Skip to Content
MIT Technology Review

The key to future election security starts with a roll of the dice

Risk-limiting audits help ensure the accuracy of vote counts, and could be crucial to securing democracy. But they use some unusual techniques.

ColoradoColorado
SOS/Judd Choate

We’re now six weeks past Election Day, and electors in every state followed the will of the voters and confirmed the victory of Joe Biden. But while the Electoral College made the results official, President Donald Trump is continuing to protest them, despite having lost dozens of court cases within the past month. In any case, Congress is slated to complete the process of electing Biden on January 6.

President Trump’s attack on American elections accelerated a problem that already existed in the United States: the public doesn’t trust the vote. 

So how can we help more Americans believe in the most important function of our democracy? One of the states with the most contentious states votes in 2020 might have something to tell us.

How it went down in Georgia

Georgia’s election was close. When it turned out that were only 12,000 votes separating Joe Biden from Donald Trump, the world turned its attention to the count there.

The state’s election processes have changed significantly in just the last year, including a switch to more secure paper ballots and a law requiring a post-election audit, which was then used to examine this year’s tight presidential race.

An audit is not a recount. Instead, it is a routine check of a portion of ballots, using statistical tests to root out anomalies. This is meant to increase everyone’s confidence that the outcome is correct. Georgia’s secretary of state, a Republican, ran the audit this year: it discovered and corrected a relatively small number of counting errors. That process was open and transparent, and the changes were too few to affect the results. In the end, it reaffirmed Joe Biden’s win in Georgia.

This was one of the most high-profile post-election audits in American history, but it won’t be the last. Election integrity and security experts are increasingly pushing to make risk-limiting audits (RLAs) a legal requirement for elections in all 50 states. In just the last few years, 11 states have passed laws requiring, allowing, or piloting risk-limiting audits. The idea is to build trust in systems that have become less transparent as they are more mechanized.

“Machine counting is great, but should we trust them?” says Ben Adida, who runs the election security nonprofit VotingWorks. “The whole point of risk-limiting audits is that machines are great for speed, accuracy, and objectivity—but let’s audit them to make sure they don’t make mistakes and they haven’t been hacked.”

After a largely automated initial count, a risk-limiting audit takes a small number of ballots, which humans count and check against the initial outcome. The process has been put together and picked apart by statisticians, voting experts, election officials, and computer scientists over the last two decades, but it has only recently started to be used in significant elections. (Colorado was the first state to pass legislation about risk-limiting audits, in 2009; its first statewide RLA took place in 2017.)

Adida’s nonprofit, launched in 2018, has built open-source and free software to help conduct these audits cheaply and quickly, in the hope of getting states to adopt RLAs more widely. VotingWorks helped Georgia run its audit this year, and Adida is hopeful the idea will spread.

Starting with a dice roll

In Colorado, the process starts with a big, weird public ceremony that anyone can attend: the state rolls a 10-sided die 20 times in order to create a random “seed” number that kicks off the audit. That determines which ballots will be checked against the results. The whole thing is done this way to try building trust.

“The fact that risk-limiting audits are public ceremonies that the public and press can attend is a very positive thing that will help voters perceive elections to be more trustworthy in addition to the election being more trustworthy in actuality,” Adida says. “We’re going to think about how we name it and talk about it. Even the word audit itself has a lot of negative connotations, and that’s understandable.”

So what happens now? The next four years could see as many as half of all states adopt risk-limiting audits with those goals. In the meantime, aside from the final stages of congressional confirmation, this particular election is over.