The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) is investing in an election security auditing tool to help support the integrity of the 2020 presidential and congressional elections, the agency said on Thursday.
Since joining DHS in 2017, CISA Director Christopher Krebs has been advocating for state and local election officials to ensure election results in their respective jurisdictions are auditable, typically with paper backup ballots. The concern that if votes are cast electronically with no paper backup, they can be lost or tampered with and officials would have no means to authenticate the results.
The auditing tool is called Arlo and is being created by the non-partisan, non-profit group VotingWorks, which is “building a secure, affordable, and delightful voting system,” it says on its website. Arlo is an open-source software that is free to state and local election officials and their private sector partners.
“Heading into 2020, we’re exploring all possible ways that we can support state and local election officials while also ensuring that Americans across the country can confidently cast their votes,” Krebs said in a statement. “At a time when we know foreign actors are attempting to interfere and cast doubt on our democratic processes, its incredibly important elections are secure, resilient, and transparent. For years, we have promoted the value of auditability in election security. It was a natural extension to support this open source auditing tool for use by election officials and vendors alike.”
The first version of Arlo is already being used in pilot efforts to audit post-election results in some states following elections earlier this month. CISA said some of the partners on the pilot program include election officials in Georgia, Michigan, Missouri, Ohio, Pennsylvania, and Virginia. More partners will be announced in the coming weeks.
VotingWorks says its approach with Arlo is a risk-limiting audit, describing it as “efficient because of its insight that we do not need to manually recount every vote to gain certainty in the outcome of an election.” It says the number of votes that may need to be manually recounted depends on the margin of victory, saying a state-wide risk-limiting audit may only require checking fewer than 1,000 ballots to validate election results for the state.