>Gives you a paper result that you can verify, and leave there for manual recounts as needed.
That's fair. I guess you could also force a recount for a random portion of the polling stations to detect anything fishy. I'm not sure if it'd be really worth it though, would it be such a massive improvement over simply counting paper ballots directly?
>Checksums and verified hardware.
Nah, that won't work. Who checks that? Who makes sure nobody tampers with the hardware after it's been verified? How can you even verify a piece of hardware, it could tell you it's running code X when really it runs code Y, no amount of checksumming will help. You could easily backdoor a processor to run a special ROM instead of the official one. Good luck detecting that.
Are we supposed to send electronic engineers at every poling station to check for any tampering with the hardware? How about people making copies of the chips that look exactly the same from the outside but are backdoored? You can't just trust whatever is printed on the package.
So what do you do? Take a random sample of machines during every election and decap all the chips to look for something abnormal?
IMO it's just too much hassle for very little benefit.
Take a random sample of machines and compare a number of pretend-votes to the outcome. But if cars change their behavior based on detecting a test environment, how would you trust a voting machine to not do something similar?
In the end a trusted minor miscount would be less bad than a count that is widely untrusted despite being correct: one would mean living through a "what if some people would have cast a different vote" alternative reality, the other would be a full blown legitimacy crisis, with unconstrained cheating in the next election as the least bad of all possible outcome.
That's fair. I guess you could also force a recount for a random portion of the polling stations to detect anything fishy. I'm not sure if it'd be really worth it though, would it be such a massive improvement over simply counting paper ballots directly?
>Checksums and verified hardware.
Nah, that won't work. Who checks that? Who makes sure nobody tampers with the hardware after it's been verified? How can you even verify a piece of hardware, it could tell you it's running code X when really it runs code Y, no amount of checksumming will help. You could easily backdoor a processor to run a special ROM instead of the official one. Good luck detecting that.
Are we supposed to send electronic engineers at every poling station to check for any tampering with the hardware? How about people making copies of the chips that look exactly the same from the outside but are backdoored? You can't just trust whatever is printed on the package.
So what do you do? Take a random sample of machines during every election and decap all the chips to look for something abnormal?
IMO it's just too much hassle for very little benefit.