Super-Simple Simultaneous Single-Ballot Risk-Limiting Audits

Simultaneous risk-limiting audits of a collection of contests have a known minimum chance of leading to a full hand count if any outcomes are wrong. They are generally performed in stages. Each stage involves drawing a sample of ballots, comparing a hand count of the votes on those ballots with the original count, and assessing the evidence that the original outcomes agree with the outcomes that a full hand count would show. If the evidence is sufficiently strong, the audit can stop; if not, more ballots are counted by hand and the new evidence is assessed. This paper derives simple rules to determine how many ballots must be audited to allow a simultaneous risk-limiting audit to stop at the first stage if the error rate in the sample is sufficiently low. The rules are of the form “audit at least ρ/μ ballots selected at random.” The value of ρ depends on the simultaneous risk limit and the amount of error to be tolerated in the first stage without expanding the audit. It can be calculated once and for all without knowing anything about the contests. The number μ is the “diluted margin”: the smallest margin of victory in votes among the contests, divided by the total number of ballots cast across all the contests. The initial sample size does not depend on any details of the contests, just the diluted margin. This is far simpler than previous methods. 2 For instance, suppose we are auditing a collection of contests at simultaneous risk limit 10%. In all, N ballots were cast in those contests. The smallest margin is V votes: The diluted margin is μ = V/N . We want the audit to stop at the first stage provided the fraction of ballots in the sample that overstated the margin of some winner over some loser by one vote is no more than μ/2 and no ballot overstates any margin by two votes. Then an initial sample of 15.2/μ ballots suffices. If the sample shows any two-vote overstatements or more than 7 ballots with one-vote overstatements, more sampling might be required, depending on which margins have errors. If so, simple rules that involving only addition, subtraction, multiplication, and division can be used to determine when to stop. Goal: Truly simple audit rules that allow elections officials to confirm that the outcomes of most contests are right, with one (small) sample. Risk-limiting: large chance of correcting any outcomes that are wrong—i.e., that disagree with the outcome full hand count of the audit trail would show. (Correct them by conducting a full hand count.) Exploit statistical efficiency of single-ballot auditing, which compares CVR with human interpretation of individual ballots. Spend some of that efficiency on logistic and computational simplicity. Method still “cheap.” Have to match CVRs to physical ballots. Requires new voting systems or transitive auditing using parallel systems (e.g., Clear Ballot Group, Humboldt ETP, TrueBallot) a la Calendrino et al. (2007) 3