If we here can't agree on how to make machine voting both robust and private, then EVEN IF A PERFECT SYSTEM COULD BE DESIGNED it is extremely unlikely that a large number of people could be persuaded that it /was/ perfect.
So if public confidence in the mechanisms of voting is considered desirable, no electronic or digital system is viable.
> You can run an algorithm on any subset of codes, including just > your own, [...]
you already lost 94% of the electorate. They are saying "huh?" and going back to whatever they were doing before the election rudely interrupted them.
I should have mentioned in my last response that there have already been cases where the "electronic vote results" were accidentally posted before the election polls had closed. This did wonders for belief in the system.
One of the reported cases was somewhat understandable, not that this affected overall suspicion of the system: some or most of the absentee ballots had already been counted and recorded into the electronic system. They were of course not supposed to be agglomerated with the other electronic vote totals until after the polls closed. Someone made a typical computer error and the partial totals were released ahead of the polls closing. Apparently some number of voters planning to vote thought the election was over and didn't vote.
Now with conventional, slow, paper-based systems of the sort we mostly still use in the U.S., there are various "ontological safeguards," or "speed bumps," which make this kind of "computer error" less of an issue.
Any computerized system is likely to have glitches like the above, each of which will cause some fraction of the electorate to think things are rigged. As they probably will be.
(By the way, there are some possible crypto fixes, such as "timed-release crypto." A beacon could broadcast an unlocking key at some time well after the polls had closed, simultaneously unlocking the many sealed ballot messages. Of course, Joe Sixpack will not understand or trust this kind of complexity, either.)
SSL works because it is transparent (hidden from) to the user. Likewise, the crypto used in lottery tickets (e.g., the Scientific Games model) is transparent to the user and he doesn't have to pore over crypto explanations before buying a ticket.
(I bought _one_ lottery ticket, for $1, just to see how the numbers were done. Lotteries are of course a tax on the gullible and stupid.)
I see less chance that a crypto-based electronic voting system will be adopted in the U.S. than that Robin Hanson's and John Poindexter's "let CIA gamble on who gets assassinated" betting pool will rise from the dead.
--Tim May
