General Discussion

The root problem in validating an election derives from the legal guarantee we all have that our vote is anonymous. The guarantee of anonymity serves two purposes. It protects people from threats like "if you don't vote for X we are going to burn your house down". It also prevents the buying of people's votes--if a person cannot prove who they voted for, bad actors are little inclined to offer them money to vote a certain way.

While the guarantee of anonymity is a crucial right in a democracy, it creates an intrinsic problem for validating elections. Regardless of what technology is used, anonymous voting means that once you vote, any information describing how you voted is irrevocably separated from you. It doesn't matter whether that vote was recorded by marks on a piece of paper or by voltage fluctuations on a piece of silicon, once you've voted, the record of how you voted goes into someone else's hands. That vote may be placed in a locked box that can only be opened by a select set of people holding metal keys, or it may be placed into a computer file that has been encrypted and can only be opened by selected set of people holding digital keys. It doesn't matter. Whatever technology is used to protect your vote from being changed, your confidence that your vote will eventually be counted correctly is based on a common set of assumptions. You have to trust the people holding the keys. You have to trust there is a process that protects those people from others trying to steal the keys from them. And once your vote has been "unlocked", you have to trust the people doing the counting--whether those people are volunteers sitting in chairs shuffling pieces of paper or programmers sitting in chairs shuffling bits and bytes. Ultimately, regardless of what method is used, you have to trust the system that was created and the people involved.