(no title)

I do disagree with your other points. Paper confirmation is not necessarily the only way to audit, and may in fact introduce risks of voter reidentification and coercion (voto de cabresto). The other way of auditing the machines is the parallel voting procedure, which already takes place at every election and is honestly a brilliant piece of security engineering.

For those not aware, the parallel voting procedure works as follows:

1) the day before the election (when the software has already been loaded and locked into the machines for several days), a random sample of machines is selected for the procedure

2) those machines are then removed from the polling place they would ordinarily be assigned to, and replaced with a backup machine

3) the removed machine is then installed in a different room, and booted up normally on electionday. Since it is fully offline, the machine doesn't "know" it is being used in this mode

4) this room is setup so that there are cameras pointed to the machine, and people from all observing parties (and common citizens as well) are invited to "mock vote" in this room.

5) at the end of the day, the machine is closes, its report printed, and the result is checked against the known mock votes

Pretty solid method if you ask me, and much cheaper than upgrading the entire fleet to enable printing.