[Zombieball]

> How would an electronic voting machine improve upon this?

I am just theorizing here: Someone now takes the box of paper votes and runs it through the scanner machine. And passes this number along to someone. What is stopping them from tampering at this step? I think this is precisely what my co-worker was describing. There is an inherent trust that your paper ballot is scanned and recorded in a fashion that matches your vote.

An electronic voting machine could potentially communicate votes in real time over a secure connection. Or in the case of Brazil's machines, I believe stores it locally, encrypted, with a verifiable cryptographic signature of some sort.

I'm sure we all know the multitude of other attack vectors this introduces. I guess I am just not convinced that paper makes things more secure.

[rbanffy]

I worked on the 2002 model. It stored the signed voting data on a removable CF card which was under a tamper proof seal. After installation the machines were kept physically secure and, during the election they are never under the supervision of a single person. After the election the machines are returned to local elections authorities (if they are too late, they are invalidated) where the memory card is read and totalized.

We designed a vote printer that would allow the voter to see a paper copy before storing it, but it was never used.

[grzm]

There are many steps along the chain that have to be secured in both electronic voting (which has a variety of meanings) and paper ballots. Paper ballots enable audibility, which is a separate issue that's also important for voting.

Given the number of comments you've made on this thread, it seems this is an area of interest to you. I encourage you to look though the previous HN discussions on this topic. Here's a list of some of those from the past month or so:

https://news.ycombinator.com/item?id=13032743

[Zombieball]

Thanks!