Election officials conduct checks throughout the election cycle. They set up controls to guard against unauthorized access to voter registration rolls, for example, and to help ensure that poll workers follow the correct procedures.
Some election checks focus on the vote counting stage of the process. They aim to ensure that the equipment and procedures used to capture and count votes report the right election outcomes.
One tool officials can use to help check the accuracy of election outcomes is a type of post-election audit known as a risk-limiting audit. Risk-limiting audits have been recommended as an election security measure by the Senate Select Committee on Intelligence and the National Academies of Sciences, Engineering, and Medicine, among others, and are the subject of ongoing activity at both the state and federal levels.
Vote counting is compiling individual voters' selections to reveal election outcomes. A basic expectation is that the equipment and procedures used to conduct the count will get those outcomes right, reporting the candidates voters chose for the seats as the winners of elections.
Election officials can take steps to help ensure that vote counting systems perform as expected. One available approach is to try to prevent any issues that could affect reported outcomes. Running test decks of ballots through ballot scanners before the polls open—as part of a pre-election logic and accuracy test—can help flag potential scanner configuration issues, for example. Testing and certification programs can help ensure that voting systems meet specified security and reliability guidelines.
Another, complementary approach is to identify any issues after the fact and, if necessary, recover from them. One general strategy for this approach—of which risk-limiting audits are an example—is to compare the election outcomes reported by the voting system to paper records of votes that voters have had a chance to verify.
A prerequisite for an effective risk-limiting audit is a trustworthy paper trail, to ensure that reported outcomes are checked against paper records that accurately reflect voters' selections. A full discussion of how to secure the paper trail is beyond the scope of this In Focus, but some of the procedures involved include efforts to ensure that voters generally do tend to verify the paper records of their votes and that no paper records are added, changed, or removed after voters have had a chance to verify them.
Risk-limiting audit procedures themselves start with selection of an initial random sample of paper records, based on factors such as margin of victory. Those paper records are manually reviewed to check for any discrepancies with voting system outputs. Statistical calculations are then run on the results to determine whether they provide a prespecified level of confidence—which might be set in statute or chosen by election officials—that the election outcomes reported by the voting system are the outcomes officials would get if they conducted a full hand count of the paper records of votes.
If the prespecified confidence threshold is met, the audit can stop there. If not, the size of the sample is increased until either the threshold is met or all of the paper records have been manually reviewed. The election outcomes revealed by the full hand count would stand in the latter case, if the reported and hand-counted outcomes were to differ.
Paired with a trustworthy paper trail, risk-limiting audits are designed to provide either (a) a quantifiable level of confidence that the election outcomes reported by the voting system are right or (b) a way to correct the reported outcomes—through a full hand count—if they are wrong. Traditional post-election audits that review a fixed share of paper records, by contrast, might review too few records to provide confidence in the reported outcomes, and preventive measures might not catch all potential issues.
Other possible benefits have also been claimed for risk-limiting audits, including potential to reduce audit costs, increase voter confidence, deter fraud attempts and unnecessary recounts, and simplify other election processes. Election officials might be able to scale back some preventive voting system testing and certification processes, for example, if they have a way to identify and correct for vote counting issues after the fact.
Risk-limiting audits may also come with challenges. Some state and local officials have expressed uncertainty about how to implement risk-limiting audit procedures, for example, or concerns about the accessibility of paper-based voting systems and vote verification mechanisms to individuals with disabilities.
Costs may be a concern for some jurisdictions as well. Risk-limiting audits may be more cost-effective than traditional post-election audits in general. Because they can escalate beyond initial samples, however, they are more expensive in certain cases and can introduce an element of uncertainty about funding needs. Risk-limiting audits may also represent new expenses for states and localities that do not currently conduct traditional post-election audits or that would have to acquire new equipment or develop new procedures to support risk-limiting audits.
Federal election law does not specifically address risk-limiting audits. The Help America Vote Act of 2002 (HAVA; P.L. 107-252; 52 U.S.C. §§20901-21145) requires voting systems used in federal elections to produce manually auditable permanent paper records. HAVA has not been interpreted as mandating the individual, voter-verified paper records used in risk-limiting audits, though, and it requires only that records are auditable, not actually audited.
The federal government has taken other steps to facilitate development or implementation of risk-limiting audits, however. First, Congress has provided funding that could be used for work on risk-limiting audits. Appropriations for FY2009 and FY2010, for example, included funding specifically for a state and local pre-election logic and accuracy testing and post-election audit grant program. More recent federal funding—appropriated for FY2018 and FY2020 in response to election security concerns—was available to states for general improvements to the administration of federal elections, including implementation of post-election audits.
States and localities have used some of those federal funds to develop or implement risk-limiting audits. California, Colorado, and Cuyahoga County, Ohio, used the earlier funding to pilot or document risk-limiting audit procedures, for example, and the U.S. Election Assistance Commission (EAC) has described work on risk-limiting audits as a common theme of states' proposed spending of more recent funds.
Second, federal agencies have offered nonfinancial support. The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) partnered with a nonprofit organization to develop a risk-limiting audit tool, for example, and the National Institute of Standards and Technology (NIST) has specified an audit-friendly common data format for a type of information often used in risk-limiting audits.
The EAC included support for that common data format, as well as for risk-limiting audits, among the requirements voting systems must meet to receive certification under the newest version of its Voluntary Voting System Guidelines (VVSG 2.0). The agency has also produced audit-related resources for states and localities—including a white paper on risk-limiting audits and a more general publication on post-election audits—and provided states with risk-limiting audit trainings and technical assistance.
Starting with Colorado, which enacted the first risk-limiting audit statute in 2009 and conducted the first statewide risk-limiting audit in 2017, some states have adopted risk-limiting audit policies. According to the National Conference of State Legislatures, as of January 2021, Colorado, Nevada (effective 2022), Rhode Island, and Virginia had enacted laws requiring risk-limiting audits, and California, Ohio, Oregon, and Washington had statutes or administrative directives permitting them.
Other jurisdictions have taken preliminary action on risk-limiting audits. A number of states—including Georgia, Indiana, Michigan, New Jersey, and Pennsylvania—have conducted risk-limiting audit pilot programs. Some of those and other states and localities have also used the federal funds described in the "Federal Activity" section of this In Focus to research, develop, or pilot risk-limiting audits.
Congressional Proposals
As noted in the "State Activity" section of this In Focus, many states and localities have started exploring or implementing risk-limiting audits. Congress might choose to leave any decisions about further action on risk-limiting audits to state and local officials.
Bills have also been introduced that would assign the federal government a role. Some of this legislation would provide federal support for state and local action. That includes support for state and local decisionmaking, such as research into the feasibility or effects of conducting risk-limiting audits.
It also includes help addressing challenges like the ones described in the "Overview" section of this In Focus. Bills have been introduced to provide technical assistance with conducting risk-limiting audits, for example, and to authorize grant programs for conducting risk-limiting audits or developing accessible paper ballot verification methods.
Other risk-limiting audit-related legislation would mandate state or local action. Proposals have been offered to require states to conduct risk-limiting audits for federal elections, for example, and to require voting systems used in federal elections to produce voter-verified paper records.
Many risk-limiting audit-related provisions have appeared in multiple bills across multiple Congresses. Risk-limiting audit requirements have appeared in the Protecting American Voters and Elections (PAVE) Act of 2018 (H.R. 6093/S. 3049) and 2019 (H.R. 2754/S. 1472) and the 116th Congress's Securing America's Federal Elections (SAFE) Act (H.R. 2722/S. 2053/S. 2238), for example. The For the People Act of 2019 (H.R. 1/S. 949) and 2021 (H.R. 1/S. 1) and the 116th Congress's Heroes Act (H.R. 925/H.R. 6800/H.R. 8406/S. 4800), among others, have proposed grant programs for conducting risk-limiting audits.
None of the bills referenced above has been enacted as of this writing, but some have passed the House. The Election Technology Research Act of 2020 (H.R. 4990), which would have directed NIST to provide technical assistance with risk-limiting audits, was passed by the House. The House has also passed versions of the For the People Act of 2019 (H.R. 1) and 2021 (H.R. 1), the Heroes Act (H.R. 925/H.R. 6800), and the SAFE Act (H.R. 2722).