Which part of it would you consider a black box? The protocols are open (you can write your own voting application), the source code is largely open, there are numerous reports on it, you are most welcome to become an observer (and many do) etc. An informed critique of the system would actually be very welcome, just stating "random guys with flash drives are bad" is not that helpful
I wonder how any e-voting system could provide both anonymity of the vote and a secure access ("one person, one vote")? To provide the latter you've got to login somewhere, right? And to stay anonymous you can't leave any identity trace.
In Estonia the voter has to login using her/his personal ID card so there's no anonymity at all?
Read the spec, it's basically storing the vote in a completely encrypted state. Once counting starts, the personal information is destroyed (literally, i know the guy, he takes the hard drives and bashes them until they are completely powder pretty much), and the votes are unencrypted. Once you start counting, there is no way to know whose vote is who. (It's actually much more difficult, but it's based on mail voting. I'm a bad source on this, read the spec. Everything is open-source.)
You can make pseudonyms by letting people carry a public key to be signed by the same kind of organization that currently oversees voting (around here, 5 randomly chosen people per urn).
That'd be completely useless for preventing people from proving how they voted, but is sufficient obfuscation for preventing the votes from becoming public.
