This is pretty off-topic for IETF, but might be interesting to people. I certainly agree that software independence (https://en.wikipedia.org/wiki/Software_independence) is a good objective for voting systems, and hand-counted paper ballots are one good way to achieve that.
Hand counted paper ballots are the only way, IMHO.
However, there are voting environments where they are problematic. Specifically, because the time to hand-count ballots scales with both the number of ballots and the number of contests, in places like California where there a large number of contests per election it can be difficult to do a complete hand-count in a reasonable period of time.
This depends on what we consider reasonable. If it takes a month, it takes a month, just like the good old days. The wait is a small price to pay in order to ensure the correct functioning of this critical component of democracy, difficult or not.
One good alternative is hand-marked optical scan ballots which are then verified via a risk limiting audit (https://en.wikipedia.org/wiki/Risk-limiting_audit). This can provide a much more efficient count that still has software independence up to a given risk level \alpha.
I, for one, am not really willing to risk optical scan machines having hardware backdoors in the processor, as has been demonstrated, or easily manipulated firmware, particularly in the name of expediency. Further, this does nothing to address the vectors of vulnerability that lie in the central tabulators, or the route the data takes from collection point to tabulation point. The latter is potentially an IETF matter, and if so, should be addressed with no less fervor than BGP security.
I would cite Bush v Gore, 2000; specifially -19000 votes for Gore in Volusia County, FL. Was the vector the optical scan ballot system, the tabulation system, or a routing MITM? Tough to know, although the localization and sneakernet transport system from balloting to tabulation in FL generally would rule out a routing problem in this instance. IIRC, there was a questionable route involved in the Ohio, 2004 discrepancy, although this could have been manual routing through tunnels that caused the issue. Would publicly hand counted paper ballots have prevented these attacks, potentially 18 years of war, falling behind on climate adaptation, and a host of other wrongs? Quite possibly. This much, I know for sure: without legitimate elections in a democracy, there can be no legitimate government.
The theory and practice of elections and the specific challenges with on-line voting is a whole ecosystem of its own with conferences, journals and an active community of academics, vendors and governments discussing a fairly broad spectrum from information theory, statistics and cryptography through to operational and platform security, software quality, public policy and law. I am no expert in any of this but I happen to have an academic supervisor who is. If anybody would like an introduction to that world e.g. as an alternative to trying to reinvent it at the IETF, I'd be happy to make one. Joe