End to end auditable voting?

Question

The recent meta questions show the suspicions of users regarding voting. These suspicions are hard to allay when the votes are anonymous, as they must be for scientific reviews. There are cryptographic ways of verifying voting while still maintaining anonymity, which can be found on the Wikipedia link here: http://en.wikipedia.org/wiki/End-to-end_auditable_voting_systems . I don't know anything about this, but it would help allay suspicions if we had such a system. In the particular case brought up just now, a vote on an administrator, I think it is extremely unlikely there could have been any tampering, as all the obvious voters made their position public first before voting, and the results are consistent with the public position. But a system such as this can reassure academics that votes on their publications will not be maliciously tampered with by any administrators, including competitors, and it never hurts to pander to paranoia by making the site more secure. In a separate issue, can we disable vote modification, at least on meta, completely? Meta certainly doesn't need it--- it's another never-used feature. Serial downvoting is not necessarily philosophically bad on meta (or even on the main site), it's just political disagreement. This step, even if the first were infeasable, would reassure users a lot that the site is fairly aggregating votes, even if there is no real need at all yet, as we know everyone's position.

Answer 1

I have knowledge about auditable voting from two sources:

First, as I am Swiss, I may participate on popular votes and elections online, although I live in Germany. Every vote has to stay anonymous, while the voter must be able to be sure, that his vote was counted. I do not know exactly how this has been implemented, I just know that it is very complicated, and that external trusted servers are included. The last days I got the material for the next popular vote by postal mail and it includes two PIN codes that will be used for verification. So to implement such a system, we would have to distribute PIN codes for the voting of all users in a secure way.

Secondly, a group of colleagues at my university (placed 30m from my office) have been specialized on such systems. They have been involved in the development and assessment of the Swiss system. As we often had long discussion about such systems and their cryptographic realization, I got the same impression, it is complicated matter. To implement an existing system (should I find one) would block me for at least half a year.

However, I am convinced that our system is secure. Every click on a vote button generates a record in the event log of the system. All these events are also displayed in the history of everyones user profile. In a questionable case, the voting result may be checked and it is possible to see that no plugin has been used.

Although I understand the reason for this feature request, I would propose that we do not realize it.