> Verifying that your vote is counted doesn't tell you the election is untampered; and verifying that your vote has been counted opens up the election to tampering via vote-buying.
That everyone can verify their votes are un-tampered, actually does tell us exactly that. And no, we only allow you to prove you voted to others. Their are several proposals that have been discussed to do this. Where you can leave with your vote encrypted on paper, and you can provide any number of false keys to prove whatever you want anyone else to see, only if they were in the both with you could they get the real key. You would only give a small % of volunteers from each machine the option to verify the true keys are used throughout. The other option is to allow multiple votes, such that only the last one is counted. again only a small % are required to be given the true decryption keys to validate the process is working and we don't have a massive corruption of the process.
> We must verify that the ballots as a whole are counted, collected, and summed.
Exactly, that is why you allow everyone to validate their true ballot is cast. You also allow as many servers collecting results, with the same open source software. You can verify and validate they all get the same results, if any official servers differ, or sufficient private servers differ to raise concern of a mass fraud, then you can re run all the ballots and find the difference. The states would have the keys for every machine in the state, and verify all machines reported in their results, and no extra machines reported extra results.
By having states generate their own private keys, you would have multiple keys, one for voter identity, one for candidates, another for each polling places id. After the election is over and the server data is verified received, you release the candidates private key, and every server can tabulate the results (their is proof of concept of doing math on encrypted data, without the keys, so it is possible all results could be calculated and compared before receiving the private keys, only need the private keys to declare the winner, and can be done after all servers have verified they came to the same winning result.) That way the private key cannot be used during the election to generate any more public keys...
As long as the private key for voter id is kept secret from all but a single validation location, even if you give your voter id to someone else, they cannot find your vote information. You can only verify the complete and un-altered vote you cast was received at every server. Since every vote, polling place cast, ID cast... is public information. Select people, in isolation using all the private keys can validate the entire election process.
The great thing about ssl, is we only care if the voting machine is secure, the encrypted packet can be path agnostic. Votes could all be printed and carried on paper and scanned. They could be flash drives, people could scan them at home and broadcast them. You can send the packets in 50 different ways, and state actors would have to block/corrupt all 50 ways to block that vote. duplicates are discarded. Until the private key is released, all is secured.
> I like pork.
Not all government would be by direct vote, that isn't how states with ballot initiatives work. But currently a bill like national health care could never get passed cleanly, as their is no way to pass it without paying off the special interests in DC. That is not true with ballot initiatives, if it is good for the majority and isn't being done through the normal process, this is where the corrupt process bypass happens. A health initiative or public university project could produce the bill that is then taken outside of partisan politics for passage. The standard process still stands for bills where that system is working.