> The problem with any form of voting that allows you to verify your vote was counted correctly, is that anyone can verify you voted 'correctly'.
That's not correct. There are several systems that let you verify your ballot was included in the count and the count is correct, which together show that your vote was counted correctly, without letting anyone verify who specifically you voted for. See Punchscan, Prêt à Voter, and Scantegrity II for examples.
Look at the research literature under end to end auditable voting systems [1] for more on this topic.
Hand-counted pen and paper ballots don't actually provide any way for you to verify that your ballot was included in the count and that the count is correct without letting anyone verify who you voted for. I'm curious what you have in mind here.
This is a solved problem. Independent observers from all parties involved that are allowed to view the entire process from end to end. The issue with computer only voting is that you just have to trust the machine.
In a large election it is a big challenge to ensure that independent observers from all parties are present every place someone could potentially tamper with ballots in storage or in transit between the time they are cast (especially in jurisdictions where polls are open a long time) and are counted and the count is folded into the overall total.
With simple hand counted paper ballots, the voter has no way of knowing that the chain of custody of their ballot was not compromised.
By enhancing the paper ballots with cryptographic techniques, we can make it so that lapses in the chain of custody do not allow tampering with the election results. We can make it so we only need observers from all parties observing at specific places in the process, which is much more practical. We can make it so the voter can know that their vote did it make it into the total and it was counted correctly. We can make it so we can have a fast machine count, but still have a paper trail that supports a hand recount, and we can do this in a way that allows outside independent checking of the machine count.
Cryptographic assurances are besides the point: the threat model is not that someone will change a record in a poorly-observed database. That's only a threat if you decide to make the thing electronic. The easiest way to solve that threat model is to not create it in the first place.
Put another way: the way you protect against the subversion or deception of very few humans is to build a system that by design requires very many humans to be involved.
> In a large election it is a big challenge to ensure that independent observers from all parties are present every place someone could potentially tamper with ballots in storage or in transit between the time they are cast (especially in jurisdictions where polls are open a long time) and are counted and the count is folded into the overall total.
Australia has done it this way for most of a century.
It's easy. Candidates are highly motivated to provide scrutineers because they distrust each other. And the rules require scrutineers to be present and cross-sign to assemble or open ballot boxes.
> With simple hand counted paper ballots, the voter has no way of knowing that the chain of custody of their ballot was not compromised.
With a software solution, no voter has a way of knowing if their vote and everyone else's vote has been counted correctly, unless ... you do verification by hand.
Seriously.
Pen and paper. It works. It's safe at scale. Everyone understands it. The US is not a special case.
> In a large election it is a big challenge to ensure that independent observers from all parties are present every place someone could potentially tamper with ballots in storage or in transit between the time they are cast (especially in jurisdictions where polls are open a long time) and are counted and the count is folded into the overall total.
It's actually pretty easy: Count the ballots at the polling place immediately after the polls close. That leaves no opportunity to leave them unguarded. Publish the results of each place so everyone can reproduce how they are summed up.
I haven't read the paper if you can't tell from the system who you voted for, then you must be trusting the machine to give you some kind of random number which corresponds to each candidate. So it's only a partial verification.
In that case, there is a simple way to do it. Just publish a list of all ballets (by random ID) and their matching votes (by another random ID). No math needed.
That's not correct. There are several systems that let you verify your ballot was included in the count and the count is correct, which together show that your vote was counted correctly, without letting anyone verify who specifically you voted for. See Punchscan, Prêt à Voter, and Scantegrity II for examples.
Look at the research literature under end to end auditable voting systems [1] for more on this topic.
[1] https://en.wikipedia.org/wiki/End-to-end_auditable_voting_sy...