130 research outputs found
Adaptively Weighted Audits of Instant-Runoff Voting Elections: AWAIRE
An election audit is risk-limiting if the audit limits (to a pre-specified
threshold) the chance that an erroneous electoral outcome will be certified.
Extant methods for auditing instant-runoff voting (IRV) elections are either
not risk-limiting or require cast vote records (CVRs), the voting system's
electronic record of the votes on each ballot. CVRs are not always available,
for instance, in jurisdictions that tabulate IRV contests manually.
We develop an RLA method (AWAIRE) that uses adaptively weighted averages of
test supermartingales to efficiently audit IRV elections when CVRs are not
available. The adaptive weighting 'learns' an efficient set of hypotheses to
test to confirm the election outcome. When accurate CVRs are available, AWAIRE
can use them to increase the efficiency to match the performance of existing
methods that require CVRs.
We provide an open-source prototype implementation that can handle elections
with up to six candidates. Simulations using data from real elections show that
AWAIRE is likely to be efficient in practice. We discuss how to extend the
computational approach to handle elections with more candidates.
Adaptively weighted averages of test supermartingales are a general tool,
useful beyond election audits to test collections of hypotheses sequentially
while rigorously controlling the familywise error rate.Comment: 16 pages, 3 figures, accepted for E-Vote-ID 202
Public Evidence from Secret Ballots
Elections seem simple---aren't they just counting? But they have a unique,
challenging combination of security and privacy requirements. The stakes are
high; the context is adversarial; the electorate needs to be convinced that the
results are correct; and the secrecy of the ballot must be ensured. And they
have practical constraints: time is of the essence, and voting systems need to
be affordable and maintainable, and usable by voters, election officials, and
pollworkers. It is thus not surprising that voting is a rich research area
spanning theory, applied cryptography, practical systems analysis, usable
security, and statistics. Election integrity involves two key concepts:
convincing evidence that outcomes are correct and privacy, which amounts to
convincing assurance that there is no evidence about how any given person
voted. These are obviously in tension. We examine how current systems walk this
tightrope.Comment: To appear in E-Vote-Id '1
Computing the Margin of Victory in Preferential Parliamentary Elections
We show how to use automated computation of election margins to assess the
number of votes that would need to change in order to alter a parliamentary
outcome for single-member preferential electorates. In the context of
increasing automation of Australian electoral processes, and accusations of
deliberate interference in elections in Europe and the USA, this work forms the
basis of a rigorous statistical audit of the parliamentary election outcome.
Our example is the New South Wales Legislative Council election of 2015, but
the same process could be used for any similar parliament for which data was
available, such as the Australian House of Representatives given the proposed
automatic scanning of ballots
Auditing Ranked Voting Elections with Dirichlet-Tree Models: First Steps
Ranked voting systems, such as instant-runo voting (IRV)
and single transferable vote (STV), are used in many places around the
world. They are more complex than plurality and scoring rules, pre-
senting a challenge for auditing their outcomes: there is no known risk-
limiting audit (RLA) method for STV other than a full hand count.
We present a new approach to auditing ranked systems that uses a sta-
tistical model, a Dirichlet-tree, that can cope with high-dimensional pa-
rameters in a computationally e cient manner. We demonstrate this ap-
proach with a ballot-polling Bayesian audit for IRV elections. Although
the technique is not known to be risk-limiting, we suggest some strategies
that might allow it to be calibrated to limit risk
Limiting Risk by Turning Manifest Phantoms into Evil Zombies
Drawing a random sample of ballots to conduct a risk-limiting audit generally
requires knowing how the ballots cast in an election are organized into groups,
for instance, how many containers of ballots there are in all and how many
ballots are in each container. A list of the ballot group identifiers along
with number of ballots in each group is called a ballot manifest. What if the
ballot manifest is not accurate? Surprisingly, even if ballots are known to be
missing from the manifest, it is not necessary to make worst-case assumptions
about those ballots--for instance, to adjust the margin by the number of
missing ballots--to ensure that the audit remains conservative. Rather, it
suffices to make worst-case assumptions about the individual randomly selected
ballots that the audit cannot find. This observation provides a simple
modification to some risk-limiting audit procedures that makes them
automatically become more conservative if the ballot manifest has errors. The
modification--phantoms to evil zombies (~2EZ)--requires only an upper bound on
the total number of ballots cast. ~2EZ makes the audit P-value stochastically
larger than it would be had the manifest been accurate, automatically requiring
more than enough ballots to be audited to offset the manifest errors. This
ensures that the true risk limit remains smaller than the nominal risk limit.
On the other hand, if the manifest is in fact accurate and the upper bound on
the total number of ballots equals the total according to the manifest, ~2EZ
has no effect at all on the number of ballots audited nor on the true risk
limit
- …