Re: TAR--audits. urgently need help to get law.

From: Ron Crane <voting_at_lastland_dot_net>
Date: Wed Nov 22 2006 - 13:53:44 CST

Charlie Strauss wrote:
> Well guess it's all relative. I don't see it as that complicated.
> Maybe I'm missing something.
> As I see it the axiomatic starting point is that there is some size
> vote shift in a precinct that would be plainly wrong. It's an axiom
> so it's not defensible from the context of the consequent
> statistics. So pick a number maybe 15%, maybe 30%. That's the
> ceiling on the vote shift that would pass by unquestioned on a given
> machine. Once we have that it's all down hill. For a given election
> margin you can compute how many machines would have to have a vote
> shift. The worst cast for detection by sampling is if the fewest
> number of machines are altering votes, so that means they would all
> be at the maximum vote shift. So now we can simply computer how many
> machines in the total population you would have to sample to have a
> XXX % chance (say 90%) of your sample containing at least one of
> those machines.
I have done this using a binomial approach. Page 140 of the Brennan
Center's report contains a formula for determining the number N machines
you need to recount to have probability D of detecting at least one
compromised machine, where fraction C of the machines are compromised:

    N = log(1-D) / log(1-C)

Solving this formula for C and using D=0.9 and N=33 (from your previous
email), I found that the legislation appears to envision that an
attacker will compromise no fewer than 6.7% of machines. That seems too

This approach also assumes that the attacker will not exceed the
axiomatic maximum per-machine shift because doing so would trigger
recounts through some mechanism independent of the random sampling
recounts. But does that mechanism exist? Probably the targeted recounts
would cover many such cases, especially if the commission has sufficient
authority to expand the recounts via additional random sampling. But
probably the legislation should mandate a recount on any machine that
appears to have produced a grossly-outsized vote shift. The question
then becomes what baseline to use to determine whether a machine
exhibits such a shift. Do you use exit polls (if they exist), an average
of opinion polls, or some other stat?

Finally, I am not sure that the detection of a single bad machine will
produce the right kind of response. Many officials have tended to write
off malfunctions as "glitches" or "human error," particularly where they
seem to affect only one or a few machines. The legislation needs to
mandate an effective response even when only one machine appears to be
affected. And perhaps it should sample enough machines to give P=0.9 of
finding at least two such machines (if they exist) instead of at least one.

Would you be so kind as to post the proposed legislation, or to email it
to me?

> ...
> The glaring problem is the axiomatic assumption of the worst case scenario that
> would be considered undetectable: maybe 30% is better than 15%. If
> it were 30% and we assumed 15% then the number of machines we need to
> audit is much larger. Maybe one has a prior distribution for this
> detection probability? okay let's use that. But then that's still
> not enough since you then need a some sort of cost function to use
> for your decision. And we've never stated one in the model.
Yes. In particular you need a larger sample if there's no other way to
detect most of the worst-case machines.
> As a relevant aside I note that one of hidden beauties of tossing in
> a limited Targeted (TAR) selection is to helps us determine if 15% or
> 30% is the worst case bounds by cherry picking the machines that
> other prior information outside the model tells us are the likely
> worst cases. ...
Not really. To paraphrase Rumsfeld, you have a difficult time knowing
what you don't know. The TAR increases the chances of finding the worst
machines, and of finding out just how bad they are, but it doesn't tell
you how bad they might become. Also, attackers aren't sitting still.
They're looking at your audits and are devising new ways to sidestep them.

Thanks for the explanation.

OVC-discuss mailing list
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Thu Nov 30 23:17:11 2006

This archive was generated by hypermail 2.1.8 : Thu Nov 30 2006 - 23:17:19 CST