Skip to Content

Cybersecurity & Standards

We Need a Way to Distinguish Good Post-Election Audits from Bad Ones

For years, CDT and other advocates for improved U.S. election security have argued for the expanded use of post-election audits. Risk-limiting audits and other audits after an election are effective and inexpensive ways to verify that an election outcome was correct and that various procedures have been properly followed. Done right, they can either reveal real problems with an election or can boost confidence that electoral systems worked as intended.

But an ongoing, partisan, post-election audit in Maricopa County, Ariz., shows that audits after an election can be abused. The loser of an election can run a bogus audit to undermine the result, and can seriously damage democracy.

Before the 2022 midterm elections, federal and state lawmakers should put systems in place to ensure that post-election audits are rigorous and unbiased. They should also do everything in their power to prevent or discourage bad post-election audits, such as the one happening in Arizona and others gaining steam across the country.

Good vs. Bad Audits

Earlier this year, the Republican president of the Arizona State Senate hired several cybersecurity firms to audit the 2020 presidential election results in Maricopa. (Maricopa is the most populous county in Arizona, home to over half of the state’s population.) Chief among the companies hired was Cyber Ninjas, a small firm with no prior experience with election audits. Their CEO had previously expressed support for the repeatedly-debunked conspiracy theory that President Trump won the state of Arizona.

Since April, the Maricopa auditors have been handed millions of ballots and millions of dollars of election equipment. With these in hand, they have explored a number of baseless conspiracy theories. For instance, to test the theory that thousands of ballots were shipped from Asia, they examined ballots for bamboo fibers. To test the theory that fake ballots were improperly counted in Arizona, they examined ballots for watermarks. (Maricopa County ballots don’t even have watermarks.)

The Brennan Center recently published a report listing the characteristics of a good post-election audit. Namely, it should:

  • Be transparent;
  • Follow pre-written and comprehensive procedures;
  • Be conducted by competent, experienced, unbiased experts; and
  • Leave ballots and equipment under the control of election officials.

A good audit should also establish and test clear hypotheses and maintain a clear chain of custody for materials, per new guidance from the Election Assistance Commission. 

The Arizona audit has none of these characteristics. Instead, it is a mismanaged, expensive fishing expedition carried out by biased observers. And even though it is being mostly funded by unknown private donors, it will still cost Arizona taxpayers. Out of concerns that the chain of custody was broken—in other words, one could not know whether the machines were tampered with—Arizona Secretary of State Hobbs decertified Maricopa’s voting equipment, which will have to be replaced at a cost of nearly $3 million.

The chief effect of the audit appears to be generating disinformation about our electoral systems and undermining trust in democracy—the opposite of what a good election audit should do. And, unfortunately, legislators in other states like Pennsylvania have initiated similar bad audits; as in Arizona, the Pennsylvania Secretary of State decertified the equipment of a county and handed access to its equipment over to a  third party auditor.

Policy Options

A poorly run audit may violate state and federal law. The Department of Justice recently issued guidance detailing the ways in which ongoing election audits violate federal law. It suggests that some ongoing election audits may be in violation of laws that require the preservation of election records and prohibit voter intimidation.

But state and federal lawmakers have options available to them other than criminal prosecutions, such as:

  1. An audit certification scheme. This could be a private organization that certifies auditors or specific audit plans, similar to the agencies that accredit colleges.
  2. A board of experts. A group of people experienced with running and auditing elections could review and approve post-election audit plans.
  3. A set of federal standards. As with the Voluntary Voting System Guidelines, the U.S. Election Assistance Commission could create a set of voluntary election audit guidelines that states could mandate for all post-election audits.
  4. Dedicated state-level government auditors. Pennsylvania state legislators, for instance, have recently proposed the creation of the Bureau of Election Audits within the office of the state auditor general.

These policies could serve at least two goals. First, they could standardize and improve post-election audit procedures for audits that are carried out in good faith.  

Second, they could help the public identify sham audits. The Maricopa audit has received copious amounts of press coverage over the last few months, for good reason. But journalists have mostly had to depend on expert quotes to explain why the Maricopa audit is not a “real” audit. That requires a lot of effort from news consumers. 

Wouldn’t it be easier if bad audits could be credibly labeled “uncertified” or “unofficial?” That way, they could be dismissed in the same way most people dismiss unaccredited schools or unlicensed doctors.

There are potential issues with each of these options that warrant future consideration. For one, although additional regulations should be helpful, it is important not to add too much red tape to the auditing process. The success of these policies also depends on the extent to which the public viewed the experts or certifiers as credible and trustworthy.  The selection process would need to be designed in a way to find members with real expertise — while being structured in a way that prevents it from being captured by those who would undermine democracy and promote bad audits.

Of course, there will always be people who believe in conspiracy theories, and people who profit from peddling them. But to build trust in elections, we will need to work at the margins, little by little. 

If a formalized way to distinguish good elections from bad could improve good-faith post-election audits, discourage bad-faith ones, and convince even a small percentage of the public to trust our election systems more, that could make a major difference for the health of our democracy.