If we can't trust checks and balances saying, "Your vote will be counted properly here", how do we trust any of it?
To mess with the election, you have to turn all three persons mentioned above, who all have conflicting interests . And then do this for a significant fraction of the voting centers in one constituency to change the overall result. It's almost impossible to do this to any appreciable degree.
What more, explaining the above to regular people is as easy as repeating the above paragraph to them. As long as people trust that their party member's are not double crossing them, they will trust the process.
 the person of the opposing party might have ethics, so it's not given that they will just agree to blatant vote manipulation.
And even though we do manual counting we get a preliminary election result the same night, simply by having adequately sized voting districts and then everything is recounted a couple of times for the final certified result.
They all seem like small things, but you sum up... This year we had the most fragmented political spectrum and small differences make big changes. In Leon, a polling station made a mistake and put the votes for a party in a different row. Nobody there noticed the mistake except the far-right party Vox. One simple polling station mistake changes the mayor of the city because they were enough votes.
Another problem I see is the mail vote. Mail vote is extremely popular in Spain (4-5% of total votes) and it's very easy to manipulate, not able to be inspected.
0. international independent observers following the entire chains-of-custody of votes and the tallying process
1. vote as did the Greeks or Googlers' for their lunch: place a physical token in the particular container for a given candidate, and then weigh them and measure their volume. There's no hanging chads or ambiguity.
2. place non-partisan, professionals with integrity in-charge of and with elections
3. seek a wide pool of volunteers, and randomly assign them
4. randomized double/triple/quad verify chain-of-custody at key activity steps to reduce chances of many types of impropriety
5. transparency: lots of public live video streams of election process areas as it's occurring
Very few, even when given all the opportunities in the world, are capable of determining if something is wrong in the software or hardware in the machine.
The difference is between having to trust a small group of people who have to be trusted to be experts, vs trusting that the average of random groups of people will be good enough to minimize fraud.
edit: The user's bio says he's on the "DARPA CHERI" team, which is in Cambridge? 
The web-page itself makes no mentions of DARPA or AFRL, but if you click on any of the papers, the notices are all there.
P.S. ARM is HQ'ed in Cambridge, so, location-wise, probably a lot of talent that can do these kinds of things there.
> An Associated Press analysis has found that like many counties in Pennsylvania, the vast majority of 10,000 election jurisdictions nationwide use Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts.
Also, what *is" a more appropriate OS to use on these systems? OpenBSD? Linux?
Budget more workers and do it the right way.
From what I've read, the sole motivation for the large "investment" in electronic voting machines was an ADA requirement. City and state government committees felt obligated to budget for electronic voting machines for compliance reasons only. So ADA compliance was the sole requirement, and the security requirements were never a factor.
This is similar to Dieselgate in Europe. Diesel is a filthy fuel, but there is one pollution component, I believe it's CO2, that is emitted less than gasoline. All of the other pollutants are worse, but European governments incentived diesel ICE engines for that one molecule.
We are in a post-facts era, and as technologists we need to be at the table before one-dimensional public policies are made, as in the above examples.
The irony of your comment...
Edit: I don’t know anything about the impact of the ADA on the choice of EVMs in the US, so I haven’t commented on it too much, but even ignoring how wrong your dieselgate comment is, your claim about ADA doesn’t pass the smell test for me because EVMs are (or were, until courts stopped them or countries realized how insecure they are) being adopted in large numbers in other countries, many of which don’t have the equivalent of ADA laws, and don’t particularly care about the disabled.
>And wasn’t dieselgate about trying to trick US standards rather than about European standards?
No, most likely not. The main motivation at the time they put these "devices" in place was to trick the European standards, the so called Euro 1 to Euro 6, and regulators. Of course it helped with the US/Californian standards too, but hardly the main concern.
But the primary diesel market was (and still is) the EU, also with new diesel models introduced there first.
E.g. in 2015 over half of all new passenger cars in Europe were diesel. At the same time the US diesel new passenger cars were about 3%. Diesel was incentivized by European governments in particular the German.
What's more is that a lot of other countries outright adopted the Euro standards too, or based their local standards directly on the Euro standards, e.g. Israel, Turkey, Australia, India, and even China to a degree, to name a few. Getting e.g. an Euro 5 certification meant you not only were able to sell in the EU but a lot of those places too.
Of course, it was US researchers and regulators who uncovered this fraud first (or at least the first who made it public and issued fines), kudos to them, so that's probably why there is a perception that this thing was about US and US standards.
BTW, those "cheat devices" really aren't devices per see but ECU configuration data to instruct the ECU to limit the urea solution (AdBlue) use to likely test scenarios. And they started doing this cheat mainly because they fucked up their designs installing too small, tiny urea solution tanks (which often were hard to access) which would have required car owners to refill that tank really often.
Most press on dieselgate was superficial, but there were a few articles that went deeper into why diesel and why mfgs. rigged exhaust tests.
The actual origin of dieselgate was government regulations incentivizing diesel use in Europe for misguided emissions reasons.
A related factor is that mfgs. can apply fuel economy improvements from one model to other models based on percentage.
Regarding voting machines, city and state councils would not budget for new equipment without a good reason. That's why ADA seems like the most compelling reason from what I've read.
Under "Voting Systems Standards" in the link below, an electronic system is required with multiple language support under ADA:
Dieselgate is about a specific scheme designed to bypass regulations. Your reductive reasoning makes as much sense as saying "it's superficial to think of Watergate as anything else but the byproduct of democratic elections"
I don't know where you're going with the whole Dieselgate thing. But I do agree that part of the appeal of e-voting is the ADA accessibility. Can you point me to where you found in your research where voting officials felt "obligated" or otherwise encouraged to ignore everything else for the sake of compliance? Just because a bank is forced to install a wheelchair ramp doesn't mean they remove the door locks.