It is not possible to conduct an audit unless a "Voter Verified Paper Trail" (VVPT) is available. This means the voter is able to confirm his/her vote prior to submission on a paper record which can be read later. This can be either a paper ballot or a "toilet paper roll" of printed vote options which are produced from a touch-screen voting machine.
Our list of best practices is not an attempt to provide an exhaustive step-by-by process for conducting an effective audit. Instead, we focus on key issues that will make or break the audit.
To conduct a valid audit, please respect the following:
- Voter-Verified Paper Trial (VVPAT) secured: Physical ballots or paper tape must all be secured prior to the selection of the sample.
- Best if the ballots can remain untouched after being processed by the tabulation center.
- Sifting through boxes of batches to find ballots that are in a precinct should not be part of the process.
- Frozen Computer Data: Computer data must be secured prior to the selection, and preferably transferred to a third party so no one can modify it. This is the function Citizens Oversight is offering to election officials. The data file can be uploaded on our server to insure that there is no tampering by compromised employees or hackers.
- This data file must be broken down by precinct and ballot type. We call this the snapshot data file.
- If the election officials upload this to their website making it publicly available.
- We recommend that a signature of the file be created and published, such as by using a standard signature generator such as MD-5.
- Random Selection: The selection then should be random and also a surprise to everyone, i.e. unpredictable.
- Choosing precincts before the election, then you are violating the spirit of the audit procedure. This should be a public process.
- Some jurisdictions also choose one or more races for audit.
- If subsequent selections are performed, such as in California where all races must have at least one precinct manually tallied, selections of these subsequent selections should be performed in a public meeting using a random process.
- We prefer the use of ten-sided dice to select random numbers. Use of a human picking from a basket of similar items like ping-pong balls, poker chips, folded pieces of paper, etc. is not as good as using a physical random number generator such as ten-sided dice which is thrown into a box so everyone can see it randomly fall. This also means there is no need to inspect all the objects to make sure the full set is included.
- We prefer that a member of the public operate the random number generator (throw the dice).
- The correlation of random numbers to precincts or races should be clearly published in advance.
- All ballots cast should have roughly equal chance of being chosen for the audit.
- All ballot should be included in the universe of ballots which can be chosen.
- If variances are detected, additional precincts should be sampled to see if the variance is widespread.
Please avoid the following mistakes:
- Choosing precincts BEFORE the election.
- Not securing the ballots before the selection process.
- Not producing unofficial results broken down by precinct or batch and ballot type and making this public (such as in a Snapshot file).
- Not including all ballots, including VBM and provisionals in the selection process.
- Not choosing additional precincts and batches in a random public process.
- In the case of a variance, running the precinct or batch back through the scanners, and then if it matches the hand tally, saying everything is fine.
- This actually proves there is a significant problem in the audit.