Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

The Decisive Power of Indecision: Low-Variance Risk-Limiting Audits and Election Contestation via Marginal Mark Recording

Benjamin Fuller, Rashmi Pai, Alexander Russell

TL;DR

This paper tackles the efficiency and robustness limitations of risk-limiting audits (RLAs) for large elections by rethinking cast-vote records (CVRs) to express marginal marks. It introduces two main frameworks: Bayesian CVR-based ballot-comparison RLAs that reduce variance and sample needs, and conservative CVRs that preserve interpretability while enabling efficient auditing; both are proven risk-limiting under an adaptive, game-based model. A striking contribution is the contested (competitive) audit, where multiple candidates submit CVRs and the audit achieves a constant, margin-independent sample size, enabling effective election contestation. The work also lays out deployment implications, formal definitions, and extensions to polling and batch settings, offering a practical path to stronger, more transparent post-election verification and contest resolution.

Abstract

Risk-limiting audits (RLAs) are techniques for verifying the outcomes of large elections. While they provide rigorous guarantees of correctness, widespread adoption has been impeded by both efficiency concerns and the fact they offer statistical, rather than absolute, conclusions. We attend to both of these difficulties, defining new families of audits that improve efficiency and offer qualitative advances in statistical power. Our new audits are enabled by revisiting the standard notion of a cast-vote record so that it can declare multiple possible mark interpretations rather than a single decision; this can reflect the presence of marginal marks, which appear regularly on hand-marked ballots. We show that this simple expedient can offer significant efficiency improvements with only minor changes to existing auditing infrastructure. We consider two ways of representing these marks, both yield risk-limiting comparison audits in the formal sense of Fuller, Harrison, and Russell (IEEE Security & Privacy 2023). We then define a new type of post-election audit we call a contested audit. These permit each candidate to provide a cast-vote record table advancing their own claim to victory. We prove that these audits offer remarkable sample efficiency, yielding control of risk with a constant number of samples (that is independent of margin). This is a first for an audit with provable soundness. These results are formulated in a game-based security model that specify quantitative soundness and completeness guarantees. These audits provide a means to handle contestation of election results affirmed by conventional RLAs.

The Decisive Power of Indecision: Low-Variance Risk-Limiting Audits and Election Contestation via Marginal Mark Recording

TL;DR

This paper tackles the efficiency and robustness limitations of risk-limiting audits (RLAs) for large elections by rethinking cast-vote records (CVRs) to express marginal marks. It introduces two main frameworks: Bayesian CVR-based ballot-comparison RLAs that reduce variance and sample needs, and conservative CVRs that preserve interpretability while enabling efficient auditing; both are proven risk-limiting under an adaptive, game-based model. A striking contribution is the contested (competitive) audit, where multiple candidates submit CVRs and the audit achieves a constant, margin-independent sample size, enabling effective election contestation. The work also lays out deployment implications, formal definitions, and extensions to polling and batch settings, offering a practical path to stronger, more transparent post-election verification and contest resolution.

Abstract

Risk-limiting audits (RLAs) are techniques for verifying the outcomes of large elections. While they provide rigorous guarantees of correctness, widespread adoption has been impeded by both efficiency concerns and the fact they offer statistical, rather than absolute, conclusions. We attend to both of these difficulties, defining new families of audits that improve efficiency and offer qualitative advances in statistical power. Our new audits are enabled by revisiting the standard notion of a cast-vote record so that it can declare multiple possible mark interpretations rather than a single decision; this can reflect the presence of marginal marks, which appear regularly on hand-marked ballots. We show that this simple expedient can offer significant efficiency improvements with only minor changes to existing auditing infrastructure. We consider two ways of representing these marks, both yield risk-limiting comparison audits in the formal sense of Fuller, Harrison, and Russell (IEEE Security & Privacy 2023). We then define a new type of post-election audit we call a contested audit. These permit each candidate to provide a cast-vote record table advancing their own claim to victory. We prove that these audits offer remarkable sample efficiency, yielding control of risk with a constant number of samples (that is independent of margin). This is a first for an audit with provable soundness. These results are formulated in a game-based security model that specify quantitative soundness and completeness guarantees. These audits provide a means to handle contestation of election results affirmed by conventional RLAs.
Paper Structure (35 sections, 8 theorems, 40 equations, 6 figures, 4 tables)

This paper contains 35 sections, 8 theorems, 40 equations, 6 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Our Results in Brief
  3. Ballot-comparison risk-limiting audits with reduced variance and improved efficiency.
  4. Competitive audits involving multiple CVRs submitted by multiple interested parties, yielding a natural approach to election contestation.
  5. A Detailed Survey of the General Framework, Related Work, and Our Results
  6. The completeness challenge.
  7. Improved Efficiency Risk-Limiting Audits via Bayesian CVRs
  8. Competitive Audits and Election Contestation
  9. Election contestation.
  10. Adversarial modeling.
  11. Extensions and Future Work
  12. Ballot Polling with Marginal Marks
  13. Batch Comparison with Marginal Marks
  14. Other Related Work
  15. Organization.
  16. ...and 20 more sections

Key Result

Lemma 1

Let $E = (\mathcal{C},\mathbf{B}, \mathsf{S})$ be an election and let $\mathsf{cvr}$ be an invalid CVR for $E$ with declared winner $\mathsf{W}$ and size $\mathsf{S}_\mathsf{cvr} = \mathsf{S}$. Then $\mathsf{D}_\mathsf{cvr} \ge (\mu_{\mathsf{cvr}} + \mu_E) \cdot \mathsf{S} \ge \mu_{\mathsf{cvr}}\cdo

Figures (6)

  • Figure 1: Generalization of conventional CVRs to the conservative setting, where multiple interpretations are declared, and the Bayesian setting, where one associates probabilities with each interpretation. Blanks cells in the Bayesian indicate probability $0$; for brevity, the "No Vote" columns reflect both the no-mark case and the overvote case (with marks for both candidates).
  • Figure 2: The $\mathsf{RLA}_{\mathtt{MAudit},\mathtt{Env}}(E, \mathsf{cvr})$ auditing game for comparison audits with multiple interpretations.
  • Figure 3: The auditor $\mathtt{MAudit}[(\mathsf{Stop}, \mathsf{R})]$.
  • Figure 4: The $\mathsf{RLA}_{\mathtt{MAudit},\mathtt{Env}}(E, \mathsf{cvr})$ auditing game for comparison audits with multiple interpretations.
  • Figure 5: The competitive auditing game $\mathsf{CompeteA}$ with auditor $\mathtt{Judge}$, environment $\mathtt{Env}$, election $E$, and advocate CVRs $\{ \mathsf{cvr}_\mathsf{A}^{+} \mid \mathsf{A} \in \mathcal{C}\}$.
  • ...and 1 more figures

Theorems & Definitions (39)

  • Definition 1: Interpretations, ballots, and ballot families
  • Definition 2
  • Definition 3: Election winners, losers, and margin
  • Definition 4: Bayesian Cast-Vote Record Table
  • Definition 5: Bayesian declared margin
  • Definition 6: Bayesian validity
  • Definition 7: Bayesian discrepancy
  • Lemma 1
  • proof : Proof of Lemma \ref{['lem:disc works']}
  • Definition 8
  • ...and 29 more