Lets put it to a vote. Along with the proposal to renew the contract... we'll just have to do it after the upcoming scheduled maintenance on the voting system...

Maybe there should be a provision that votes concerning the voting system uses the most conservative and/or transparent means of voting available (such as counting a show of hands, or paper slips...)?

Either way this is silly. Yes, it is hard to trust the entire system, without doing a system audit. Fundamentally, when you put your voting logic into a few opaque plastic boxes who's only interface is a green and red button, it's pretty hard to know that the system hasn't been tampered with, is secure, does what it is supposed to do, does what it did yesterday today as well... but surely opening up the source is a great start?

I'd propose a simple system based on Forth and micro-controllers, that would allow for (reasonable) analysis of the binary machine code -- perhaps with random sampling and destructive reverse-engineering testing of all of the component parts every now and then.

Then we could worry about whether the people doing the auditing were on the take or not...

Actually, how about this: for stuff like this which is presumably public voting anyway, use two flags and a high-resolution camera, coupled with face detection and signal processing to determine the vote -- along with archiving the photo with a time-stamp (and vote number/identifier) for easy (manual) auditing. Audit a random sample (with representatives from all parties doing the auditing) every now and then?

Might not even have to use facial recognition -- just have every (voting) member wear a qr-code button on their shirt...

(Then you could worry about a system that did real-time altering of the recorded image, as have been demonstrated a year back (for:eg: dynamically replacing ad boards in live sports events...)). I do believe there's distrust all the way down. Maybe we should just leave the decisions to a dictator.