> After the election, the trustees generate an independent tally from the voter-verifiable list of ballots and confirmation codes. Since the link between a confirmation code and the candidate voted for must remain secret, the tally is generated using an anonymity-preserving backend.
The Wikipedia article doesn't make it clear what threat model is being considered for this "anonymity-preserving backend".
If in your election you have a major party with an interest in preventing a count from occurring, or intimidating people with the threat of having their vote leaked, then "Don't worry, it uses clever cryptography" might not be enough to convince your jurisdiction to adopt this.
The Wikipedia article doesn't make it clear what threat model is being considered for this "anonymity-preserving backend".
If in your election you have a major party with an interest in preventing a count from occurring, or intimidating people with the threat of having their vote leaked, then "Don't worry, it uses clever cryptography" might not be enough to convince your jurisdiction to adopt this.