This article was originally published in The Atlantic on May 23, 2017.
American voting relies heavily on technology. Voting machines and ballot counters have sped up the formerly tedious process of counting votes. Yet long-standing research shows that these technologies are susceptible to errors and manipulation that could elect the wrong person. In the 2016 presidential election, those concerns made their way into public consciousness, worrying both sides of the political fence. The uncertainty led to a set of last-minute, expensive state recounts—most of which were incomplete or blocked by courts. But we could ensure that all elections are fair and accurate with one simple low-tech fix: risk-limiting audits.
Risk-limiting audits are specific to elections, but they are very similar to the audits that are routinely required of corporate America. Under them, a random sample of ballots is chosen and then hand-counted. That sample, plus a little applied math, can tell us whether the machines picked the right winner.
In nearly all cases, a risk-limiting audit can be performed by counting only a small fraction of ballots cast. For example, the M.I.T. professor Ron Rivest calculates that Michigan could have checked just 11 percent of its ballots and achieved 95 percent confidence that their machine-counted result correctly named Donald Trump the winner of Michigan's electoral votes. Texas and Missouri, with their wider margins in the presidential race, could have counted a randomly chosen 700 ballots and 10 ballots, respectively, to achieve the same confidence level.
Since risk-limiting audits verify elections while minimizing the number of audited ballots, they are both inexpensive and speedy. They largely eliminate the need for emergency recruitment of recount workers and can be conducted before the election must be certified by law. This also means that auditing can become a routine part of every election. Regular auditing will also allow state and county electioneers to become more skilled at spotting problems, from mundane system errors to deliberate hacking, something that is difficult for them to do today.
Colorado has been working on audits since 2011, and is ready to take the next step: Risk-limiting audits will be required in Colorado’s 2017 election. More states should follow Colorado’s bold lead.
Yet too many states still have electronic voting machines with no paper trail, meaning that no audit is possible at all. And all audits are not created equal. After the 2016 election, many Wisconsin counties simply ran ballots through their tabulating machines a second time and called it an “audit.” But if the machines were broken or compromised, the same inaccuracies they registered the first time would show up again the second time.
Technology is already deeply embedded in our voting systems. The next step isn’t to pile on more technology; it’s ensuring that the technology we rely on works properly and has not been hacked or undermined. The way to do that is clear: standard election procedure should include risk-limiting audits. If the Nevada Gaming Commission can establish detailed audit requirements for Keno, we can certainly do the same for our democracy.
Cindy Cohn is the executive director of the Electronic Frontier Foundation. She is an advisory-board member for the Verified Voting Foundation.
This article is part of The Democracy Project, a collaboration with The Atlantic.