Maybe? I won't assert it doesn't, since I don't know. It certainly seems to be a tolerable solution to the questions of whether votes were changed, or whether ballots were disappeared without counting.

But I don't see how the ability of individuals to verify that their own vote was counted can sum, at scale, to verifying that real-but-fraudulent ballots aren't also in the total.

It seems like you could verify this if everyone who voted proved that their vote was included in the count and the full count was explained by everyone who proved they voted. In practice, that seems unlikely?

Well, currently, it's public whether someone voted (though of course not what their vote was). Assuming that's still true in this fancy system, that count would then have to match the count of how many encrypted votes there are, so you can't forge fake ballots from whole cloth (without people noticing). The best you could do is to try to defraud both systems, by identifying who won't vote and then submitting a fake vote for them.

Sure, you can't verify every single vote, but it doesn't take that much time/money to call up, say, 100 people (relative to the expense of running this whole system). If you contact 100 random people from the public record of who voted, and all 100 say "yes, I did actually vote", then the real result (excluding fraudulent votes) is unlikely to differ from the recorded result by more than 1%. And, obviously, you can drive that probability down as far as you want with more expense, but that'd only be important for rare close elections.

Good point; I wasn't factoring in the existing public voting records.

I'm not sure what the contact rates would look like if you tried, but retroactive sampling should have a good chance of spotting systemic abuse if response rates are sufficiently high. I guess you could even legislate random audit sample sizes based on the number of votes and victory margins.

I've been thinking about the values of end-to-end auditability as deterrence and public relations, but I agree that you could capture the majority of that benefit for a fraction of the cost and complexity with regular sample-based audits.

That does make sense; strong deterrence, and deterministic rather than probabilistic guarantees, are both better for legitimacy, probably.

I don't think there's any need to legislate random audit sample sizes; in practice, independent groups will do so. (And it's crucial to legitimacy that it's possible for independent groups to do so in the first place, of course.)

Definitely shouldn't preclude independent audits.

Lazy thinking, on my part. The thought was that mandatory audits would help maintain long-term confidence by avoiding erosion of confidence in long gaps where no specific evidence triggered audits. Minimum sample sizes would help protect the mechanism from undersized propaganda-audits that ultimately undermine trust in the audits themselves.

But you're right; it would probably be easier and more pernicious to do a sufficiently large audit but give the reins to partisans, ideologues, or incompetents. Fairly open access would be better, thouguh I'm sure there are still plenty of "interested" outside parties willing to perform propaganda audits for cheap. Not sure how to solve that.

Hmmmm, I guess the key is that each group's auditing process itself has to be open and "objective"---paper ballots are pretty easy in this regard, every group looking at the same ballot will usually agree who the vote is for. Math/encryption could possibly work too, at least in the sense of being "objective", although it has other legitimacy problems due to being difficult for lay people to understand and trust.

As far as I know, controversies over audits or the independent observers themselves being corrupted aren't really a problem in the US at least, so I'm not too worried about this.