by ERIC GELLER on July 17, 2017

Colorado on Monday said it will become the first state to regularly conduct a sophisticated post-election audit that cybersecurity experts have long called necessary for ensuring hackers aren’t meddling with vote tallies.

The procedure — known as a “risk-limiting” audit — allows officials to double-check a sample of paper ballots against digital tallies to determine whether results were tabulated correctly. The election security firm Free & Fair will design the auditing software for Colorado, and the state will make the technology available for other states to modify for their own use.

The audit will allow Colorado to say, “with a high level of statistical probability that has never existed before,” that official election results have not been manipulated, said Colorado Secretary of State Wayne Williams in a statement.

Colorado enacted the audit requirement in 2009 but delayed its implementation to allow counties to test different methods. Beginning in November, according to a rule still being drafted, Williams’ office will select at least one statewide and one countywide race for each county to audit.

The move comes as election officials around the country scramble to strengthen their digital defenses ahead of the 2018 elections, the first time most Americans will cast ballots for state and federal offices since 2016 — a year filled with a series of alleged Russian cyberattacks that rattled people’s confidence in the security of the country’s electoral process. U.S. intelligence officials have warned that they expect Russia to be back in 2018 with an even more sophisticated digital interference campaign and have pressed election officials to prepare for the worst.

Colorado believes implementing the risk-limiting audit will make the state ready for any scenario.

“If a voting system has been maliciously altered in some way, [this audit] should give the public great assurance that we are going to know that, and we will adjust the result accordingly,” Dwight Shellman, county support manager in the Colorado elections office and the official helping to coordinate the new auditing process, told POLITICO in an interview.

Digital security specialists have long pushed for states to adopt risk-limiting audits, which they say are a fast and inexpensive way to give the public confidence that votes were not altered in any way.


Read the complete article at


Eric Geller covers cybersecurity for Politico Pro.