Re: [EILeg] Cascading Audits

From: Ronald Crane <voting_at_lastland_dot_net>
Date: Thu Dec 14 2006 - 12:27:57 CST

On Wed, 13 Dec 2006 21:20:21 -0600, Jerry Lobdill wrote
> Ron,
>
> [snip]Overkill is not present in my proposal.  You simplyassert that it is without any technical argument. Your argument is basedon what election administrators want, and that is not a proper stance totake.  <

Every proposal for election reform has both technical and practical aspects. While it is certainly technically defensible -- in terms of maximizing the likelihood of discovering fraud -- to hand-recount an entire county if a single precinct exhibits a miscount, such a recount can involve a great deal of effort. This possibility will, in turn, motivate some officials to oppose such an audit proposal, or to shortcut its execution should it actually become law. Imagine you're LA County's ROV, and that the initial audit discovered a 3-vote miscount in one precinct. Under your plan, you'd be faced with hand-recounting over 5,000 other precincts. That's a big, expensive, time-consuming job, and it's not clear that it's justified.

If there exists an audit scheme that reduces the burden of additional recounts while still giving us a high probability of discovering fraud, officials would be likely to find it more acceptable, leading to less opposition to enactment and greater compliance in practice.

That's what I'm trying to do with cascading audits.

> You came up with this cascading audits idea just yesterday and do noteven have a technical exposition of it published anywhere. Please excuseme if I seem a little cranky about your presumptuous attitude, but itdoes annoy me.  If you think so highly of it, why not publish acomplete detailed statistical analysis that justifies your idea? Then I promise I will provide a technical critique of it devoid of anycrankiness. <

I will indeed attempt a detailed paper on it, and publish it here when complete. But please consider adopting a less "cranky" attitude. This is a forum for the exchange of election reform ideas, many of which are not going to be fully-formed when presented. If new (but not fully-formed) ideas are met with derision and personal attacks, this forum will become much less useful.

Again, I am more than open to reasonable criticism. It helps us all improve our proposals.

-R

> At 05:37 PM 12/13/2006, you wrote:
> On Wed, 13 Dec2006 16:16:52 -0600, Jerry Lobdill wrote
> > At 02:38 PM 12/13/2006, you wrote:
> >
> Jurisdictions will objectstrenuously to the idea that the detection of a single miscountedprecinct should trigger a full recount of the entire affectedjurisdiction (e.g., imagine recounting California because something wentwrong in the U.S. Senate race in a single precinct having 300 registeredvoters). The cascading audit scheme attempts to address this objectionwhile still providing an effective audit. I think that jurisdictions willbe much more likely to accept the cascading audit than thefull-recount-on-a-single-miscount scheme that you've proposed.
> >
> > -R [Stuff that was better not said omitted.]
>  
> > If a single precinct IN A COUNTY is found corrupted in a sampleselected from the population of ALL precincts in the COUNTY that arevoting in the race being audited, this precipitates a full hand recountof ALL precincts in the COUNTY that are voting in the race. 
>
> Los Angeles County has about 5,000 precincts. Requiring a full recount ofthat county when something goes wrong in a single precinct would bemassive overkill. The cascading audit is much more economical, yet stillgives us an excellent (p=0.99) chance of detecting at least oneadditional miscounted precinct if any such precincts exist. Inconsequence, I think that it would be much more acceptable to officials,and thus more likely actually to make it into law.
> As seen through the eyes of officials--who don't ever want to do arecount under any circumstances.
>
> > ...Anycorrupted precinct precipitates a full hand recount IN THAT COUNTY. Thereason for this is that a wholesale attack is not spread from county tocounty or from the state level to the counties. It is launchedindependently in each county in which it appears.  <
>
> This is incorrect. A wholesale attack easily can originate at a vendor orat one of a vendor's suppliers, and can therefore affect any jurisdictionusing the affected machines -- potentially the entire nation.
> Typically it would originate at a county election administrationoffice. Most candidates would not have the inside contacts to attackthrough the vendor.  They would most likely attack through thecontacts they have in the election district and that would mean that eachcounty's system would have to be attacked independently. It's, of course,possible that the trojan horse could be inserted into a newversion of GEMS software (or its equivalent) certified by the SoS foruse in the state at the precise time required to affect the election, andtherefore promulgated to all users of the vendors' machines. If thatunlikely event happened my audit procedure would catch it anyway, so yourargument is of no effect. 
>
> > There maybe a few refinements yet to be made in the procedure for sampleselection, but I assure you they do not involve your cascading auditsidea as expressed below. <
>
> Then please propose an approach that minimizes overkill while stillproviding adequate assurance of detecting further miscounts. Or at leasttell me what's wrong with cascading audits. I am more than willing toconsider reasonable objections (e.g., it's not mathematically supportablebecause..., it's too clumsy because..., etc.)
> There is no overkill. Why don't you tell us why your idea ismathematically supportable.
>
> ...
> > As best I can tell, you came up with your cascading audits notionoff the top of your head yesterday. Please read what has been publishedby myself, Howard Stanislevic, and Kathy Dopp, and reconsider your idea.<
>
> I have read Kathy's papers (at least the ones that she's cited here),which recognize that there's a question about what to do when the initialaudit discovers a discrepancy, but say that further research is needed todetermine what to do about it.
> I don't speak for Kathy. Although we do agree in most particulars onhow to design the audit she apparently has not gone farther and decidedwhat to do with the results of the audit.
>
>  I haveread your audit paper posted at NIST, and I don't recall it sayinganything about this issue.
> In my paper I did not specifically debunk the idea that the hypothesisbeing tested in my audit plan to a 99% confidence level would needfurther supporting auditing before a sufficient level of confidence wasreached to order a recount.  No one had specifically made such aclaim at the time I wrote the paper.  However I did say this:"It is extremely important to avoid legal language that giveselection officials the power to emasculate the mandatory auditprocess." I said that because Howard Stanislevic had written that hethought election officials would want discretion to decide what to dowhen the audit uncovered a corrupt precinct which had errors that supportthe likelihood of a trojan horse attack on the race being audited. Howard, Kathy, and I agree on how to design the audit, but neither ofthem, so far as I'm aware, has agreed that the audit result shouldtrigger a recount--but neither have they said it should not.
>
> In my latest paper, written at your suggestion, and I hope by now it isavailable in the files on the EI Leg website, I said,
>
> "In an audit, enough polling place returns are counted by handthat we will find, with 99% confidence, at least one polling place thatexhibits this kind of error if the election has been successfullyattacked. If one such discrepancy occurs in the sample audited it shouldtrigger action that is mandatory." 
> When I said that, I did not mean that maybe 99% confidence isn't enoughand that the mandatory action should be to audit some more precincts, andto keep on doing it until you've audited all the precincts (which is whatyou've said, I believe).  The probability is extremely small thatonly one precinct in an election in which votes are tabulated in PCOSmachines is corrupted by vote switching in the direction needed tofraudulently elect the ostensible winner. This is not the kind of randomerror you find that is a programming bug.  It is the kind ofsystematic error that has a 99% chance of showing up in the audit if theelection has been stolen by vote switching.
>
> If one follows your prescription of cascading audits it appears that youend up auditing all precincts. Isn't that a full recount?  You don'tsay what would prevent that from happening or what the statistics are oneach iteration or why whatever the confidence level is, it's neverenough.
>
> Do you think you could flesh out your proposal so that it's clear whyyou're doing each step and how it's all statistically justified?
>
>  
>  Thank youfor clarifying your position that discovery of a single miscountedprecinct should trigger a countywide recount. I disagree, for the reasonsstated above. I have not (knowlingly) read Mr. Stanislevic, but I'llsearch for him and see what his papers have to say.
>
> -R
>
> On Wed, 13 Dec 2006 09:35:43-0600, Jerry Lobdill wrote
> > > This is a response to both Arthur and Ron re auditing.
> > >
> > > This business of "further auditing" seems to me to bemisguided thinking.  In the audit scheme that I have proposed thekind of miscount and the race in which it occurs cannot in any reasonableanalysis be considered an ambiguous result that would be cleared up bymore auditing.  If it occurs once in a sample that is properly sizedand randomly selected it should be considered sufficient evidence totrigger a full recount.  You don't even need to audit the completeset of precincts in the sample once you've found the first precinct thatsatisfies the detection criterion.
> > >
> > > We can discuss this further if you don't agree.
> > >
> > > Jerry Lobdill
> > >
> > > At 02:00 PM 12/12/2006, eileg-request@lists.sonic.net wrote:
> > >
> >
> From: "Ronald Crane"<voting@lastland.net>
> > > Precedence: list
> > > MIME-Version: 1.0
> > > To: eileg@lists.sonic.net
> > > Date: Mon, 11 Dec 2006 20:14:31 -0800
> > > Message-ID: <20061212035633.M61444@lastland.net>
> > > Content-Type: text/html;
> > >     charset=iso-8859-1
> > > Subject: [EILeg] Cascading audits
> > > Message: 12
> > >
> > > An important question raised by audits is what further auditingshould we do if we discover precincts that miscounted their votes. Itstrikes me that a good approach might be like this:
> > >
> > > 1. Reduce the winning candidate's effective margin of victoryin accord with the results of the audit from the miscounted precincts.
> > >
> > > 2. Treat the precincts that were not audited the first timearound as if they represent a new election.
> > >
> > > 3. Iterate the audit, calculating the number of precincts thatwe need to audit to have p=0.99 of discovering at least one miscountedprecinct (given the new margin of victory and the minimum number ofprecincts that an attacker would have to flip to gain victory), andrandomly selecting the new precincts to audit.
> > >
> > > I haven't carefully analyzed this procedure, but it seems that,when it terminates, we will have at least p=0.99 assurance that there arenot enough miscounted precincts to flip the election.
> > >
> > > It also seems reasonably economical, avoiding the big hit ofsimply auditing all the precincts when we discover some number ofmiscounted ones.
> > >
> > > Comments?
> > >
> > > -R
> > > From: "Ronald Crane" <voting@lastland.net>
> > > Precedence: list
> > > MIME-Version: 1.0
> > > To: "Ronald Crane" <voting@lastland.net>,eileg@lists.sonic.net
> > > References: <20061212035633.M61444@lastland.net>
> > > In-Reply-To: <20061212035633.M61444@lastland.net>
> > > Date: Tue, 12 Dec 2006 00:23:53 -0800
> > > Message-ID: <20061212082107.M25279@lastland.net>
> > > Content-Type: text/html;
> > >     charset=iso-8859-1
> > > Subject: Re: [EILeg] Cascading audits
> > > Message: 13
> > >
> > > 1. Reduce the winning candidate's effective margin of victoryin accord with the results of the audit from the miscounted precincts.
> > >
> > > 2. Treat the precincts that were not audited the first timearound as if they represent a new election.
> > >
> > > 3. Iterate the audit, calculating the number of precincts thatwe need to audit to have p=0.99 of discovering at least one miscountedprecinct (given the new margin of victory and the minimum number ofprecincts that an attacker would have to flip to gain victory), andrandomly selecting the new precincts to audit.
> > > To be more explicit:
> > >
> > > 4. Repeat 1-3 until either an audit finds no more miscountedprecincts or you've audited all the precincts.
> > >
> > > -R
> > >
> > > At 8:14 PM -0800 12/11/06, Ronald Crane wrote:
> > >
> >
> It also seems reasonablyeconomical, avoiding the big hit of simply auditing all the precinctswhen we discover some number of miscounted ones.
> > > There's a big thing missing from the issue of recounting someor recounting all precincts argument.  And that is determining thesource of the problem in the first place.  I suggest that someabsolute threshold, such as an error rate exceeding a certain number orpercentage of votes result in an evaluation of the causes of theerror.  This should be separate from the decision to recount for thepurposes of determining the winner.
> > >
> > > Furthermore, this issue is independent of technology.  Itapplies equally to HCPB, where it might uncover a counting conspiracyamong volunteer counters.
> > >
> > > Best regards,
> > > Arthur
> >
> >
> > (In accordance with Title 17 U.S.C. Section 107, this material isdistributed without profit to those who have expressed a prior interestin receiving the included information for research and educationalpurposes. ProgressiveNews2Use has no affiliation whatsoever with theoriginator of this article nor is ProgressiveNews2Use endorsed orsponsored by the originator.)
> >
> > "Go to Original" links are provided as a convenience toour readers and allow for verification of authenticity. However, asoriginating pages are often updated by their originating host sites, theversions posted on ProgressiveNews2Use may not match the versions ourreaders view when clicking the "Go to Original" links.
> >
>
>
> (In accordance with Title 17 U.S.C. Section 107, this material isdistributed without profit to those who have expressed a prior interestin receiving the included information for research and educationalpurposes. ProgressiveNews2Use has no affiliation whatsoever with theoriginator of this article nor is ProgressiveNews2Use endorsed orsponsored by the originator.)
>
> "Go to Original" links are provided as a convenience to ourreaders and allow for verification of authenticity. However, asoriginating pages are often updated by their originating host sites, theversions posted on ProgressiveNews2Use may not match the versions ourreaders view when clicking the "Go to Original" links.
>

 

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sun Dec 31 23:17:14 2006

This archive was generated by hypermail 2.1.8 : Sun Dec 31 2006 - 23:17:16 CST