The generally accepted stance on voter security (as I understand it from reading
Bruce Schneier's blog and
Ed Felten's blog is that what is important is that a vote get recorded accurately, that a user can verify (at the time of casting but not after) that the vote they're casting is the vote they intended to cast, and that we be able to ensure a one-to-one correspondence between votes and voters. That doesn't mean that we can map votes to voters later. Such a capability may be useful, but the security concerns (voter coercion, mostly) would outweigh the auditing benefits.
Think of the paper ballot example. Assuming users actually use the ballots correctly (obviously a huge assumption and one that doesn't play out in practice, but work with me here), you have an accurate, auditable record (a recount is meaningful because it has the potential to discover mistakes of the original count) of the voter's decision. At the time of casting the ballot, the voter can verify (if they so choose) that the ballot accurately reflects their choices. We have one-to-one correspondence because other measures were taken to ensure that each voter received one ballot. When the voter casts their ballot, their vote is recorded, but there will never be any way to trace back the choices that the voter made back to the voter. The voter isn't subject to coercion from, say, a shady employer who threatens to fire any employee who doesn't vote for Candidate A. Employees can lie to their employer about who they voted for and (this is important)
nobody has the ability to retrieve the voter's vote to prove/disprove the voter's claim.
As I see it (though IANAExpert), the proper way to do an electronic vote is to tally votes electronically in a moderately secure environment ("absolute" security would be counter productive, IMO), but to print out a physical record of votes recorded by a machine which is verified by the user and dropped in a ballot box. If there's dispute with the machine tally, you have an auditable record to check the dispute against. If you ask a machine to do a recount of the 4,328,512 votes that it took (which seems like a strange number of votes to record in a precinct with 715,386 eligible voters), it's going to give you the same numbers. Sure, you may know fraud happened - but there's nothing you can do about it.