Skip to content

Colorado Risk-Limiting Audit (RLA) software – developed to support risk-limiting post-election audits of election outcomes.

License

Notifications You must be signed in to change notification settings

DemocracyDevelopers/colorado-rla

 
 

Repository files navigation

ColoradoRLA

Build Status

The ColoradoRLA system is software to facilitate risk-limiting audits at the state level, initial developed by Free and Fair for Colorado's Department of State in July and August of 2017. Extensions for Instant Runoff Voting (IRV) were developed by Democracy Developers in 2023-2025.

System Documentation

Older documentation about this project and the Colorado RLA system is in the legacy-docs folder. It may be somewhat out of date, but is useful for non-IRV aspects of colorado-rla:

Documentation related to IRV extensions is in the irv-docs folder.

  • a slide deck summarizing the main ideas,
  • the Guide To RAIRE, Part 1 and Part 2, describing the background theory for IRV auditing,
  • the Implementation Report, detailing the implementation and describing the user workflow changes from plurality-only audits.

More recent versions may be available at the Democracy Developers github repository,

Deployment Instructions

Running the raire service (needed for IRV)

Run the raire-service by following the raire-service README.

Deploying colorado-rla with the raire-service

To run an audit, clone and deploy colorado-rla by following the developer instructions..

colorado-rla's raire_url property tells it where to find raire. The default (http://localhost:8080) is set up so that both can run on the same machine without any change to the addresses or ports.

If you are running raire-service somewhere different, set

raire_url = [your new location]

in src/test/resources/test.properties, src/main/resources/us/freeandfair/corla/default.properties, src/main/resources/us/freeandfair/corla/default.properties and src/main/resources/us/freeandfair/corla/default.properties depending on which one of these you are using.

Deployment security

In production, authentication between raire-service and colorado-rla MUST be mutual.

  • Raire-service MUST NOT accept connections from any process other than colorado-rla.
  • colorado-rla MUST verify that it is communicating with the correct raire-service.

If both services are running on the same host, enforcement is operating-system specific and may require some changes to raire-service's endpoint authentication.

If raire-service is running on a separate machine, the easiest method is probably to put raire-service behind a TLS reverse proxy and then

  • pin raire-service's TLS certificate in colorado-rla (or get it signed by a Certificate Authority),
  • generate a TLS client certificate for colorado-rla,
  • configure colorado-rla's http client to send the client certificate when communicating with raire-service,
  • configure the raire-service's TLS proxy to accept colorado-rla's client certificate.

This could alternatively be done programmatically in Java.

Whether the mutual authentication is done via a TLS proxy, or directly in Java, there is no particular need to get the certificates signed by an external CA, because neither side of the connection needs to be authenticated by any third parties. A properly-pinned self-signed certificate, or a certificate generated by a private CA, is sufficient.

There are many different tools available for creating and managing TLS certificates. See RedHat's documentation for an example using Openssl on Linux.

There are also various tools for deploying reverse proxies. Nginx on Linux is one popular option, but there are many others.

Contributors

  • Joey Dodds (Principled Computer Scientist) RLA core computations implementation
  • Joseph Kiniry (Principled CEO and Chief Scientist) Project Head, author of formal specification, design and implementation of ASMs and 2FA
  • Neal McBurnett (Principled Elections Auditing Expert) RLA expert, design and implementation of data export application and automatic server test infrastructure
  • Morgan Miller (Principled Usability Specialist) UX expert, conducted interviews with CDOS and County personnel, initial UI design
  • Joe Ranweiler (Principled Computer Scientist) Principal author of RLA Tool Client
  • Daniel Zimmerman (Principled Computer Scientist) Principal author of RLA Tool Server
  • Mike Prasad (CDOS Developer/Architect) Authored enhancements to RLA Tool Client and Server
  • Rich Helton (CDOS Developer) Authored enhancements to RLA Tool Client and Server
  • Dogan Cibiceli (CDOS Developer) Authored enhancements to RLA Tool Client and Server
  • Democracy Developers implemented IRV extensions based on original research by Michelle Blom, Peter Stuckey and Vanessa Teague. Lead developers:
    • Michelle Blom
    • Andrew Conway
    • Vanessa Teague

More information about our team members is available.

License

See the license under which this software is made available,

About

Colorado Risk-Limiting Audit (RLA) software – developed to support risk-limiting post-election audits of election outcomes.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 68.0%
  • TypeScript 14.2%
  • Python 10.2%
  • HTML 4.6%
  • Shell 1.0%
  • Perl 0.9%
  • Other 1.1%