I watched a report from PBS Newshour about using risk-limiting audits to validate election results. So I made a game to simulate a vote and an audit to see if it would be possible to steal an election despite the audit. Read below for more information (including some strategies for possibly beating the game).
Disclaimer: I don't endorse actually trying to ruin any elections. This is just a game. And this isn't a commentary on any past, current or future elections.
The orange candidate is slated to win this election by a narrow margin. Your goal as a fake poll worker is to get the blue candidate to win. Do this by sabotaging the vote-counting machines—when you do, they will count all ballots as voting for blue.
But be careful! If a real poll worker sees you interfering, it's game over. If they see a vote-counting machine count something incorrectly, they'll fix it. And after all votes are tallied, the results will be audited to detect any fraud.
The source for the game is available here. It was built with the NICO Game Framework and borrows some assets from that.
Here's a paper co-authored by the man interviewed in the report above. It describes how risk-limiting audits work.
The paper is pretty clear about how the audit works, but I learned a few things trying several scenarios on my own. First of all, (s - t)/50% is the same as 2 * (s - t). I find that math easier.
s and pick t (read the paper for this).T0 = 1T by 2(s - t). For example: Tn+1 = Tn * 1.05. The percent is based on the margin of victory and a chosen "tolerance".T by an inverse amount (2(1 - (s - t))). For example: Tn+1 = Tn * 0.95T grows sufficiently large (~10), the declared winner is probably not wrong. (I'm still not certain what the actual guarantees are in this case. The paper tries to emphasize that the audit won't guarantee the declared winner is correct, but rather will show when a declared winner is incorrect.T shrinks sufficiently small (~0.01), the declared winner is probably wrong.So how do you beat the game? I haven't beaten it yet. Don't ask me :) But here are some thoughts:
The value s is the percent of the vote the declared winner got. So if blue wins with 65% of the vote, s = 0.65.
In the best case (for a blue saboteur), the audit will pick only votes for blue. The minimum number of votes you need to pass the audit is inversely dependent on s and directly dependent on t. Here's a spreadsheet where I played with some numbers.
For example, if the declared winner got 60% of the vote, and the tolerance is 5%, the best case scenario (for a saboteur) is the first 24 ballots audited being for the (false) winner. This is summarized in the first example in the list below:
s = 0.60; t = 0.05, minimum ballots to win: 24.s = 0.60; t = 0, minimum ballots to win: 13s = 0.65; t = 0, minimum ballots to win: 9So a good strategy would be to get the highest margin of fraudulent victory you can with the lowest tolerance possible. However, high s and low t cuts both ways. The scenario also reduces the number of ballots needed to fail the audit.
Also, in real life, I would expect an unexpectedly high margin of victory to cause people to do extra audits. So what you learn from doing this game may not apply to real life.
Older versions of the game are still available here: