Skip to content
An ACT Government Website
About us Jobs Accessibility
Contact us
For voters
Elections
For political participants
Funding, disclosures and registers
Integrity

Ballot paper scanning assurance methodology

The following information describes the methods used to select scanned and digitised ballot papers for a ballot paper scanning assurance audit. Through this process a subset of scanned ballot papers is chosen through a random but repeatable process.

The randomness ensures that no one can tamper with the selection and the repeatability allows anyone to verify that the ballot papers were chosen randomly for the audits.

Background

The randomisation process ensures that malicious actors are unable to tamper with the ballot selection process for an audit. Additionally, the process is repeatable and verifiable when the correct data is provided.

Therefore, the primary requirements for the algorithm are:

  1. Repeatable
  2. Randomised - This ensures that it is impossible to predict which ballots will be selected for an audit before they are committed to the system.

A ballot paper is considered committed to the system once it has progressed through the verification process and it’s verified preferences and image data have been uploaded to the Ballot Paper Scanning Assurance system (BPSA), where they are arbitrarily ordered based on their sequence in the upload.

Ballot papers are maintained in batches of a maximum of 100 papers per batch and are entered into these batches in no order and can be considered randomly shuffled. These batches are maintained based on the ballot’s electorate and the polling place the papers originate from.

BPSA system description

The process to randomly select ballot papers can be made repeatable by using a pseudo-random number generator that uses a particular seed. This seed will be a random number that is generated outside of the system using a raffle machine that will randomly assign a number between 1-99,999.

The system will then use this seed number to generate a sequence of pseudo-random numbers which are used to select the batches for the audit activity.

To ensure that the batches to be selected for an audit cannot be predicted before they are committed to the system, it is important to enforce a process wherein the random seed used to select batches cannot be entered or known until the ballots to be audited have been committed to the system. This is accomplished by creating a process within the system that blocks seed entry until ballot papers have been uploaded.

There is an 'Election audit' for each election, during which the ballots for that election are audited. Scanned and digitised ballot papers are uploaded into BPSA where each ballot paper is tagged with the relevant election, electorate, polling place, sequence in which it was uploaded, position in the batch (the paper number), and the date and time of the upload. Ballot paper preferences and their ordering cannot be changed following their commitment to the system.

Once ballot paper batches have been uploaded to the BPSA system the Audit Seed can be entered. The Audit Seed must be linked to the date of a ballot paper upload activity. The date and time of the selected upload is used to ensure that only batches uploaded before seed entry are considered for auditing. A seed can only be entered once for each calendar day. All batches to be audited must have have been committed to the system prior to seed entry.

Within each Election Audit there are electorate-specific audits. An electorate-specific audit can either be a daily audit or an 'Ad-Hoc' audit. Each audit must be linked to an Audit Seed, which is then used for selecting batches for an audit. For a daily audit, only ballot papers that were committed on the same day and before seed entry can be selected. For ad-hoc audits, the entire pool of un-audited ballot paper batches uploaded prior to seed entry can be considered as part of the audit batch generation.

Accordingly, the BPSA system is built to enforce the following order of operations –

  1. Ballot paper preferences and image uploads
  2. Seed number entry
  3. Batch generation

Ballot paper selection and algorithm description

The uploaded ballot paper batches are randomly selected for auditing using the geometric skipping method recommended in ‘Assessing the accuracy of the Australian Senate count.
The geometric skipping method used is described in Bernoulli Ballot Polling: A Manifest Improvement for Risk-Limiting Audits’ the code for which is available on GitHub.

However, rather than applying the sampling method over all ballot papers, the method deployed has been adapted to select batches of papers to simplify physical ballot paper retrieval during the audit process.

For auditing, a series of five consecutive ballot papers will be selected from each randomly selected batch. The starting ballot paper for this series is randomly selected. This is accomplished by adding the selected batch number to the initially entered seed value. This new number is used as a seed to generate a random number, which corresponds to a ballot paper number within the selected batch. Once used, this new number is not used again for any later batches.

The randomly selected ballot is the start of the series, and the next four ballot papers in the batch are selected for the audit as well. If the starting ballot paper number is too high, the selection will be ‘wrapped’ around the batch. I.e., in a batch of 100, if the starting ballot number is 98, the ballots selected will be paper numbers 98, 99, 100, 1 and 2 of the batch.