Cryptographic assurances are besides the point: the threat model is not that someone will change a record in a poorly-observed database. That's only a threat if you decide to make the thing electronic. The easiest way to solve that threat model is to not create it in the first place.
Put another way: the way you protect against the subversion or deception of very few humans is to build a system that by design requires very many humans to be involved.
> In a large election it is a big challenge to ensure that independent observers from all parties are present every place someone could potentially tamper with ballots in storage or in transit between the time they are cast (especially in jurisdictions where polls are open a long time) and are counted and the count is folded into the overall total.
Australia has done it this way for most of a century.
It's easy. Candidates are highly motivated to provide scrutineers because they distrust each other. And the rules require scrutineers to be present and cross-sign to assemble or open ballot boxes.
> With simple hand counted paper ballots, the voter has no way of knowing that the chain of custody of their ballot was not compromised.
With a software solution, no voter has a way of knowing if their vote and everyone else's vote has been counted correctly, unless ... you do verification by hand.
Seriously.
Pen and paper. It works. It's safe at scale. Everyone understands it. The US is not a special case.
Put another way: the way you protect against the subversion or deception of very few humans is to build a system that by design requires very many humans to be involved.
> In a large election it is a big challenge to ensure that independent observers from all parties are present every place someone could potentially tamper with ballots in storage or in transit between the time they are cast (especially in jurisdictions where polls are open a long time) and are counted and the count is folded into the overall total.
Australia has done it this way for most of a century.
It's easy. Candidates are highly motivated to provide scrutineers because they distrust each other. And the rules require scrutineers to be present and cross-sign to assemble or open ballot boxes.
> With simple hand counted paper ballots, the voter has no way of knowing that the chain of custody of their ballot was not compromised.
With a software solution, no voter has a way of knowing if their vote and everyone else's vote has been counted correctly, unless ... you do verification by hand.
Seriously.
Pen and paper. It works. It's safe at scale. Everyone understands it. The US is not a special case.