Mail voting – an auditor’s dream

      9 Comments on Mail voting – an auditor’s dream

My Certified Public Accountant certificate is in retirement status, so I am not speaking in an official capacity here. But if I were still a legit CPA, I would assert that the best mail-in systems around the U.S. are much more secure than any in-person voting process in the country. For one thing, they are much easier to audit after the election to detect any irregularities. Second, they have many fewer risk points where shenanigans and unanticipated events could affect ballot outcomes.

Risk assessment in financial audits

Contrary to common public perception, when every sizable business in the country brings in CPAs to audit their financial accounts and statements, they are not counting pennies in the till, nor every item of inventory. Instead, auditors typically perform sampling procedures, usually based on standard principles of statistics, to look for material misstatements in inventory levels, accounts receivable, cash, and other accounts. “Material” here means of a size that affects any key decisions about the health of the company. Any material misstatement found might be due to financial fraud. More likely, however, the discrepancies are caused by poor data handling procedures or “people errors.”

The auditors are also looking for risk points. What are the processes in place to handle large amounts of cash or valuable goods when they come into or go out of the company? Well-run companies minimize risk points and establish auditable procedures to track the money and the goods through every step of the process.

An auditor can never tell for sure, for instance, whether employees are taking some items of inventory home with them. However, using some very standard math, they can determine that the amount shown on the books is accurate to some agreed-upon threshold, say a 95% chance of being materially correct. Or if the company claims that they have $1,000,000 worth of cash coming in soon from customers, that number can likewise be verified to a high degree of confidence. You do not need to look at every transaction. Both of these audits are usually done by random sampling, with the sample size being determined by the size of the account and the potential risk level. If the sample turns up some fishy results, you then know exactly where to probe deeper.

In most cases, a relatively small number of random samples drawn can tell you what a particular account total should be, within that agreed-to range of error. You also look at the data trail and whose hands touch it along the way. Any decent computerized accounting system can let you “follow the money” at every step through the business. The audit process is not hard; it is just Statistics 101 put into practice.

Risk-based auditing of election outcomes

Any good system of voting can be audited in a similar way. Almost all elections can be certified to a degree of accuracy, sufficient to cover the winning margin, with a relatively small number of random precincts and ballots examined in detail for counting or processing errors. This is a function of total votes cast and the size of the win. If 100,000 votes were cast in total, for instance, and the winner had a 10,000-vote edge, then you only need to find evidence of errors sizable enough shift 5000 votes. Donald Trump’s often-repeated assertion that millions of illegal votes were cast for Hillary Clinton in California in 2016 is so easily auditable that this is simply ludicrous gaslighting.

When I first started this blog, I noted a 2017 Virginia state legislature election that came out to a tie vote after a recount, and it was decided by drawing lots. My contention then was that there are enough intrinsic errors in any conventional ballot system that there is likely no real answer as to who won that race. Every recount in a race that size is likely to turn out a slightly different number of votes for each candidate; either candidate could have been the “real winner.” But that rare election is not what we are talking about here. In these cases you need to recount, with the caveat that the recount may not really resolve the basic system issues in that state or locality.

The large majority of contests just do not have issues of a “material” magnitude large enough to change the outcome. However, after-the-vote audits can uncover weaknesses in the processes that cause valid citizen concerns, and which can be remedied for subsequent elections.

The audit points of voting by mail

Although Donald Trump calls his Florida vote “absentee,” it is not. This is how I vote as well and there is no “absentee” requirement about it. Indeed, in Florida you can elect in advance to have a ballot sent to you with every election. Here are some of the points where any auditor can extract data or look for weak processes.

The application. This process usually starts with a request by the voter to receive a mail-in ballot. Even if the applications are sent by mass mailing rather than individual request, the applications themselves can be coded to the registered voter, and the return envelope has evidence of its origin. As more people take advantage of mail-in voting, any significant number of duplicate requests received immediately draws attention to the possibility of “ballot harvesting.”

The ballot. Likewise, the mail-in ballot is usually coded to the requesting voter. Many states place a barcode or QR code on the ballot (or both in the example below), improving trackability. Ballots also vary by state and even county as to paper type, subtle identifying markings and other easy-to-implement methods that can uncover forgeries.


Sample mail-in ballot from California

The signature. The voter’s signature is also required, sometimes over the seal of the envelope itself to detect tampering. This is one “false negative” point where good votes are more likely to be rejected than bad votes are detected. This is because a person’s signature often changes over time, or the state may have a poor replication of the voter’s signature. For instance, my Florida signature most likely came from an electronic pad and stylus when I obtained my driver’s license. I need to take special care to replicate that signature as closely as possible. However, my county does let me follow my ballot on the internet to determine that it was processed through to counting.

If the ballot requires a notarized signature, the risk to ballot forgers goes up dramatically, because now you are adding the difficulty and crime of forging the notary’s stamp. However, a notary requirement is a significant impediment to voting for many older and minority communities. There is little evidence that it has any effect other than voter suppression.

Attorney General William Barr recently asserted that this signature process somehow endangers the privacy of the vote. Again, he is gaslighting or just ignorant here. By a very simple process of what auditors call “segregation of duties,” it is easy to assign one person to verify signatures without seeing the ballot while a different person counts the ballot without seeing the signature. Even with electronic voting systems, a determined election worker can theoretically exceed their authorized access to personal information, but this is true of every policeman and many other government workers in every government information system. It is a data control issue that not confined to voting; indeed voting is probably the least scary personal data violation in government.

The count. Properly cataloged and cross-referenced vote counts provide excellent audit trails in either mail-in or electronic voting systems. For instance, the 2018 Georgia Lieutenant Governor’s race vote totals (electronic in this case) were suspiciously below those of related races. However, the court decided to put its head in the sand on this one rather than demand accountability from the voting machine provider. In places where this is taken seriously, cross-tabbed anonymized vote databases are a statistician’s playground. Irregular voting patterns pop up like red flags, which make it very difficult to “rig” any one particular election if (a big “if” in Georgia’s case) state election officials are acting in a non-partisan manner.

What it takes to rig a mail-in election

In short, rigging a mail-in election to any sizable scale is nearly impossible, and most likely not worth the risk. In one case where this was attempted, it was the Republican in a Congressional race in North Carolina who tried to “harvest” absentee ballots. It was a fool’s errand from the get-go, and easily detected. The problem here was not the process so much as it was the failure of the state and the courts to award the election to candidate who did not commit voter fraud. Instead, they invalidated the election entirely.

As noted earlier, in many states one would need to forge a notary stamp in large quantities, which is another easy audit point. Any would-be fraudsters would also need to coordinate mailings of forged applications carefully so as not to replicate postmarks or to post them from inappropriate places. Doing that successfully for sufficient quantities of ballots to swing an election is, again, likely a fool’s errand.

Finally, you would need to make sure that you have appropriate percentages of vote spreads among candidates on the ballots so that out-of-place percentages would not pop up in any subsequent data analysis. That is very difficult to pull off successfully.

The old way

The various implementations of in-person voting across the country typically have far more risk points and far fewer auditable data trails than established mail-in systems. Electronic voting systems are often “black boxes” where no person of authority really knows the software details spitting out vote totals. Volunteer or low-paid temporary poll workers add both “user error” and intentional data manipulation into the process. “Machine politicians” in the past have gained control of the physical boxes of ballots from key precincts. There are now higher-tech ways of committing that kind of fraud.

Republicans have emphasized the risk of voter impersonation fraud in legislation requiring voter identification. But in practice, only a small handful of people attempt this in any given election, and they are never enough to sway an election. Most of the time these are proven to be over-zealous supporters without common sense. The real documentable effect of voter ID laws has been to restrict voting by valid citizens, for instance the non-driving elderly or college students.

Add to this the reality of “everything that can go wrong” on election day. Weather always messes up some election somewhere, especially in November. Tuesdays are just a bad day to vote for millions of Americans due to work and personal conflicts. New electronic systems often fail, either from bad design or poorly trained poll workers. Budget restrictions, often intentional, restrict the number of polling places, especially in areas heavily populated by minorities. And now we have the coronavirus bringing valid fears of voting in a public place.

My “accountant hat” says that in-person one-day voting at local polling stations is a relic of the past, just like the common Tuesday designation for that vote. The entire system needs to be sent to pasture in favor of well-designed mail-in systems with the option to vote in person at a small number of official locations. We are missing one more significant social commitment here, however. I have the quaint belief that all adult citizens in a free society have the right to an unfettered vote. The reality is that one party knows that such access to the ballot box likely means their death as a dominant political force. And some of these guys even know the auditing math far too well.

Updated posts on this topic:

9 thoughts on “Mail voting – an auditor’s dream

    1. @rklindgren Post author

      Very valid point! The selection of voting machine companies is a deeply political decision. This creates not only heightened “black box” unknowns, but also, as we have seen very recently in a Georgia election, the introduction of incompetence and unpreparedness because of a clearly partisan vendor selection.

  1. jmstettner

    While you are absolutely correct about the practice of accounting and the theory of probability, clearly you have never participated in the ballot counting of an election. As a previous Justice of the Peace, responsible for processing the ballots after an election, counting them, and finding irregularities in that count, I can tell you that you are simple wrong.

    Each and every ballot must be physically handled, examined, and counted. I am not surprised that instead of the most hotly contested election, Bush/Gore, and it’s “hanging chads,” that you selected an obscure and minor election as your example. Historically, in absolute fact, Mail In Ballots are, in fact, not supposition or fiction, the easiest method of voter fraud in existence, and nearly undetectable without physical examination.

    30 seconds to google and those are just the top three from this year.

    Same Day Registration and Mail In Ballots are the tools of voter fraud. In Person Voting, standing in line, requesting your ballot based on your address, is the second best way to ensure a legitimate vote. The best way, consequently protested by the DNC forever, is to present identification when requesting the ballot, proving that you are a legitimate voter, which is the only way to ensure a legitimate vote before those ballots go behind closed doors and into the hands of people who are monitored by representatives of both political parties. It comes as no surprise that, while we must preset ID to buy alcohol or cigarettes or to get a license for a gun, Democrats refuse to require ID to vote. All those buses and dead people would be u useless.

    Nice post, but 100% wrong.

    1. @rklindgren Post author

      Thanks for your thoughtful comments. My response:
      1. One of your examples proves my primary point. The tampering was detected by audit. I love it. Two were simple buffoonery, not real election fraud. There is a difference.

      2. The issue remains as to the size of the audit necessary, even if there is ballot mishandling. Depending on the size of the tally margin, you can easily calculate the appropriate sampling size. In 90% or more of votes, a small sample is all that is required; any tampering found, even intentional, would not be large enough to change the outcome. In very close votes, a near-canvass is required, which should be done anyway. The primary question is simple. Did you request a ballot and did you return it? Any non-buffoonish attempt and organized at fraud will most likely show up, as it does with financial audits every day. You can get away with the petty, but not the significant.

      3. Most voter ID laws, as currently written, disenfranchise several orders of magnitude more people than they catch in voter ID fraud (which again, beyond buffoonery, has never been proven to exist in scale sufficient to turn elections beyond the old corrupt machine-politics cities, a separate problem). Students are often left with no votable address, and many thousands of people in eldercare and non-permanent housing are also disenfranchised. 10,000 disenfranchised voters in order to catch a couple of impersonators is not voting reform; it is obstruction. This is a basic belief that you are either for against. Should ALL American citizens over 18 years old have an unfettered right to vote in the jurisdiction of their primary domicile? I say “Yes.” Voter ID laws, as most are currently implemented, say “No.”

      1. Lisa

        It seems to me that there is a lot of work to be done if mail in ballots are to be the new norm. Wearing an internal audit lens, I can see many cases in which controls may have broken down or could break down in the future. Here are examples:
        – Nevada mailed ballots to every single registered voter on the rolls. This would have included people who moved and people who are dead, as it was everyone on the roll. Upon receipt of the ballots, they reportedly dialed back signature verification on the machines to less than 40% match. How did they verify the voter was alive? How did they verify the voter cast the ballot and not someone else? What were the controls and once ballot and envelope are separated, how would you be able to audit?
        – In my county in Michigan, our process seemed good, although the following could be improved. I received requests for mail in ballot for a resident that has not lived at my address for more than 5-years. This individual has remained in my county at another address. I no-longer receive other mail for this individual or their grown children. Why did I receive their request and did they receive a duplicate request at their new address? Could both requests been filled and actual ballots sent more than once? Would the system have caught this if the voter did not vote elsewhere?
        – In Oakland County, the parents of a friend did not request mail-in ballots. When they arrived on Election Day, their ballots were already cast by mail. They filled out and signed a declarations that they had not already voted by mail. The question remains, did the ballots cast in their name get pulled or reviewed AND who requested, intercepted, and casted their ballots? Had they not shown up to vote, what was the control and did it fail?
        – In Wayne County, the neighbor of someone working with my relative said they received 8 actual ballots by mail. If true, who requested these ballots? Were these ballots intended for residents no-longer living in this home or did all have the names of the two individuals residing in the home? Did these two individuals cast all 8 votes and if so, were the ballots rejected? The recent complaint alleges that multiple votes were attributed to a single voter, which is something that should be investigated for truth, but how is this done once a ballot is separated from its envelop?
        – In Northern Michigan, a software glitch caused 6,000 votes to be incorrectly tabulated in favor of the wrong candidate. This was said to be due to the county not running a software update. These voting machines and software are used widely throughout Michigan and in other states. Other reported vulnerabilities include both a printer and scanner within the machines and reports of easily being hacked in 2019 at a hacker conference. What are the controls to ensure these issues are caught?

        To make blanket statements of no fraud seems very improbable and definitive statements of that sort cannot be backed up anymore than the election was stolen.

        1. @rklindgren Post author

          The key point I am making here is their auditability, much more so than machine voting. Samples can be done either while pre-processing or after the election. Fraudulent voting, even by mail voting, remains a crime, and it is usually a stupid one, rather than one that throws elections.

  2. Pingback: The intentional kneecapping of mail voting – When God Plays Dice

  3. Pingback: Type I versus Type II errors in election security – When God Plays Dice

  4. Pingback: Betting your life on “The Truth” – When God Plays Dice

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.