Why Sample Audits Don’t Catch Algorithmic Vote Manipulation
After every election, officials point to post-election audits as proof the results can be trusted. Massachusetts audits 3% of precincts. Every state has some version of this. It sounds like verification. It isn’t — not for the manipulation vectors that actually exist in modern computerized voting systems.
Colorado figured this out and replaced its fixed-percentage audit with a more rigorous Risk-Limiting Audit. Its own government report was blunt about why: simple sample audits provide “little or no assurance” they would “disclose, much less correct, an incorrect preliminary outcome.” That was Colorado’s verdict on the kind of audit Massachusetts still uses today. And even Colorado’s upgraded approach has the vulnerabilities described below.
Here are five reasons why sample audits fall short.
Ballot Marking Device Barcodes Are Secret — Even to Auditors
In jurisdictions using Ballot Marking Devices (BMDs), your vote is recorded as a proprietary barcode. That barcode’s encoding is secret — there is no independent tool available to auditors that can verify what is actually written on it. The human-readable text printed on the paper may say one thing. The barcode the tabulator actually scans may say something different. There is no way to know.
The “paper trail” that auditors hand-count is not an independent record. It is an unverifiable output of the same system being audited. As security researchers Halderman and Springall demonstrated in their 2021 expert report on Georgia’s Dominion ImageCast X machines, malware could alter barcode encoding while leaving the human-readable text completely unchanged — invisible to any hand-count audit.
Upchain Manipulation Never Touches the Paper Ballots
Precinct tabulators report results to county Election Management Systems, which report to state Election Night Reporting systems. Manipulation inserted anywhere above the tabulator level never touches the paper ballots at all. A hand-count audit at the precinct level simply cannot see it.
This is not theoretical. The Election Truth Alliance’s analysis of the 2026 Kentucky 4th Congressional District Republican primary — the Thomas Massie race — found opposing fraud signals in individual counties that cancelled each other out at the district aggregate level. This cancellation effect in ratio/proportional space is a novel forensic signature consistent with manipulation occurring above the county layer. No precinct-level audit would detect it.
Concentrated Manipulation Targets the Precincts Least Likely to Be Audited
A random 3% precinct sample assumes manipulation, if present, would be distributed evenly. That’s not how targeted interference works.
The Election Truth Alliance documented evidence in the 2024 presidential election of a classic pattern: “flip enough blue to red to still win the likely unaudited city, but lose the state” — concentrated in high-turnout blue cities including Philadelphia and Las Vegas. High-volume tabulators serving dense urban precincts are precisely the units a small random sample is statistically least likely to hit. The audit is structurally blind to exactly where the anomalies appear.
The One-Step-Ahead Problem: Audit Design Is Public Knowledge
This is perhaps the deepest problem, and the one most rarely discussed.
Audit design assumes manipulation looks a certain way. Sophisticated actors design manipulation specifically to pass whatever audits exist. A 3% random precinct sample is public knowledge. The threshold that triggers a recount is public knowledge. These aren’t secrets to defend against — they are known targets to design around.
What is missing from every state audit protocol is required forensic statistical analysis: the kind that doesn’t assume what manipulation looks like, but instead detects anomalies in aggregate data patterns regardless of method. Peer-reviewed methodology for exactly this exists — Klimek et al. (PNAS, 2012) demonstrated how to identify systematic irregularities through turnout/vote-share distribution analysis. It is used by the Election Truth Alliance in their precinct-level analyses of Pennsylvania, Michigan, North Carolina, Minnesota, Florida, and the 2026 Kentucky primary.
Cybersecurity abandoned static checklists decades ago in favor of anomaly detection, precisely because attackers always find the gap between the rules. Election audits have not made that leap.
The Cardinal Rule of Software Security Is Being Violated
In every other domain of critical software infrastructure, the foundational principle is transparency: code that controls important systems must be open to independent inspection. This is not a fringe position. It is the cardinal rule of modern software security, embraced by governments, militaries, and technology companies worldwide. Secret code cannot be trusted, because it cannot be verified.
Election software violates this rule entirely. The source code for voting machine software is proprietary and closed. The hardware designs are similarly opaque. Independent security researchers cannot inspect them. Jurisdictions cannot audit them. The public cannot verify them. Voters are asked to trust a black box controlled by private vendors — vendors whose software could contain bugs, backdoors, or deliberate manipulation that no audit would ever surface.
The computer science community has understood this for decades. San Francisco — home to some of the world’s leading software engineers — has been pushing to build exactly the right alternative: an open source paper-ballot voting system whose code anyone can inspect, verify, and independently build. The San Francisco Elections Commission passed a resolution supporting this unanimously in 2015. The city’s Open Source Voting System Technical Advisory Committee has produced detailed technical recommendations. Supporters include the Electronic Frontier Foundation, GitHub, and Code for America.
Former California Secretary of State Alex Padilla put it plainly: “Open source is the ultimate in transparency and accountability for all.” The computer experts of the Bay Area are pointing the way. The rest of the country should follow.
Bottom line: A sample audit checks whether a small paper hand-count matches machine output in those precincts. It does not test the machine output itself, does not test what happened above the tabulator layer, cannot catch manipulation specifically designed to stay beneath its detection threshold, and cannot detect vulnerabilities in source code that no one outside the vendor is permitted to inspect. These are not hypothetical concerns. They are documented vulnerabilities with forensic evidence and peer-reviewed methodology behind them — and a growing expert consensus on the solution.
Further Reading
Code Red: Computerized Elections and the War on American Democracy by Jonathan Simon — the systemic case for why these vulnerabilities have led almost every other functional democracy to abandon computerized counting at the precinct level.
Available on Amazon
Election Truth Alliance — precinct-level statistical analyses of Pennsylvania, Michigan, North Carolina, Minnesota, Florida, and the 2026 Kentucky 4th Congressional District primary.
electiontruthalliance.org
Halderman & Springall (2021): Expert report on Dominion ImageCast X BMD vulnerabilities, submitted in federal court proceedings in Georgia.
Full report (PDF)
Klimek et al. (2012): “Statistical detection of systematic election irregularities.” Proceedings of the National Academy of Sciences.
Read the paper
San Francisco Open Source Voting System Project — the model for transparent, independently verifiable election infrastructure.
sfopenvoting.org
San Francisco Open Source Voting System Technical Advisory Committee recommendations.
Full recommendations
Colorado Secretary of State Risk-Limiting Audit Final Report — the government report concluding that simple fixed-percentage audits provide “little or no assurance” they would “disclose, much less correct, an incorrect preliminary outcome.”
Full report (PDF)
Massachusetts 2024 Post-Election Audit results.
sec.state.ma.us
No comments:
Post a Comment