Lest anyone have any doubt that the nation’s election infrastructure is under attack, all one has to do is read Special Counsel Robert Mueller’s July 13 indictment of 12 Russian intelligence officers. Among other things, the Russians conspired “to hack into protected computers of persons and entities charged with the administration of the 2016 U.S. elections in order to access those computers and steal voter data and other information stored on those computers.” In one unidentified state, information about 500,000 voters was stolen, and county election administration websites in Georgia, Iowa, and Florida were probed “to identify vulnerabilities.”

At least according to the indictment, all the Russians did in 2016 was penetrate and steal. But it hardly takes a leap of imagination to believe that some malefactor in the near future will try to alter election outcomes.

In the wake of the Russian revelations, many are asking the quite reasonable question: How do we protect the integrity of our elections? How can we be sure the right candidate actually won?

The good news is that there is already a simple way to confirm whether voting machines are recording and tallying votes correctly. It is known as a risk-limiting audit. It is one of the critical measures necessary to secure elections and a key component of a broader cybersecurity defense. In a promising sign for election security, the City of Fairfax in Virginia is going to test a risk-limiting audit next week — an endeavor with the potential to serve as a model for the entire Commonwealth of Virginia and, hopefully, the country.

In straightforward terms, a risk-limiting audit is an easy and efficient method for verifying that vote tallies are accurate. By hand counting a statistically meaningful sample of the votes cast, the risk-limiting audit can determine whether the original vote tally was correct. These audits can be conducted publicly and can provide voters with confidence that a counting error or malicious attack did not change the outcome.

Statistical principles determine the size of the sample — but, in plain terms, more ballots are counted in a close race, while a race with a larger margin would require fewer ballots to be counted. If testing of the sample is consistent with the original vote total, it is almost certain that the initially declared winner won the race. If, on the other hand, the sample has substantial discrepancies with the original tally, the audit continues until there is “sufficiently strong statistical evidence that the apparent outcome is right, or until all the ballots have been manually counted.”

To show how risk-limiting audits might work in the real world, two statisticians laid out how such a check would have worked in the 2016 presidential election. First, there would be an audit of the states Donald Trump won. Overall, about 700,000 ballots would be counted in the 29 states Trump carried, or about 0.5 percent of the votes cast. But the number of ballots counted in each state would vary depending on Trump’s margin of victory. In Missouri, where Trump won by 19 percentage points, only ten ballots would need to be counted to have high confidence in the results. In Texas, where Trump’s margin was nine percentage points, about 700 ballots would need to be counted.

Importantly, risk-limiting audits are an improvement on traditional audits — used by 29 states and the District of Columbia — which require a set number (or percentage) of ballots to be counted, often irrespective of the margin of victory. Because risk-limiting audits take into account both the margin of victory and the total number of votes cast and use principles of statistics, these audits can provide a high level of confidence in the results while generally requiring fewer ballots to be hand counted than what is already required in many states using traditional audits.

Risk-limiting audits are considered the “gold standard” of post-election audits. Political scientists, statisticians, and election-security experts have all lauded the benefits of post-election, risk-limiting audits.

And an increasing number of jurisdictions are embracing them. Last year, Colorado completed the nation’s first statewide risk-limiting audit. And Rhode Island recently enacted a law mandating risk-limiting audits for all statewide primary, general, and special elections. Marion County, Indiana, conducted a test risk-limiting audit in May. And jurisdictions in Virginia (which last year enacted a law embracing risk-limiting audits), California, and elsewhere are also planning test audits this year and after the November 2018 election.

Brenda Cabrera, the City of Fairfax’s General Registrar and Director of Elections, has been a driving force behind the test audit taking place in Fairfax next week, which will bring together election security experts and election officials from around the state. Cabrera is optimistic about the trial, saying, “Our pilot should not only lay the groundwork for future risk-limiting audits but also serve as an example to jurisdictions across Virginia and the country about how crucial post-election audits are to securing the vote.”

Yet, as important as risk-limiting audits are in ensuring the integrity of vote counts, they can work only if the voting method leaves a paper trail. The prerequisite for a risk-limiting audit is an individual paper ballot. Unfortunately, 13 states still use electronic machines that leave no voter-verifiable paper record. What no doubt seemed like a forward-thinking voting technology in the 20thcentury is utterly unsuited to meet the threats of the 21st. It is imperative that these electronic machines are replaced by a voting method that produces a paper trail. And in states where auditable paper trails are already available, risk-limiting audits should be mandatory after every election. This efficient, cost-effective check will give voters the confidence they deserve that their ballots were counted properly.

(Image: Alexandru Nika/Shutterstock)