Here's something that might keep you up tonight: in many elections, the machines counting your vote run on software that no one outside the company that made it is allowed to inspect. Not election officials. Not independent auditors. Not the public whose democracy depends on it. It's like handing your ballot to a stranger in a locked room and trusting them to count it correctly.

Electronic voting was supposed to modernize democracy. Faster results, fewer human errors, sleek touchscreens replacing hanging chads. But somewhere along the way, we traded one set of problems for another—and the new problems are a lot harder to spot. Let's crack open the black box.

Voting machine companies treat their software like Coca-Cola treats its recipe. It's proprietary, meaning it's legally protected as a trade secret. When local election boards buy these machines, they're essentially purchasing a product they're contractually forbidden from fully examining. Imagine buying a car where you're not allowed to open the hood—ever—but you're still responsible if the engine fails on the highway.

The companies argue that secrecy protects against hackers. If bad actors can't see the code, they can't exploit its weaknesses, or so the logic goes. But cybersecurity experts overwhelmingly disagree. The gold standard in software security is open review—letting many eyes examine code so vulnerabilities get found and fixed. Secret code doesn't prevent attacks; it just means nobody independent can confirm the software is doing what it claims to do.

This creates a bizarre situation for democracy. Public elections—the most fundamentally public act in a free society—depend on private technology that the public has no right to verify. Election officials certify results produced by systems they cannot fully understand. It's not that these companies are necessarily doing anything wrong. It's that we've built a system where we literally cannot tell if they are.

Takeaway

Secrecy in security works for military operations, not for democracy. Legitimate elections require public verification, and you can't verify what you're not allowed to see.

When you mark a paper ballot, a physical artifact of your intent exists in the world. It can be recounted by different people, examined by observers from competing parties, and stored for future review. It's messy and slow, but it's independently verifiable. A purely electronic vote, by contrast, is just a number in a database. If that number gets changed—through a glitch, a hack, or a software error—there's often nothing to compare it against.

This is the audit problem in a nutshell. A meaningful audit requires comparing the official result against an independent record. With paper ballots, you recount the physical ballots. With purely digital systems, you're essentially asking the same machine that produced the result to confirm its own work. That's not an audit—it's just running the same program twice. Security researchers call this the "checking your own homework" problem, and it's exactly as reliable as it sounds.

Some jurisdictions discovered this the hard way. When close elections triggered recounts in districts using paperless machines, officials found themselves in an absurd position: they could reprint the electronic totals, but they couldn't actually recount anything. The recount produced the exact same numbers because there was nothing new to count. Whether those numbers were right in the first place remained, permanently, an open question.

Takeaway

An audit that can't access an independent record isn't an audit at all—it's theater. True verification always requires a second, separate source of truth.

Given everything above, you might think the solution is obvious: just require a paper backup for every electronic vote. And you'd be right—most election security experts agree that voter-verified paper audit trails are essential. The voter makes their selection electronically, the machine prints a paper record, the voter confirms it's correct, and that paper gets stored for potential recounts. Simple, right?

Not politically. Requiring paper trails means admitting the machines alone aren't trustworthy enough, which embarrasses officials who championed expensive electronic systems. It means additional costs for printers, paper storage, and staff to manage hand audits. And it opens a new battlefield: who gets to demand a hand count, under what circumstances, and who pays for it? These questions sound technical but are deeply political. The rules around when paper backups actually get checked often render them decorative rather than functional.

The good news is that progress is happening, slowly. More states now require paper records, and risk-limiting audits—a statistical method that checks a random sample of paper ballots against electronic totals—are gaining traction. They're efficient, mathematically rigorous, and far cheaper than full hand recounts. The bad news is that adoption remains uneven, and some jurisdictions still use paperless machines with no plans to change. Democracy's security upgrade is underway, but it's patchy.

Takeaway

The best voting systems combine electronic speed with paper permanence. Technology should enhance verification, not replace it—and the fight for that principle is ongoing.

You don't need to be a conspiracy theorist to find this concerning. The issue isn't that elections are definitely being stolen—it's that we've built systems where we can't prove they aren't. That gap between trust and verification is where democratic legitimacy lives or dies.

So here's your takeaway as a citizen: find out what your local jurisdiction uses. Ask whether there's a paper trail. Support risk-limiting audits. Democracy's plumbing isn't glamorous, but it's what keeps the whole house standing.