> why would an attacker bother to actually show a user they were being manipulated?
Because the person who wishes to tamper with the outcome of the election only has access to (or, very likely, skillz to modify) the calibration template (which has to be reconfigured each election, hence is modified by more people), not to the entire source code and tool chain of the voting machine. Most attacks are not gigantic conspiracies with unlimited resources.
Because the person who wishes to tamper with the outcome of the election only has access to (or, very likely, skillz to modify) the calibration template (which has to be reconfigured each election, hence is modified by more people), not to the entire source code and tool chain of the voting machine. Most attacks are not gigantic conspiracies with unlimited resources.