Great. I might also like to see ballots printed on highly-secure paper, perhaps issued by the U.S. Mint, with a perforated receipt which the voter could keep. This way, voting by mail could become more secure, and the receipt, which might look similar to money, and which the voter could display (either with or without their vote shown) would increase pride in voting, and thus increase voter turnout. I could see the U.S. Mint printing state ballots as well, in the same manner.

The system being developed appears to incorporate cryptography. Similar, I would suppose, to blockchain (cryptocurrency) technology, I’ve suspected that this technology would have to eventually be implemented into our voting systems as well. Again, just like each bill of U.S. currency comes with its unique imprinted serial number, I can see all of this being incorporated into the secure paper ballots as well. A unique serial number for every ballot, untraceable to anyone but the receipt-holder themselves, might be able to assure privacy in a vote-by-mail system. The ballots, for example, could double as their own envelopes, and ship from the Mint already sealed. Like sweepstakes entries, not even the Mint or the local issuing authority would have to know which serial number was associated with the voter; additionally, if the voter shows up to vote in-person, a ballot-envelope would simply be handed to the voter to open and mark right there. Again, the ballot could have the serial number printed on it as well; but, as long as the ballot was cast in a secure manner, then no one but the voter would ever be able to reverse-engineer who got which serial number.

The ballots could be mailed back with the option for the sender to not include a return address, further assuring voting privacy. Within a set number of days, if the ballot does not show up in the system online, then the voter could demonstrate that their ballot perhaps got lost in the mail. Then, they would produce their receipt, whereupon the ballot would be instantly invalidated if it ever did show up later. In addition to being invalided in the computerized system, the receipt of the alleged spoiled ballot would be physically marked by the registrar as “INVALID,” and a new ballot would be issued to the voter.

After the election, all unused ballots could be opened, scanned into the system as unused, and then destroyed. In this way, every single ballot ever printed could, in theory, be accounted for, making recounts, as well as hand-counts, virtually unnecessary.

“Election Security | by Kim Zetter | Mar 14 2019, 12:02pm
“DARPA Is Building a $10 Million, Open Source, Secure Voting System
The system will be fully open source and designed with newly developed secure hardware to make the system not only impervious to certain kinds of hacking, but also allow voters to verify that their votes were recorded accurately.”