Election Anomaly Detector

⬤ Negative Updates

In a legitimate election count, a candidate's cumulative total should only ever increase as new precincts report. A decrease means votes were subtracted from the running tally.

Common legitimate explanations: A county submitted a duplicate batch and the feed corrected it; a data entry error was caught and reversed; a precinct was re-allocated between counties.

What auditors should check: Every negative event should have a corresponding entry in the county canvass log explaining the correction, the original source of the over-count, and who authorised the change.

Severity guide: A single small correction is routine. Multiple events in the same county, or a large single removal (>10,000 votes), warrants a written explanation from the county clerk.

⬤ Ratio Shift

This compares the Trump/Biden split of each individual vote batch against the running average split up to that point. A large deviation means a single batch of votes was dramatically more one-sided than everything counted so far.

Common legitimate explanations: Mail ballots from a heavily partisan precinct or demographic group arrived as a single batch; rural vs. urban precincts report at different times and have very different partisan splits; a large university precinct or military absentee batch arrived.

What auditors should check: Cross-reference the flagged timestamp against the county's precinct reporting log. The batch should correspond to an identifiable reporting unit with a plausible demographic explanation for its partisan lean.

Severity guide: Deviation of 15–24 pp is flagged as medium; 25 pp or more is high. Adjust the threshold slider to match local baseline variance.

⬤ Timing Gaps

Measures the time elapsed between consecutive data updates. A long silence followed by a large batch is a frequently cited pattern in election fraud claims.

Common legitimate explanations: Counting pauses overnight; a county's tabulation system went offline briefly; mail ballot processing requires a separate batch preparation step; election officials took a scheduled break.

What auditors should check: Each flagged gap should correspond to a publicly announced pause in counting. The partisan composition of the post-gap batch should be explainable by which precincts or ballot types were being processed.

Severity guide: Gaps of 60–119 min are flagged as low; 120–239 min as medium; 240 min or more (4 hours) as high. Adjust the threshold to match local reporting practices.

⬤ Benford's Law

Benford's Law states that in naturally occurring numerical datasets, the leading digit is 1 about 30% of the time, 2 about 18%, and so on down to 9 at about 5%. This logarithmic distribution appears in populations, financial transactions, and many other real-world counts.

The tool measures how closely the leading digits of each candidate's cumulative vote totals follow this expected distribution, using two statistics:

MAD (Mean Absolute Deviation): Average difference between observed and expected frequencies across all nine digits. Below 0.006 = excellent fit; 0.006–0.012 = acceptable; 0.012–0.015 = marginal; above 0.015 = poor fit, investigate.

χ² (Chi-squared): Tests whether the deviation from expected is statistically significant given the sample size.

Important caveat: Benford's Law is most reliable with large, diverse datasets. Election timeseries data from a single race has relatively few data points, so some deviation is expected and does not by itself indicate manipulation. This analysis is most useful when combined with other flags.

⬤ Batch Size vs. Margin Shift

This analysis looks for the combination of two factors: a batch that was unusually large (in the top percentile by total votes) and caused an unusually large shift in the Trump–Biden margin.

Large precincts naturally move margins more than small ones. This flag specifically looks for cases where the size of the margin shift was disproportionate even relative to the batch size — suggesting the batch was more one-sided than you'd expect from a precinct that large.

Common legitimate explanations: A large mail-ballot batch from a heavily partisan county; a consolidated report covering multiple small precincts that happen to lean the same way; a large military or overseas absentee ballot batch.

What auditors should check: The scatter chart shows all batches — flagged ones appear as large red dots. Each should correspond to an identifiable reporting unit. Hover coordinates show exact batch size and margin impact.

Severity guide: Adjust the batch size percentile threshold to focus on the very largest batches (top 5%) or cast a wider net (top 30%).

⬤ Ratio Lock

Real vote counting is noisy. As different precincts report, the Trump/Biden ratio should fluctuate. A long run of consecutive batches where the ratio barely changes is statistically unusual — it suggests the batches may all be coming from the same homogeneous source, or that the ratio is being held artificially constant.

Common legitimate explanations: A single large precinct is reporting its votes in sequential sub-batches, all from the same demographic pool; mail ballots are being counted precinct-by-precinct in a consistent order; a data feed is reporting small incremental updates from a single ongoing tabulation.

What auditors should check: Identify which precincts or ballot types were being counted during each flagged run. If all batches in the run came from the same precinct, the stability is expected. If they came from different precincts, the stable ratio is harder to explain naturally.

Severity guide: Adjust the tolerance (±pp) and minimum run length. A tolerance of ±0.5 pp over 4+ consecutive updates is the default; tighten to ±0.2 pp to find only the most striking locks, or loosen to ±1.5 pp to see broader trends.