2/ most states have recount procedures that trigger below a certain margin of victory. Sometimes automatic, sometimes has to be requested by a candidate. In Georgia, threshold is 0.5% & recount needs to be requested by a candidate after certification. Wait, what's certification?
3/ certification is the real result. When TV networks call an election, that carries no legal weight, it's just the media predicting the outcome. They're usually right, with some notable exceptions. Certification is when the state, having triple checked, declares their winner.
4/ Georgia certified on Friday. Trump just requested a recount. So that's happening now.
But, you're thinking, wasn't there just a recount last week?
5/ it wasn't exactly a recount, rather it was an audit, specifically a risk-limiting audit. It's the audit the @voting_works helped with.
6/ a risk-limiting audit is a way to check that the tabulators declared the right winner. It's not designed to verify the exact vote count, only to check that the vote counts aren't so far off as to have declared the wrong winner.
7/ typically, a risk-limiting audit can achieve its goal just by reviewing a small sample of the ballots. But when the margin is very tight, like it was in Georgia, the audit requires looking at so many ballots that it's essentially a full manual count.
8/ it differs from a recount in two critical ways:
- the vote tallies are not changed by the audit, the goal is just to confirm (or reverse) the winner.
- the process of counting each vote is very methodical and free of excessive legal wrangling over every ballot.
9/ also, because risk-limiting audits are typically performed on small samples, they can be done quickly, as part of the normal hygiene of running an election. That means they can be done as routine checks *before* certification.
10/ Georgia is one of a few states that has mandated risk-limiting audits before certification. But their margin was very tight. That's why they counted ballots last week, and why they confirmed Biden as the winner, and then certified on Friday.
11/ so now we're past the count and the audit, and we're at the recount stage. And the interesting wrinkle is that, in Georgia, recounts are only doable as machine rescans.
So that's what's about to happen, and that's why Georgia is counting ballots for a third time this year.
12/ in terms of what to expect, it's pretty clear: unless something incredibly unusual is discovered, this machine recount is likely to give an almost identical count as the first time around. Some differences in how borderline ballots will be adjudicated, probably not much.
13/ in summary:
- first georgia counted ballots with scanners.
- then they counted ballots by hand as part of a risk-limiting audit, confirming the winner but not altering vote counts.
- now they're recounting with scanners, which *could* alter the counts but likely not much.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
1/ The @voting_works team has been working around the clock for the last week to support the State of Georgia in running their first state-wide risk-limiting audit, which turned into a full hand-count.
1/ I spent a bit of time looking at the Canada COVID Alert app this evening. Bottom line: this app is pretty much the model for how to do this kind of tech.
2/ It's super clear about what data it collects and doesn't, and about how it works. This is not easy stuff to convey.
3/ It's such a caring and lovely flow. Here it is letting you know it's about to ask for that single permission it needs – to access the Google/Apple API.
1/ In light of the voting question that will never die -- "if I can do X online, why can't I vote online" -- I'm reminded that most people don't have a good intuition for what makes things secure. So let's explore.
Security online depends predominantly on logging and auditing.
2/ This probably sounds weird and surprising, but hear me out. And there are exceptions that I'll get to. But truly, security depends predominantly on logging and auditing.
3/ Consider the Twitter hack from earlier this week. We found out about it because the attackers tweeted a Bitcoin scam visible to everyone. Twitter is, by definition, a public audit log. Those messages looked odd. We all saw them. That's why we all knew: Twitter was hacked.
1/ a little story. When I was 18yo, summer 1995, I had the immense luck of working as an intern at Hearst Publishing in NYC. I was a rising sophomore, the web was just taking off, and that internship taught me so much, it dramatically kickstarted my career.
2/ the group VP was a guy who dressed like a banker and led the effort to create the first dynamic web site for Hearst. His office was on the 5th floor, top most floor of the Hearst building at the time, 57th and 8th (there's now a huge tower at that address.)
3/ About every other day, he wanted a demo, so he would call me up to his office from the dungeon basement where the small engineering team worked.
1/ Who's ready for another Apple/Google contact tracing thread? I know I am!
To me, the most interesting piece of the puzzle is how much trust we place in the phone operating system vs. the app, and the role of the phone's operating system in protecting your privacy *from apps*.
2/ Let's start with the most recent news: Germany has relented and is adopting the Apple/Google approach, the so-called "decentralized" approach, vs. the one Germany wanted (along with France).
Today's news: "France is asking Google+Apple to weaken privacy protections around digital contact tracing" --> theguardian.com/world/2020/apr…
The news is misleading, the issues are complex.
🧵
2/ The key issue: G+A and the French+German govs are making different privacy tradeoffs.
The French+German protocol, known as ROBERT github.com/ROBERT-proximi…, seems more closely aligned with classic contact tracing privacy, but with one large risk.
3/ In classic contact tracing, as best as I can tell, you get a call from the health department saying "you've been in contact with an infected individual." They don't tell you who, and they don't tell you when & where, because then you might figure out who it is.