 to speak at this year's DEFGON voting village. I'm going to talk about how to weaponize RLA's to discredit an election. My name is Carsten Sherman. I'm actually working in Copenhagen at the Center for Information Security and Trust and some of the results I'm going to talk about today actually based on joint work with Asmita Delila and Oksana Kurek. So let's just dive right in. A risk limit on it. We probably have heard already in the past talks that, you know, risk limiting audits, what they are and so on. Let me just kind of recapitulate and summarize what they are. So risk limiting audits are statistically sound auditing methods. So there's no question about it. And, you know, I think it's really important to emphasize that it is a sound method. It's statistically proven correct. Many people in the world have looked at the math behind it. They all agree that it's the mass of testing is right. And so there is in this talk, I am not going to put in question if risk limiting audits are sound or not, I'm just saying they are sound. And the idea of risk limiting audit is, of course to identify an automatically correct and earnest election result. And I have here actually made a little drawing of how risk limiting audits actually work. You basically have paper ballots. There's a paper ballot manifest which tells you how the ballots are stored where you can find paper ballots and so on. And then there's of course the result. Here's my laser pointer. So here's the result. And when you start a risk limiting audit, you first need to kind of compute the sample size. And the way how you do it is you take the results, you know, depending on what kind of a system you have, you look for the margins, you have to determine what kind of risk limited you want. That means how confident do you want to be that the A earnest election result was actually being caught and corrected. And once you have that, you have computed a sample size. Now you have to draw a random sample of the ballots. And for that you need the ballot manifest. And you need to enter some kind of entropy to make it truly random because a risk limiting audit that doesn't draw a random sample is actually not a very good audit. So once you know which ballots you want to draw, you actually then can start going to the ballot box and do the real audit. You'll basically follow the information of the sample which tells you, you know, go to this thing and check out this ballot and do whatever you have to do with it. And then once you have done the audit and the outcome is like, yes, I found enough statistical evidence to kind of support the claim that the election result is correct. Or I didn't, in which case I have to go back, go to a bigger sample. In the worst case, we'll have to do a full recount. So this is the idea of a risk limiting audits and we all know that risk limiting audits come in many different flavors. There's the ballot polling audit, which is an audit where we are going to draw a sample and trying to kind of find support, statistical support for the correctness of this election result. Or we do a ballot level comparison audit, where we, for example, check that the ballot is actually correctly registered on the cast world record, the CVR record. So there are many different ways. And the reason why I'm actually saying this is because in this talk, I'm actually going to focus mostly on ballot level comparison audits because that was the easiest and that also scales up to other countries beyond the United States, because I believe that the findings are actually kind of important, not just for the United States, but also for other countries. So now if we do a ballot level comparison audit, let's just look at one example here, is the result of the Colorado 2016 election. And I'm displaying a picture here of Philip Stark's tools that actually computes the size of the sample. And so how does it actually go about doing this? Yes, so you basically take that tool which is available from Philip Stark's homepage. You type in the numbers and then at the end, you just press return. You also kind of choose the risk limit, which is here 95%. Well, the risk is 5% and so you get 95% confidence that the election result is correct and you do something with these over statements and under statements, no worry about that, but once you hit calculate size, you actually kind of comes up here as a result and the result is 142 ballots. Okay, so I have given this talk and showed this slide many times in the past and what my experience is that people especially election officials, they're really excited about the audit data, risk-living audit, but when they hear the number 142, they say like, oh, how can that be true? This cannot possibly be true. That's just not, that doesn't sound right. Only 142 votes, you have to look at in order to be 95% sure that the election result of the presidential election 2016, the Colorado result is actually correct. Yeah, so because I've given this talk so much and I've seen the faces of the audience, it kept me thinking, it's like, with risk-living in audits, what we want to do is we want to make sure we want to provide some form of evidence and check that the election result is correct, not necessarily recounting the whole thing but just do it in a statistically relevant way. But if the number is so small, can that be misused in one way or the other? And therefore I actually came up with this research question, which is like, can one mechanize RLA's to discredit an election? And it has always puzzled me that the face of the people in the audience when I talk about this. And so what I want to show you in this talk is, I want to show you that I believe that this is actually possible. And in order to convince you about this, I structured this talk in five different easy two follow steps, I hope. The first one is I'm going to talk about the disinformation playbook. That's really a study of a group of scientists, concerned scientists that came up this different place, how companies actually in the health sector are using or misusing information to construct disinformation campaigns that are actually helping their cause. And then second step, I'm going to identify vulnerable assumptions in the RLA. And one is of particular interest. And that is that of the sample size. And we're going to conduct or describe to you the results of the user study that we have recently conducted in the United States. And then I tried to argue that with that information at hand, you actually can design a disinformation campaign where people when they listen to it and are easily made to believe things that are not right. One can kind of change their one most likely I should say can change their perception of that. And lastly, I would like to talk about a few defense mechanisms that I think are mostly informal and some more useful than others. But I think there's some more research to be done. Okay, so let's look at the disinformation playbook. So the disinformation playbook as I already mentioned is was published in 2017 by the Union of Concerned Scientists. Now, is that a good reference? Well, I don't know, but it actually kind of when I read these five points, it made a lot of sense to me. I'm not sure if these are the, that's a complete list of things that one can do in order to define or if it classifies all possible ways to organize a disinformation campaign. But I think they are definitely valid and useful. So let me just kind of review them. There's the fake play of that is, that's what it's all says that in front of it. But you do counterfeit science and try to pass it off a legitimate research. So here for the R.L.A.s, it could be making some other statistics which is obviously wrong and say like, you know, see this is how you should do and not like the ones, how the R.L.A.s are really conducted. The Blitzes you harass the scientists who speak out with the results and inconvenient views. I think the community around R.L.A.s has become so big that this is actually not really a concern. But nevertheless, it's one of the place in the disinformation playbook. The diversion technique is you manufacture uncertainty about science where it is possible. So I think the diversion is actually where you leave the science and the results intact, but you manufacture certain kind of arguments and collect evidence that can show where you misuse the science and you argue exactly the contrary. So that this diversion play is the one that will keep us busy here and we'll return to it at the end of this talk. Then there's the screenplay. You buy credibility through alliances with academic and professional societies to make it look okay. So I cannot talk about anyone else, but you know, I've never been approached on any of those issues. And then there's the fix, you manipulate government officials or processes to influence policy. That kind of is also somewhat relevant here, but we will see, it's not the main focus of this talk, but the main focus is the diversion. So that's the disinformation playbook. When I say like, you know, you do it, I'm talking about some kind of an disinformation architect and adversary who is trying to kind of influence public opinion in a particular way and try to sway it either in this direction or the other. So the question therefore is, who are the disinformation architects that might have an interest in order to do something about risk-free living audits? And I think there we have to distinguish two levels, namely the global level on which our nation states who are interested in meddling this one selection. And there's of course the local level, which actually is not to be neglected where they are activists and political parties that try to argue and argue their way and want to discredit a risk-free living audit in one way or the other. Okay. So, you know, the local level, I think it's like when we talk about election security in a general space, I think the local level is particularly worrisome because it actually takes only very, very few people to influence public opinion. And here we have a, on the right you see a newspaper clipping a majority of COVID misinformation comes from only 12 people. So that's a very recent, that's a very recent observation I may be one or two weeks ago. Okay. So this is what I wanted to say about the disinformation play book. Let's move on and talk about identifiable vulnerable assumptions in risk-free living audits. And I would like to kind of point out three. Okay. So there's the first assumption that we make that is that the integrity and the security of the paper trail is intact for an audit. So that means that after ballots are cast on election day and before the audit is commenced, it's usually, you know, a few days, a few weeks that pass in the middle or in between, we need to kind of make sure that the paper trail is secure. Okay. And so we assume that the security mechanisms that are put in place actually are sufficient. Another part of this assumption is also, you know, you also have to kind of assume that the risk limit of 95% is acceptable for the people. I mean, if it's too little, if they say like, well, 5% risk, it's not unacceptable for us. We need to be 99.9% sure. Sure, you can do it, but when you do an audit, you have to determine the risk limit before you start the audit. Assumption number two, you know, it's the sample size that you actually compute. So the number that comes out of those things, as I mentioned earlier, can be very, very small, 142 for a ballot level comparison audit in Colorado, not a very big size. And so the question is like, do people believe it? Do they accept it? Or could you maybe influence them to kind of think about this in another way? And the third assumption is at the end is that the sample is actually drawn at random and not, you know, staged. And so like, you know, here, look, I pick my 142 ballots, they support everything, but you have already pre-computed exactly and sorted them and saturated the 142 ballots. I actually exactly there to support your claim. So this is why the statistical sample has to be statistics. But for this talk, I'm only concentrating on the number of ballots to be sampled as trustworthy. Okay, so that's the thing that we want to study. And for that, we actually made a user study. So we made a user study and we went out and we used a particular platform, the prolific platform, which is used by many social scientists for doing studies like this. And we just asked people, okay, so what do you think about risk limiting audits? Would you accept the result and so on? Below here, you see an example. So number one is the participants that we chose, they're all US citizens. And the prolific platform, it's a crowdsourced platform. You can just kind of click, you know, where do you want the participants to be from? And because we made the study right in the aftermath of the 2020 election, we saw it like, oh, that seems to be a good thing. So let's just ask those people who have maybe read something about risk limiting audits in the newspaper, especially in Georgia. But we just kind of picked any kind of demographic among all of the United States citizens that are registered on the prolific platform. And then our user questionnaire looked a little bit like this. We basically made a fake election which has about three million votes cost, okay? And then we also, for every participant, we changed and, you know, modified slightly the margin between the two candidates. So it's always an election with two candidates, this candidate A and candidate B. And, you know, here is, okay, and then the participant has to answer to certain questions. So one of these questions would be if the candidates support loss in the election, in the initials, do you think an audit would be a good option to reconfirm the election result? And yes, no, maybe, and so on. So we kind of wrote out, we kind of introduced the risk limiting audits just with a few words, the beginning of the study. So if the participant read this stuff carefully that we presented should understand basically what is a risk limiting audit, but at the same level of detail as I've tried to explain it to you here in this talk. Okay, so now what were our findings? So the first one is I called the law of the untrusted small numbers. And so we had actually two hypotheses that we wanted to confirm or that we plan to confirm and both were actually confirmed. And I'll show you some graphs on the next slide. So here's hypothesis 1.1, when asked about their opinions about which number of ballots should be selected for auditing, the participants provide a number higher than the one prescribed by the RLA methodology. And, you know, here the methodology is, as I said, a ballot level comparison audit. The hypothesis 1.2 is that the participants' confidence in the audit results changes when they are actually informed about the number of ballots selected for auditing. And both of those things are what we could confirm and let me show you the graphs, okay? So here are two graphs. The first graph, basically here on the left, it shows you it's a logarithmic scale, as you can see, between 0.01%, all the way to 10%, this will be 100% on the very top. Okay, so the top line is like all of the people who wanted to kind of have a full recount anyway. And here at the very bottom, zero, these are all of the people who didn't want to have a, you know, didn't want to have a recount at all or an audit at all. And here, these red points, so these orangey-looking points, these are basically, for each one of the questionnaires, we generated a different number and you can see they were uniformly distributed, which in retrospect, wasn't that a clever idea because here they're very, very few dots in the middle because when it goes to, you know, it's just because the sink gets so incredibly, you know, it grows very, very quickly. So yes, you can see here, almost everyone wanted to have a number, felt comfortable with a number above and only a very few set of people, a group of people actually wanted less. So we could confirm, you know, doing all of the statistics, analysis of the testing and so on, we could confirm the hypothesis number one, indeed, that people wanted to have a higher number. But this is not the interesting part. I think the interesting part is really the second graph here that you see on the line, are people changing their minds when they actually learn about what is the number chosen? Okay, and so here you see these two axes, there's the before axis and there's the after axis. So before, many people were actually kind of happy and okay with that, but if you tell them what the number is, suddenly people were not definitely, yes, was off the table. They were very surprised that these numbers were so small and they didn't think that this actually kind of, it didn't kind of grow any confidence in our sample. And again, we did the statistics, we did the analysis and we could confirm the hypothesis. Okay, so this was, you know, this was the first, you know, first two hypothesis or the first hypothesis, two sub hypothesis. And we also had second hypothesis. The second hypothesis is how about the justification for the sample size, okay. So is that, you know, the sample size comes out of a tool and the question is, is there a difference in the effects on the voters' confidence in audits depending on which selection criteria backs up the chosen number of the audited ballots? And so what we've actually thought, we kind of ask, you know, here different, basically sources, yes. So there's the peer reviewed scientific paper that tells you how big the sources and independent experts. So not the experts that were tried to be bought in the disinformation and cook, but really independent, honest to God, you know, honest people and agreement among political parties. Political parties, do they agree? And so then we have mandated by court, the court says, you know, so and so many ballots have to be audited. Non-governmental organizations could also enter the NGOs, could also enter the picture and give some suggestions of how big the number is on just general legislation. And so what we actually found out is, yes, so here the peer reviewed paper, most of the participants really trust the academic performance and many fewer actually the legislation. So again, we did some statistic analysis and we could confirm this, the site processes, okay. So now we move on to the limitations of the user study. Okay, so this was a qualitative research study. Of course, one could have done a qualitative research study as well, which being parted, but I'm leaving this out of this presentation. There is a paper where we describe all of this, which shortly appears on Archive X and has been also accepted in, you know, at the E-Vote ID Conference in Braggens, Austria this year. So what else is there? We have to kind of make the standard bias disclaimers, okay, although many social scientists are using crowdsourcing platforms like Prolific to do their studies, there's an inherent bias that might come, this that namely, that only people with internet access actually kind of participate in this, more wealthy, more well-educated people. And that, you know, the same kind of comment and concern that you might have about the other studies also, but I see no question about it. So third point is the limitations we have thought about ballot polling audits and we have not looked so much into ballot polling audits, but more in comparison audits. The reason for that is because the study was actually meant to be more global. We did not just focus on the United States, but we've also wanted to kind of look at other countries. For example, Kenya, Sub-Saharan continent, you know, Kenya actually use risk-living audits in order to instill trust, more trust in these kind of countries. So this is why we have not done actually, and our questions did not aim to kind of validate the choices that a ballot polling audit would give, but only the comparison audits. So we also did not ask very prior questions regarding prior knowledge on RLAs. We just kind of asked the people, you know, here listen to this, these are the numbers, do you trust it or not? Yes. Okay, so moving on to how do you design this information campaign out of this, okay? And we only do this with the law of the untrusted numbers. So the first thing I would like to kind of point out here is that it's actually no disinformation, I could not identify any disinformation using my humble Google searching skills, okay? So I just looked for on Google as like Georgia, you know, which actually used the risk-living audit in the 2020 elections. So like, you know, what about Georgia? Georgia risk-living audit. And so I went to this list of papers here, I went to Fox News, I went to CNN, I tried to cover all of the different media and all of the media reported on the risk-living audit, but they all did it in actually very professional, neutral and technical way. So that's almost like, you know, there was the only opinion I could actually see and some of these articles were like, oh, our lays, our lays are good, but you know, essentially they're just recounts. Recounts are always better, our lays are, I'm just, you do an L.A. If you want to, you know, speed up and save costs and don't have to look to add so many ballots. So that was the only opinion. So it does not appear to me that anyone actually tried to kind of make a disinformation campaign out of this law of small numbers that we identified with our user study. Okay, so now you have probably already guessed it, the diversion disinformation claim would be very, very simple. You just make an unsubstantiated claim that the sample size is too small. And many people will say like, oh my goodness, yes, the sample size is too small. And that would be the cause of, you know, people actually trust, you know, changing their mind about, should you trust the election result or should you not trust the election result? And then once you make that claim, now you have to kind of find a sample and a way to kind of distribute that information across the network. And you can either go to your favorite news outlet or you can do social media or can do whatever the 12 people did or 17 people who spent all of the disinformation about COVID vaccines. It's not, I don't think it's terribly difficult. I think it can be done. And I think it's actually quite problematic. If something like this might happen and it's, I think it could be, you know, maybe one of the conclusions of the talk is, shall we just, you know, maybe think about, first of all, what, you know, what can we do in order to mitigate the impact of such a diversion disinformation play? And I think, but we come to these mitigations in a little while. Okay. So the analysis that we've conducted very preliminary here is that such a disinformation campaign would probably work best when the margins are wide because margins are wide, sample sizes are low, sample sizes are low, people don't trust it. And you have a problem. So that's actually an observation which is somewhat comforting. Also when the sample size is too small, it will, the RLA will trigger a full recount, you know, then it's also a technique or, you know, it will strengthen, if it's a full-hand recount, there's no, it's basically a recount. It's no longer an RLA. And it will probably not affect the trust. The things, you know, so the smaller the margins or the larger the margins, the more, the higher the risk that such a disinformation play would actually be successful. So, yeah, I just want to mention studies related to bottle pooling audits can be left to future work. So for us, it's actually no problem to generate different questionnaires that we can kind of send out to people using different crowdsourcing platforms which we plan to do in the fall. I haven't actually gotten to it yet, but this is left to future work. And there's a disclaimer. So, you know, just these, and maybe I'm repeating this one more time to many, but we are talking about comparison audits here and not ballot pooling audits. So when you do ballot pooling audit, then usually the numbers of the samples are slightly bigger. All right. So we're moving on to the defense mechanisms and the defense mechanisms is like, what can you actually do against a threat like such a diversion disinformation play? Okay, so I think there are four things that we have identified. And the first one would be, you know, target smaller constituencies. So when you do a risk giving audit, don't just do it in an entire country, but kind of find a jurisdiction level constituency level that is small enough so that the problem can be better compartmentalized. Now, of course, this idea is very much against any kind of legislation. The legislation says you have to sample like this. You have to sample like this, but it doesn't say that these ideas here of mitigations are practical or possible or possibly even useful, but these are just ideas. Okay, second idea is something that one could consider. I don't know what the negative side effect is and that is to artificially inflate the sample size. So the system says, you know, pick 142 ballots but you decide to audit 1,420 ballots instead just because, you know, that, you know, people might be more easily swayed to disbelieving the election result just because the sample size is too small. You could also strengthen basic educational statistics which is like a really sweeping mitigation which also is not really implementable and it will take many, many years to kind of come to a fusion. But I think the fact is that statistics can be somewhat counterintuitive at times. And we've seen this with these small sample sizes here. So one way to strengthen, you know, or to mitigate the threat of a diversion disinformation play as I've described earlier, is to just kind of strengthen basic education and statistics. And I don't know how to do this maybe during, you know, using proactive kind of advertisement or putting stuff on YouTube, explaining the things better, making more palatable, making in civil ed education classes for kids, you know, start thinking about those kind of techniques of how to mitigate these kind of threats. So these are all ideas, how practical they are, I don't know. And the other one is just be proactive. That could be a strong believer in transparency. So I think that would be being proactive and talking about it and presenting the real rationals, why those numbers are so small, continue actually putting these kind of information and, you know, out in the public discourse, that would be one way to mitigate the threat. And with this, I would like to thank you for your attention and I'm ready to take questions. Thank you so much. Bye-bye.