If it's a completely binary choice of "election was valid" and "election was invalid" without any partial verifications of results, I think it's still a massive step back.

By which I mean: paper ballots have problems. But a fault in a handful of ballots doesn't mean the rest of the ballots need to get tossed out.

I do not believe that a system managed by humans can be faultless.

> You can have e-voting systems that protect ballot secrecy and are verifiable.

In these systems the voter cannot verify that their vote was secret as they cannot understand, and much less verify the voting machine.

> And you can do that without providing proof of who any particular voter voted for.

Which is good for preventing the sale of votes, but keeps things obscure in a magical and correct box.

How can I tell the machine didn't alter my vote if it cannot tell me, and just me, who I voted for? The global sanity checks are worthless if the machine changed my vote as I entered it.

Why are you lying?

from https://en.wikipedia.org/wiki/Helios_Voting

> The centralized server must be trusted not to violate ballot secrecy,[7] this limitation can be mitigated against by distributing trust amongst several stakeholders.

> The ballot auditing/reconstruction device must be trusted to ensure successful ballot auditing (also known as cast-as-intended verifiability),[7][16] this limitation can be mitigated against by distributing auditing checks amongst several devices, only one of which must be trusted.

So neither secure nor anonymous...