risk limiting audits
play

Risk-Limiting Audits Joint Mathematical Meetings Denver, CO Philip - PowerPoint PPT Presentation

Sep 28, 2023 •175 likes •896 views

Risk-Limiting Audits Joint Mathematical Meetings Denver, CO Philip B. Stark 17 January 2020 University of California, Berkeley 1 Many collaborators including (most recently) Andrew Appel, Josh Benaloh, Matt Bernhard, Rich DeMillo, Steve

  1. Risk-Limiting Audits Joint Mathematical Meetings Denver, CO Philip B. Stark 17 January 2020 University of California, Berkeley 1

  2. Many collaborators including (most recently) Andrew Appel, Josh Benaloh, Matt Bernhard, Rich DeMillo, Steve Evans, Alex Halderman, Mark Lindeman, Kellie Ottoboni, Ron Rivest, Peter Ryan, Vanessa Teague, Poorvi Vora 2

  3. https://www.youtube.com/embed/cruh2p_Wh_4 3

  4. 4

  5. 5

  6. Arguments that US elections can’t be hacked: • Physical security • Not connected to the Internet • Tested before election day • Too decentralized 6

  7. Arguments that US elections can’t be hacked: • Physical security • "sleepovers," unattended equipment in warehouses, school gyms, ... • locks use minibar keys • bad/no seal protocols, easily defeated seals • no routine scrutiny of custody logs, 2-person custody rules, ... • Not connected to the Internet • Tested before election day • Too decentralized 7

  8. Arguments that US elections can’t be hacked: • Physical security • Not connected to the Internet • remote desktop software • wifi, bluetooth, cellular modems, ... https://tinyurl.com/r8cseun • removable media used to configure equipment & transport results • Zip drives • USB drives. Stuxnet, anyone? • parts from foreign manufacturers, including China; Chinese pop songs in flash • Tested before election day • Too decentralized 8

  9. 9

  10. 10

  11. 11

  12. 12

  13. 13

  14. 14

  15. Arguments that US elections can’t be hacked: • Physical security • Not connected to the Internet • Tested before election day • Dieselgate, anyone? • Northampton, PA • Too decentralized 15

  16. 16

  17. 17

  18. 18

  19. Arguments that US elections can’t be hacked: • Physical security • Not connected to the Internet • Tested before election day • Too decentralized • market concentrated: few vendors/models in use • vendors & EAC have been hacked • demonstration viruses that propagate across voting equipment • “mom & pop” contractors program thousands of machines, no IT security • changing presidential race requires changing votes in only a few counties • small number of contractors for election reporting • many weak links 19

  20. Security properties of paper • tangible/accountable • tamper evident • human readable • large alteration/substitution attacks generally require many accomplices 20

  21. Security properties of paper • tangible/accountable • tamper evident • human readable • large alteration/substitution attacks generally require many accomplices Not all paper is trustworthy: How paper is marked, curated, tabulated, & audited are crucial. 20

  22. 21

  23. 22

  24. 23

  25. Did the reported winner really win? • Procedure-based vs. evidence-based elections • sterile scalpel v. patient’s condition 24

  26. Did the reported winner really win? • Procedure-based vs. evidence-based elections • sterile scalpel v. patient’s condition • Any way of counting votes can make mistakes • Every electronic system is vulnerable to bugs, configuration errors, & hacking • Did error/bugs/hacking cause losing candidate(s) to appear to win? 24

  27. Evidence-Based Elections (Stark & Wagner, 2012) Election officials should provide convincing public evidence that reported outcomes are correct. 25

  28. Evidence-Based Elections (Stark & Wagner, 2012) Election officials should provide convincing public evidence that reported outcomes are correct. Absent such evidence, there should be a new election. 25

  29. Risk-Limiting Audits (RLAs, Stark, 2008) • If there’s a trustworthy voter-verified paper trail, can check whether reported winner really won. • If you accept a controlled “risk” of not correcting the reported outcome if it is wrong, typically don’t need to look at many ballots if outcome is right. 26

  30. A risk-limiting audit has a known minimum chance of correcting the reported outcome if the reported outcome is wrong (& doesn’t alter correct outcomes). 27

  31. A risk-limiting audit has a known minimum chance of correcting the reported outcome if the reported outcome is wrong (& doesn’t alter correct outcomes). Risk limit : largest possible chance of not correcting reported outcome, if reported outcome is wrong. 27

  32. A risk-limiting audit has a known minimum chance of correcting the reported outcome if the reported outcome is wrong (& doesn’t alter correct outcomes). Risk limit : largest possible chance of not correcting reported outcome, if reported outcome is wrong. Wrong means accurate handcount of trustworthy paper would find different winner(s) 27

  33. A risk-limiting audit has a known minimum chance of correcting the reported outcome if the reported outcome is wrong (& doesn’t alter correct outcomes). Risk limit : largest possible chance of not correcting reported outcome, if reported outcome is wrong. Wrong means accurate handcount of trustworthy paper would find different winner(s) Establishing whether paper trail is trustworthy involves other processes, generically, compliance audits 27

  34. RLA pseudo-algorithm while (!(full handcount) && !(strong evidence outcome is correct)) { examine more ballots } 28

  35. RLA pseudo-algorithm while (!(full handcount) && !(strong evidence outcome is correct)) { examine more ballots } if (full handcount) { handcount result is final } 28

  36. 29

  37. Risk-Limiting Audits • Endorsed by NASEM, PCEA, ASA, LWV, CC, VV, . . . 30

  38. Role of math/stat • Get evidence about the population of cast ballots from a random sample. • Guarantee a large chance of correcting wrong outcomes; minimize work if the outcome is correct. • When can you stop inspecting ballots? • When there’s strong evidence that a full hand count is pointless 31

  39. • Null hypothesis: reported outcome is wrong. • Significance level (Type I error rate) is “risk” • Frame the hypothesis quantitatively. 32

  40. b i is i th ballot card, N cards in all. � 1 , ballot i has a mark for candidate 1 candidate ( b i ) ≡ 0 , otherwise. A Alice , Bob ( b i ) ≡ (1 Alice ( b i ) − 1 Bob ( b i ) + 1) / 2 . mark for Alice but not Bob, A Alice , Bob ( b i ) = 1. mark for Bob but not Alice, A Alice , Bob ( b i ) = 0. marks for both (overvote) or neither (undervote) or doesn’t contain contest, A Alice , Bob ( b i ) = 1 / 2. 33

  41. N Alice , Bob ≡ 1 ¯ A b � A Alice , Bob ( b i ) . N i =1 Mean of a finite nonnegative list of N numbers. Alice won iff ¯ A b Alice , Bob > 1 / 2. 34

  42. Plurality & Approval Voting K ≥ 1 winners, C > K candidates in all. Candidates { w k } K k =1 are reported winners. Candidates { ℓ j } C − K reported losers. j =1 35

  43. Plurality & Approval Voting K ≥ 1 winners, C > K candidates in all. Candidates { w k } K k =1 are reported winners. Candidates { ℓ j } C − K reported losers. j =1 Outcome correct iff ¯ A b w k ,ℓ j > 1 / 2 , for all 1 ≤ k ≤ K , 1 ≤ j ≤ C − K K ( C − K ) inequalities. 35

  44. Plurality & Approval Voting K ≥ 1 winners, C > K candidates in all. Candidates { w k } K k =1 are reported winners. Candidates { ℓ j } C − K reported losers. j =1 Outcome correct iff ¯ A b w k ,ℓ j > 1 / 2 , for all 1 ≤ k ≤ K , 1 ≤ j ≤ C − K K ( C − K ) inequalities. Same approach works for D’Hondt & other proportional representation schemes. (Stark & Teague 2015) 35

  45. Super-majority f ∈ (1 / 2 , 1]. Alice won iff (votes for Alice) > f × ((valid votes for Alice) + (valid votes for everyone else)) (1 − f ) × (votes for Alice) > f × (votes for everyone else) ,  1 2 f , b i has a mark for Alice and no one else    A ( b i ) ≡ 0 , b i has a mark for exactly one candidate, not Alice  1 2 , otherwise .   Alice won iff A b > 1 / 2 . ¯ 36

  46. Borda count, STAR-Voting, & other additive weighted schemes Winner is the candidate who gets most “points” in total. s Alice ( b i ): Alice’s score on ballot i . s cand ( b i ): another candidate’s score on ballot i . s + : upper bound on the score any candidate can get on a ballot. Alice beat the other candidate iff Alice’s total score is bigger than theirs: A Alice , cand ( b i ) ≡ ( s Alice ( b i ) − s cand ( b i ) + s + ) / (2 s + ) Alice won iff ¯ A b Alice , cand > 1 / 2 for every other candidate. 37

  47. Ranked-Choice Voting, Instant-Runoff Voting (RCV/IRV) 2 types of assertions together give sufficient conditions (Blom et al. 2018): 1. Candidate i has more first-place ranks than candidate j has total mentions. 2. After a set of candidates E have been eliminated from consideration, candidate i is ranked higher than candidate j on more ballots than vice versa . A b > 1 / 2. Both can be written ¯ Finite set of such assertions implies reported outcome is right. (Sufficient but not necessary.) 38

  48. Auditing assertions A b ≤ 1 / 2. Test complementary null hypothesis ¯ • Audit until either all complementary null hypotheses about a contest are rejected at significance level α or until all ballots have been tabulated by hand. • Yields a RLA of the contest in question at risk limit α . • No multiplicity adjustment needed. 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Implementing Risk-Limiting Post-Election Audits in California J.L. Hall 1 , 2 L.W. Miratrix 3 P.B.

Implementing Risk-Limiting Post-Election Audits in California J.L. Hall 1 , 2 L.W. Miratrix 3 P.B.

Risk-Limiting Audits Defined Risk-Limiting Audits in CA Discussion Simpler Risk-Limiting Audits? Conclusions Implementing Risk-Limiting Post-Election Audits in California J.L. Hall 1 , 2 L.W. Miratrix 3 P.B. Stark 3 M. Briones 4 E. Ginnold 4

631 views • 23 slides
Evidence-Based Elections: The Role of Risk-Limiting Audits Election Integrity in the Networked

Evidence-Based Elections: The Role of Risk-Limiting Audits Election Integrity in the Networked

Evidence-Based Elections: The Role of Risk-Limiting Audits Election Integrity in the Networked Information Era Georgetown Law Washington, DC Philip B. Stark 7 February 2020 University of California, Berkeley 1 Arguments that US elections

489 views • 33 slides
Risk-Limiting Audits Michigan Association of Municipal Clerks The Internet Philip B. Stark

Risk-Limiting Audits Michigan Association of Municipal Clerks The Internet Philip B. Stark

Risk-Limiting Audits Michigan Association of Municipal Clerks The Internet Philip B. Stark Department of Statistics, University of California, Berkeley 11 June 2020 Why audit? Why audit? Any way of counting votes can make mistakes

387 views • 23 slides
Risk-Limiting Audits and Evidence-Based Elections Joint Berkeley/Davis Statistics Colloquium

Risk-Limiting Audits and Evidence-Based Elections Joint Berkeley/Davis Statistics Colloquium

Risk-Limiting Audits and Evidence-Based Elections Joint Berkeley/Davis Statistics Colloquium Sheltered in Place Philip B. Stark 21 April 2020 University of California, Berkeley 1 Many collaborators including (most recently) Andrew Appel, Josh

1.21k views • 93 slides
How to Conduct a Human Resource Risk Audit Michele Arseneau, PHR, SHRM-CP HR Consultant Course

How to Conduct a Human Resource Risk Audit Michele Arseneau, PHR, SHRM-CP HR Consultant Course

How to Conduct a Human Resource Risk Audit Michele Arseneau, PHR, SHRM-CP HR Consultant Course Objectives What are HR Risk Audits Benefits of an HR Risk Audits Types of HR Risk Audits Tools to conduct HR Risk Audits What is an

272 views • 26 slides
1 The High Value High Risk, or HVHR, assessments were critical inputs to government decisions for

1 The High Value High Risk, or HVHR, assessments were critical inputs to government decisions for

The Auditor-General provides assurance to Parliament on the accountability and performance of the Victorian Public Sector. The Auditor-General conducts financial audits and performance audits, and reports on the results of these audits to

239 views • 13 slides
CASE STUDY III EVALUATING MODEL RISK WITHIN THE BLACKSCHOLES FRAMEWORK Limiting Model Risk

CASE STUDY III EVALUATING MODEL RISK WITHIN THE BLACKSCHOLES FRAMEWORK Limiting Model Risk

CASE STUDY III EVALUATING MODEL RISK WITHIN THE BLACKSCHOLES FRAMEWORK Limiting Model Risk by Short-Selling Constraints Outline for case study III Samuelson (BlackScholes) model Exotic options, unlimited short positions

387 views • 38 slides
Attorney-Client Privilege at Risk in Investigations and Audits Preserving Confidential

Attorney-Client Privilege at Risk in Investigations and Audits Preserving Confidential

Presenting a live 90-minute webinar with interactive Q&A Attorney-Client Privilege at Risk in Investigations and Audits Preserving Confidential Information, Safeguarding Work Product, and Avoiding Inadvertent Disclosure TUESDAY, AUGUST 25,

880 views • 74 slides
Attorney-Client Privilege at Risk in Investigations and Audits Preserving Confidential

Attorney-Client Privilege at Risk in Investigations and Audits Preserving Confidential

Presenting a live 90-minute webinar with interactive Q&A Attorney-Client Privilege at Risk in Investigations and Audits Preserving Confidential Information, Safeguarding Work Product, Avoiding Inadvertent Disclosure WEDNESDAY, SEPTEMBER 14,

826 views • 67 slides
Performance Audits and Risk Assessments The Institute of Internal Auditors Beach Cities Chapter

Performance Audits and Risk Assessments The Institute of Internal Auditors Beach Cities Chapter

Performance Audits and Risk Assessments The Institute of Internal Auditors Beach Cities Chapter Presented By: Jim Godsey, Partner Mark Cousineau, Senior Manager March 19, 2015 Agenda Introductions and Overview What is a Performance

292 views • 27 slides
Spatiospectral limiting on Boolean cubes Jubilee of Fourier Analysis and Applications, NWC at

Spatiospectral limiting on Boolean cubes Jubilee of Fourier Analysis and Applications, NWC at

Spatiospectral limiting on Boolean cubes Jubilee of Fourier Analysis and Applications, NWC at UMD, 2019 joint work with Jeff Hogan Spatiospectral limiting Overview 1. Review: Time and band limiting: on R , Z and Z N 2. Spatio-spectral

633 views • 42 slides
2018 Risk-Limiting Audit Pilots Orange County Registrar of Voters Profile of Orange County

2018 Risk-Limiting Audit Pilots Orange County Registrar of Voters Profile of Orange County

2018 Risk-Limiting Audit Pilots Orange County Registrar of Voters Profile of Orange County 3 million+ residents Approx. 1.6 million voters 948 square miles 34 cities 26 special districts 32 school districts

123 views • 11 slides
Form 941: Compliance Challenges and Intensified IRS Audits and Intensified IRS Audits Avoiding

Form 941: Compliance Challenges and Intensified IRS Audits and Intensified IRS Audits Avoiding

Presenting a live 110 minute teleconference with interactive Q&A Form 941: Compliance Challenges and Intensified IRS Audits and Intensified IRS Audits Avoiding Errors That Trigger Costly Penalties and Documenting a Solid Case for Examiners

1.18k views • 96 slides
Differential Privacy and the Right to be Forgotten Cynthia Dwork, Microsoft Research Limiting

Differential Privacy and the Right to be Forgotten Cynthia Dwork, Microsoft Research Limiting

Differential Privacy and the Right to be Forgotten Cynthia Dwork, Microsoft Research Limiting Prospective Use } Lampsons approach empowers me to limit the use of my data, prospectively Limiting Future Use: Raw Data Limiting Future Use: Raw

638 views • 21 slides
Limiting Liability for COVID-19 Transmission June 10, 2020 Limiting Liability for COVID-19

Limiting Liability for COVID-19 Transmission June 10, 2020 Limiting Liability for COVID-19

Limiting Liability for COVID-19 Transmission June 10, 2020 Limiting Liability for COVID-19 Transmission June 10, 2020 Welcome We hope you are keeping well and safe. Fasken is committed to providing legal insight into the new and changing

586 views • 25 slides
1 We might not always see them, but regulations the rules government imposes on businesses and

1 We might not always see them, but regulations the rules government imposes on businesses and

The Auditor-General provides assurance to Parliament on the accountability and performance of the Victorian Public Sector. The Auditor-General conducts financial audits and performance audits, and reports on the results of these audits to

672 views • 16 slides
CoLL-Saigawa Nao Hirokawa (JAIST) Kiraku Shintani (JAIST) CoLL-Saigawa 1/2 CoLL-Saigawa

CoLL-Saigawa Nao Hirokawa (JAIST) Kiraku Shintani (JAIST) CoLL-Saigawa 1/2 CoLL-Saigawa

CoLL-Saigawa Nao Hirokawa (JAIST) Kiraku Shintani (JAIST) CoLL-Saigawa 1/2 CoLL-Saigawa CoLL-Saigawa CoLL (5000 LoC) LL YES/NO TRS CoLL-Saigawa CoLL (5000 LoC) LL YES/NO TRS non-LL Saigawa (3000 LoC) CoLL-Saigawa 2/2 CoLL-Saigawa

966 views • 8 slides
Outline Outline 2 Probability Models of N Random Variables Probability Models of N Random

Outline Outline 2 Probability Models of N Random Variables Probability Models of N Random

Outline Outline 2 Probability Models of N Random Variables Probability Models of N Random Variables (5.1, Y&G) Vector Notation (5.2, Y&G) Vector Notation (5 2 Y&G) 204312 PROBABILITY AND 204312 PROBABILITY AND

546 views • 7 slides
Evaluating the value of storage facilities for buffering and arbitrage (Joint work with Lisa

Evaluating the value of storage facilities for buffering and arbitrage (Joint work with Lisa

Evaluating the value of storage facilities for buffering and arbitrage (Joint work with Lisa Flatley, Richard Gibbens, Stan Zachary) James Cruise Maxwell Institute for Mathematical Sciences Edinburgh and Heriot-Watt Universities 26 February

523 views • 26 slides
Incrementality in Compositional Distributional Semantics M. Sadrzadeh, EECS, QMUL SemDial 2018

Incrementality in Compositional Distributional Semantics M. Sadrzadeh, EECS, QMUL SemDial 2018

Incrementality in Compositional Distributional Semantics M. Sadrzadeh, EECS, QMUL SemDial 2018 joint work with M. Purver, J. Hough, R. Kempson SYCO2, Glasgow December 2018 NLP in one slide structure preserving map Semantic Formal

926 views • 68 slides
Useful L T EX Packages A Fanny Jasso-Hernandez Kerry Luse The George Washington University

Useful L T EX Packages A Fanny Jasso-Hernandez Kerry Luse The George Washington University

Useful L T EX Packages A Fanny Jasso-Hernandez Kerry Luse The George Washington University March 4, 2007 Fanny & Kerry (GWU) Useful L A T EX Packages March 4, 2007 1 / 51 Outline Figures 1 eps Files jpeg Files Troubleshooting

811 views • 67 slides
Joint Optimization of Segmentation and Appearance Models David Mandle, Sameep Tandon April 29,

Joint Optimization of Segmentation and Appearance Models David Mandle, Sameep Tandon April 29,

Joint Optimization of Segmentation and Appearance Models David Mandle, Sameep Tandon April 29, 2013 David Mandle, Sameep Tandon (Stanford) April 29, 2013 1 / 19 Overview 1 Recap: Image Segmentation 2 Optimization Strategy 3 Experimental

636 views • 60 slides
ON THE GALOISIAN STRUCTURE OF HEISENBERG INDETERMINACY PRINCIPLE JULIEN PAGE 1 AND GABRIEL CATREN

ON THE GALOISIAN STRUCTURE OF HEISENBERG INDETERMINACY PRINCIPLE JULIEN PAGE 1 AND GABRIEL CATREN

ON THE GALOISIAN STRUCTURE OF HEISENBERG INDETERMINACY PRINCIPLE JULIEN PAGE 1 AND GABRIEL CATREN 1 , 2 1- SPHERE - UMR 7219, Universit e Paris Diderot - CNRS, Paris, France. 2- Facultad de Filosof a y Letras, Universidad de Buenos Aires

458 views • 9 slides
Coupling: co-adapted vs. maximal (joint work with W.S. Kendall and S. Jacka, University of

Coupling: co-adapted vs. maximal (joint work with W.S. Kendall and S. Jacka, University of

RW on Z n Introduction Types of coupling Brownian Motion Conclusion References 2 Coupling: co-adapted vs. maximal (joint work with W.S. Kendall and S. Jacka, University of Warwick) Stephen Connor stephen.connor@york.ac.uk Stephen Connor

884 views • 57 slides

More recommend