My Certified Public Accountant certificate is in retirement status, so I am not speaking in an official capacity here. But if I were still a legit CPA, I would assert that the best mail-in systems around the U.S. are much more secure than any in-person voting process in the country. For one thing, they are much easier to audit after the election to detect any irregularities. Second, they have many fewer risk points where shenanigans and unanticipated events could affect ballot outcomes.
Risk assessment in financial audits
Contrary to common public perception, when every sizable business in the country brings in CPAs to audit their financial accounts and statements, they are not counting pennies in the till, nor every item of inventory. Instead, auditors typically perform sampling procedures, usually based on standard principles of statistics, to look for material misstatements in inventory levels, accounts receivable, cash, and other accounts. “Material” here means of a size that affects any key decisions about the health of the company. Any material misstatement found might be due to financial fraud. More likely, however, the discrepancies are caused by poor data handling procedures or “people errors.”
The auditors are also looking for risk points. What are the processes in place to handle large amounts of cash or valuable goods when they come into or go out of the company? Well-run companies minimize risk points and establish auditable procedures to track the money and the goods through every step of the process.
An auditor can never tell for sure, for instance, whether employees are taking some items of inventory home with them. However, using some very standard math, they can determine that the amount shown on the books is accurate to some agreed-upon threshold, say a 95% chance of being materially correct. Or if the company claims that they have $1,000,000 worth of cash coming in soon from customers, that number can likewise be verified to a high degree of confidence. You do not need to look at every transaction. Both of these audits are usually done by random sampling, with the sample size being determined by the size of the account and the potential risk level. If the sample turns up some fishy results, you then know exactly where to probe deeper.
In most cases, a relatively small number of random samples drawn can tell you what a particular account total should be, within that agreed-to range of error. You also look at the data trail and whose hands touch it along the way. Any decent computerized accounting system can let you “follow the money” at every step through the business. The audit process is not hard; it is just Statistics 101 put into practice.
Risk-based auditing of election outcomes
Any good system of voting can be audited in a similar way. Almost all elections can be certified to a degree of accuracy, sufficient to cover the winning margin, with a relatively small number of random precincts and ballots examined in detail for counting or processing errors. This is a function of total votes cast and the size of the win. If 100,000 votes were cast in total, for instance, and the winner had a 10,000-vote edge, then you only need to find evidence of errors sizable enough shift 5000 votes. Donald Trump’s often-repeated assertion that millions of illegal votes were cast for Hillary Clinton in California in 2016 is so easily auditable that this is simply ludicrous gaslighting.
When I first started this blog, I noted a 2017 Virginia state legislature election that came out to a tie vote after a recount, and it was decided by drawing lots. My contention then was that there are enough intrinsic errors in any conventional ballot system that there is likely no real answer as to who won that race. Every recount in a race that size is likely to turn out a slightly different number of votes for each candidate; either candidate could have been the “real winner.” But that rare election is not what we are talking about here. In these cases you need to recount, with the caveat that the recount may not really resolve the basic system issues in that state or locality.
The large majority of contests just do not have issues of a “material” magnitude large enough to change the outcome. However, after-the-vote audits can uncover weaknesses in the processes that cause valid citizen concerns, and which can be remedied for subsequent elections.
The audit points of voting by mail
Although Donald Trump calls his Florida vote “absentee,” it is not. This is how I vote as well and there is no “absentee” requirement about it. Indeed, in Florida you can elect in advance to have a ballot sent to you with every election. Here are some of the points where any auditor can extract data or look for weak processes.
The application. This process usually starts with a request by the voter to receive a mail-in ballot. Even if the applications are sent by mass mailing rather than individual request, the applications themselves can be coded to the registered voter, and the return envelope has evidence of its origin. As more people take advantage of mail-in voting, any significant number of duplicate requests received immediately draws attention to the possibility of “ballot harvesting.”
The ballot. Likewise, the mail-in ballot is usually coded to the requesting voter. Many states place a barcode or QR code on the ballot (or both in the example below), improving trackability. Ballots also vary by state and even county as to paper type, subtle identifying markings and other easy-to-implement methods that can uncover forgeries.
The signature. The voter’s signature is also required, sometimes over the seal of the envelope itself to detect tampering. This is one “false negative” point where good votes are more likely to be rejected than bad votes are detected. This is because a person’s signature often changes over time, or the state may have a poor replication of the voter’s signature. For instance, my Florida signature most likely came from an electronic pad and stylus when I obtained my driver’s license. I need to take special care to replicate that signature as closely as possible. However, my county does let me follow my ballot on the internet to determine that it was processed through to counting.
If the ballot requires a notarized signature, the risk to ballot forgers goes up dramatically, because now you are adding the difficulty and crime of forging the notary’s stamp. However, a notary requirement is a significant impediment to voting for many older and minority communities. There is little evidence that it has any effect other than voter suppression.
Attorney General William Barr recently asserted that this signature process somehow endangers the privacy of the vote. Again, he is gaslighting or just ignorant here. By a very simple process of what auditors call “segregation of duties,” it is easy to assign one person to verify signatures without seeing the ballot while a different person counts the ballot without seeing the signature. Even with electronic voting systems, a determined election worker can theoretically exceed their authorized access to personal information, but this is true of every policeman and many other government workers in every government information system. It is a data control issue that not confined to voting; indeed voting is probably the least scary personal data violation in government.
The count. Properly cataloged and cross-referenced vote counts provide excellent audit trails in either mail-in or electronic voting systems. For instance, the 2018 Georgia Lieutenant Governor’s race vote totals (electronic in this case) were suspiciously below those of related races. However, the court decided to put its head in the sand on this one rather than demand accountability from the voting machine provider. In places where this is taken seriously, cross-tabbed anonymized vote databases are a statistician’s playground. Irregular voting patterns pop up like red flags, which make it very difficult to “rig” any one particular election if (a big “if” in Georgia’s case) state election officials are acting in a non-partisan manner.
What it takes to rig a mail-in election
In short, rigging a mail-in election to any sizable scale is nearly impossible, and most likely not worth the risk. In one case where this was attempted, it was the Republican in a Congressional race in North Carolina who tried to “harvest” absentee ballots. It was a fool’s errand from the get-go, and easily detected. The problem here was not the process so much as it was the failure of the state and the courts to award the election to candidate who did not commit voter fraud. Instead, they invalidated the election entirely.
As noted earlier, in many states one would need to forge a notary stamp in large quantities, which is another easy audit point. Any would-be fraudsters would also need to coordinate mailings of forged applications carefully so as not to replicate postmarks or to post them from inappropriate places. Doing that successfully for sufficient quantities of ballots to swing an election is, again, likely a fool’s errand.
Finally, you would need to make sure that you have appropriate percentages of vote spreads among candidates on the ballots so that out-of-place percentages would not pop up in any subsequent data analysis. That is very difficult to pull off successfully.
The old way
The various implementations of in-person voting across the country typically have far more risk points and far fewer auditable data trails than established mail-in systems. Electronic voting systems are often “black boxes” where no person of authority really knows the software details spitting out vote totals. Volunteer or low-paid temporary poll workers add both “user error” and intentional data manipulation into the process. “Machine politicians” in the past have gained control of the physical boxes of ballots from key precincts. There are now higher-tech ways of committing that kind of fraud.
Republicans have emphasized the risk of voter impersonation fraud in legislation requiring voter identification. But in practice, only a small handful of people attempt this in any given election, and they are never enough to sway an election. Most of the time these are proven to be over-zealous supporters without common sense. The real documentable effect of voter ID laws has been to restrict voting by valid citizens, for instance the non-driving elderly or college students.
Add to this the reality of “everything that can go wrong” on election day. Weather always messes up some election somewhere, especially in November. Tuesdays are just a bad day to vote for millions of Americans due to work and personal conflicts. New electronic systems often fail, either from bad design or poorly trained poll workers. Budget restrictions, often intentional, restrict the number of polling places, especially in areas heavily populated by minorities. And now we have the coronavirus bringing valid fears of voting in a public place.
My “accountant hat” says that in-person one-day voting at local polling stations is a relic of the past, just like the common Tuesday designation for that vote. The entire system needs to be sent to pasture in favor of well-designed mail-in systems with the option to vote in person at a small number of official locations. We are missing one more significant social commitment here, however. I have the quaint belief that all adult citizens in a free society have the right to an unfettered vote. The reality is that one party knows that such access to the ballot box likely means their death as a dominant political force. And some of these guys even know the auditing math far too well.
Updated posts on this topic: