Re: [EILeg] [ei] Re: A 3-Step Audit Protocol w/ 99% confidence

From: Jerry Lobdill <lobdillj_at_charter_dot_net>
Date: Fri Jan 26 2007 - 17:17:09 CST

Arthur's one-liner at the bottom of the attached message is a bit
cryptic. I will take a crack at clearing up this "fudge factor"
characterization, because Howard and I both came up with this method
independently, and I am very familiar with it.

The term "fudge factor" is commonly used to indicate a factor or term
that has no technical justification but makes the answer come out as
desired. That is not in any way what this term (Howard calls it "WPM") is.

It is understandable that Jonathan does not understand it. His
approach to auditing is based upon a different audit methodology. His
method is the same method that pollsters use to design exit polls.
The sampling units for that method are ballots, not precincts or machines.

There has been a disconnect between the proponents of Jonathan's
method and those who think that audit design should be based on the
idea of using precincts or other larger units as the units to be
sampled. Jonathan has been at the forefront of naysayers opposed to
the latter approach.

Let me just explain what WPM is all about.

In determining the number of precincts, S, to audit, the math (based
on sampling without replacement) requires the following inputs: The
race-wide margin of victory in votes, M. N = the total number of vote
counts (read units of precincts, DREs, PCOS machines, or polling
places). C = the number of corrupted units in the race. P =
probability of there being 1 or more corrupt units in the sample of size S.

Now, obviously the auditors cannot know the value of C. Therefore it
is necessary to assume a value. This is where opponents usually
abandon a listening mode and go into orbit. But that is where they go
wrong. The intelligent selection of a value of C assures that the
sample, S, will be large enough to guarantee a probability of
detection, P, of at least one corrupt precinct under the following

1. There are enough corrupt units in the N total units to reverse the election.
2. The attacker is a person who has the motivation, opportunity,
knowledge, and intelligence to design and implant effective trojan
horse software in the tallying software employed in the election.

Of course, if C = N, P = 1, and if C = 0, P = 0. The purpose of the
procedure used to determine a value of C is to assure that P = 0.99
(or whatever) regardless of how the attacker has chosen to
tamper. The procedure is conservative from the auditor's point of
view in that it sets WPM at a value that is at the high end of
credibility (20% has been proposed). This makes the value of C as
small as possible consistent with the needs of the attack. If the
attacker does not try to limit the number of precincts attacked and
attacks all precincts, then C =N, and S =1, i.e., we need only select
one precinct to audit at random to detect the attack with probability
1. This is not going to happen in real life, but if it does we've
got it nailed.

If the attacker intelligently tries to minimize the number of
precincts she attacks to effect a win for her candidate, her trojan
horse (TH) will attack large units preferentially and avoid attacking
small ones. This is a trade off in which the attacker must predict
what the needed number of fraudulent votes will be and adjust the
parameters of the trojan horse to minimize the number of units
attacked and also try not to set off any alarm bells by altering the
vote count in any precinct so much that the losing precinct chair and
her voters raise hell and blow the cover.

These are the considerations that motivate the method of determining C.

The math shows that the smaller C is, the larger the sample, S, must
be to achieve the desired value of P. The WPM choice is large enough
that if the attacker actually used that value the vote count
distribution would probably be large enough to send the losing
precinct chair into orbit in an attacked precinct just on the basis
of the tally. This threat limits C and causes the sample size S to be
large enough to achieve the audit goal in all cases where tampering
is not blatantly obvious a priori.

Now just to briefly justify the choice of vote counts as units rather
than ballots, this approach is more compatible with chain of custody
requirements for ballots and the existing methods of filing election
records for precincts than is the approach wherein ballots are sampled.

I'm not speaking for Howard here. He may also weigh in with his own


Jerry Lobdill

At 01:26 PM 1/26/2007, Arthur Keller wrote:

>At 9:20 AM -0500 1/25/07, wrote:
>>In a message dated 1/25/07 7:34:32 AM, writes:
>>>Maximum assumed vote shift percentage per precinct is the largest vote
>>>shift (as a percentage of the total votes cast in the race to be
>>>audited) on a single PCT that could be switched from one candidate to
>>>another without being detectable by observation alone. This value will
>>>be used, along with the Margin, to determine the Smallest Tabulation
>>>Error to Reverse an Electoral Outcome (STEREO). For example, if 20% of
>>>the total votes in a single PCT could be switched between two candidates
>>>without being detectable by observation alone, five corrupt PCTs would
>>>be required to switch the equivalent of all the votes cast on a single PCT.
>> Sorry folks, but I've got to weigh in on this one. Can anyone
>> read the paragraph above without the words "fudge factor" forming
>> in their mind?
>Any sufficiently advanced technology is indistinguishable from magic.
>Arthur C. Clarke, "Profiles of The Future", 1961 (Clarke's third law)
>English physicist & science fiction author (1917 - )
>Just because you don't understand the mathematics or science behind
>it does not make the mathematics or science any less valid.
>Best regards,

OVC-discuss mailing list

= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Tue Jan 1 14:12:49 2008

This archive was generated by hypermail 2.1.8 : Tue Jan 01 2008 - 14:12:51 CST