search

FreeAndFair / ColoradoRLA

Software to facilitate risk-limiting audits at the state level, developed for the state of Colorado.
Other
21 stars 8 forks source link

More efficient sampling and auditing of small contests and multi-card elections via SCORE data #905

Open nealmcb opened 6 years ago

nealmcb commented 6 years ago

The 2017 implementation always samples from the entire set of ballot cards across a county, and thus uses the county-wide count of ballot cards as the denominator in the calculation of the diluted margin for each contest in a given county. For a contest which only appears on a third of the ballot cards, this results in a diluted margin one-third the size, and requires three times as many ballot cards to be audited.

This is because we can't trust the CVRs, and the current ballot manifest doesn't contain independent evidence about how many voters voted in each contest.

Colorado's SCORE voter registration database records each voter who votes in an election, and what districts they are eligible to vote in, and can be used to derive an independent count of the number of voted ballot cards that should appear, for each county, in the CVRs. So SCORE is the most likely source of useful evidence which can be used to support sampling from only CVRs which report votes in a contest of interest.

Note that using SCORE is problematic because data in SCORE is updated as voter registration changes come in from a variety of sources, and it is hard to get the data from SCORE that corresponds to the generation of each ballot. Contest-ballot counts from the CVRs should be appropriately reconciled with the SCORE data and used to establish upper bounds on the number of ballot cards containing each contest, and appropriate techniques with phantom CVRs etc. should be used when they don't match.

There has been discussion of procedures which could provide contest-ballot counts per-batch, but here we assume the counts are just per-county, per-contest.

An audit of the SCORE data should also be done, along with chain-of-custody audits etc.

nealmcb commented 6 years ago

Given independent SCORE data (conceptually as part of an enhanced manifest), which as noted may not exactly match the CVR data, the proper way to combine that with the CVR data to drive an RLA is described by Bañuelos and Stark at Limiting Risk by Turning Manifest Phantoms into Evil Zombies (1207.3413v1).