it An

510 views • 16 slides
AUDITING REVENUES FROM NATURAL RESOURCE EXTRACTION NEW GUIDANCE FOR AUDITORS Pierre

AUDITING REVENUES FROM NATURAL RESOURCE EXTRACTION NEW GUIDANCE FOR AUDITORS Pierre

AUDITING REVENUES FROM NATURAL RESOURCE EXTRACTION NEW GUIDANCE FOR AUDITORS Pierre Frchette Research Officer 3 rd WGEI Annual Meeting Mombasa, Kenya August 2016 Overview 1 What is CCAF? The Practice Guide Series Current

384 views • 26 slides
1 andat least 25% of the NFAs that do not involve remedial action must be selected Tier I

1 andat least 25% of the NFAs that do not involve remedial action must be selected Tier I

Audits of NFA Letters 1 OAC 3745-300-14 Certified Professional 8-Hour Training Audits of NFAs 2 Performed annually on NFA letters submitted during the prior calendar year in request of a CNS Performed by the Ohio EPA Required by

395 views • 3 slides

More recommend