Diego Aranha (and his peers) has been presenting strong cases and amazing proofs over the years why the software stack in those voting machines is bugged beyond repair (specially considering they never have permanent uncontrolled access to scrutinize it, because if they did they would uncover with evidences some very dirty stuff) and it's disgusting to see him being a target of ad hominem and FUD by many political leaders and electoral judges in Brazil. Just so you have more context on this.
EDIT: Brazil has over 2 decades of electronic voting "experience", so you see how important papers like this one are for democracy and electronic voting in other countries
I have met Diego a few years ago at LatinCrypt, and if half of what he says is to be believed, it is much worse than that.
It is not just the possibility that "very dirty stuff" might be uncovered. It is the fact that in spite of all the restriction the Brazilian government throws in his way, he still is able to find ugly stuff, and it is not so much mallicious as utterly incompetent.
I see the authors are hanging out here so would like to make a question :)
Do you believe that with the proper audit systems in place (e.g. open-source, open-hardware, not rolling your own crypto, etc) it would still be possible to have a secure electronic voting system?
Optical scanners have a very good cost-benefit in terms of accuracy, complexity, transparency and usability.
If you refer to paperless electronic voting, it will be always vulnerable to malicious insiders. In order to possibly prevent that, you would have to lock it down in such a way that no one would be able to audit the result after the fact, undermining the sole purpose of a public election.
What is the value proposition of electronic voting machines?
I'm not an expert on the technology but I would say that in 2018 and for the forseeable future there is no way to make an electronic voting machine that the public will trust.
Arguably that is far more important than the tech stack.
The paper mentioned that the Brazilians considered electronic voting machines would be something to help fight against fraud.
Besides that you could consider speed. The election results in Brazil are usually released on the same day of the election. In Brazil the election happens in a single day (on a Sunday) where the whole country is focused in doing one single thing - vote! :)
Speed, scaling, and ease of use to those who like touch screens. Schneier mentions those benefits in a nice essay that argues against electronic voting:
Accuracy. If you could somehow prove that every vote could accurately be tied to a human pulling a lever, confidence in election results would be higher. Also instantaneous results and no issues of a recount (like in the 2000 election, where the refusal of a recount in a state cost Al Gore the election).
On the other hand, the way votes were counted back in the days of the paper ballot were not something to be proud of either.
Anyone who's been involved in counting votes has seen more vote count fraud than they could possibly try to explain to others. Everybody used to be involved in that, from the people counting who didn't want to be there and would do anything just to get over with it, to the party delegates, to the people in charge of the sections.
I understand all the criticism and I praise your work in pushing for a more secure and auditable stack but it's hard to argue that the previous system was better in any way.
I don't really see how that's superior to anything. It adds complexity to a system that's already hard to understand to large slices of the voters, and provides nearly no actual advantage to either the old paper ballot or the new electronic system.
A potentially better approach would be to have the systems themselves publicly auditable and somehow have the live ballot devices verifiable.
VVPATs do not add complexity, they cheaply allow a layman to verify if a proper record of his/her vote was produced.
I can't parse your last sentence, sorry.
PS: Yes, I would prefer to redesign the whole thing from scratch and tightly integrate physical and electronic records, as in an optical scanner, but this is very unlikely to happen anytime soon.
EDIT: Brazil has over 2 decades of electronic voting "experience", so you see how important papers like this one are for democracy and electronic voting in other countries