So#ware Support for So#ware‐Independent Audi3ng Gabrielle A. Gianelli, Jennifer D. King , Edward W. Felten, William P. Zeller Center for Informa3on Technology Policy Department of Computer Science Princeton University EVT/WOTE ‘09 August 11, 2009
Goals of Post‐Elec3on Audi3ng • Valid sta3s3cal guarantee • Efficient • Easy to use • Ins3lls confidence in elec3on results for voters and officials • So#ware independent
Possible Solu3ons Efficiency Complexity Difficulty understanding
Possible Solu3ons Ease of use Automa9on ? So;ware dependence
How to reconcile these tensions? • One approach: eliminate computers • Our approach: automate, but verify
So#ware Independence Third Par3es Audi9ng for System Verifica3on
Log Format User entered data Calcula9ons ‐ Pseudorandom numbers ‐ Input ‐ Precinct or ballot selec3ons
Log AXributes of log – XML: can be easily parsed – Stores all informa3on necessary to recreate an audit, either by hand or with another machine A log verifiable by a third party ensures software independence.
Our Solu3on • Web applica3on • Python with Django web framework Goal: auditing interface easy for non-expert users
• (screenshot of home page with audit status)
• (screenshot of race/algorithm selec3on page)
Supported Algorithms Precinct‐based algorithms: • Exact Percent • Percent by Probability Ballot‐based algorithms: • Constant Sample Size • Varying Sample Size
Linking Precincts • Assume two races A and B over the same set of precincts • Goal: choose 2% of precincts for Race A and 3% of precincts for Race B
Unlinked Precincts Set of all ballots, S S B S A
Linked Precincts Set of all ballots, S S A & S B S B
Pseudorandom Number Genera3on “1,2,1,4,4,…” PRNG
Humboldt County Data • Ballot images from Humboldt County (CA) Elec3on Transparency Project (Nov 2008) • Textual ballot representa3ons from Mitch Trachtenberg’s Ballot Browser program • 29 races; 145 precincts; 128,144 ballots
Process • Loaded the data from individual ballots into our database • Used the system to run a mock audit • In order to simulate a manual recount, compared the ballot images against the data in our database
Results Audit Algorithm Parameter Precincts Ballots Percent ballots chosen Chosen chosen 1 Exact Percent 1% of 33 15,613 12% precincts 2 Exact Percent 1% of 15 5,768 4% (linking) precincts 3 Constant 99% N/A 3,006 2% Sample Size confidence
In closing… Automa3on can • Make post‐elec3on audits more efficient • Expand the scope of complex audi3ng algorithms and reduce the number of ballots to be counted as long as the output can be independently verified.
So#ware Support for So#ware‐Independent Audi3ng Gabrielle A. Gianelli, Jennifer D. King , Edward W. Felten, William P. Zeller Center for Informa3on Technology Policy Department of Computer Science Princeton University EVT/WOTE ‘09 August 11, 2009
Recommend
More recommend
