One of the reasons why computer security is so hard is because you have to get absolutely everything right in order to have a secure system. And there’s lots of different kinds of things you can get wrong. Everything from your software was buggy, your passwords were too weak, you published your passwords accidentally, your hardware was insecure, the user made a mistake and fell victim to a phishing attack and gave their credentials to a foreign agent or a bad guy. All of those things have to be done correctly in order to have a secure system. It might seem tempting to think, you know, everybody has a cell phone so you could just use your cell phone to do voting like we do for American Idol or similar TV shows. It works for American Idol because nobody cares all that much who wins or doesn’t win.
If you get the wrong outcome some people will care, but it won’t affect sort of the future of the country, for example. It’s not sensible to use cell phones for voting for things that matter, national elections for example, because the software on a phone is enormous and very complicated, and so understanding that that code is correct and actually counting all of the votes appropriately would be a task that would be so complex as to be infeasible to do.
You could have the legitimate app that is designed to correctly count the votes for an election, but somebody could hack into that set of applications and plant bugs in a bunch of different cell phones so that the final results were not the actual intent, it didn’t actually capture the intent of all the voters.
So a system for voting that relies entirely on computers to do all of the voting will never be secure, because you’ll never have enough confidence that the code that was running on those computers correctly counted the votes as the person who voted intended. There’s always the chance that there were bugs or that a hacker came and changed the code or corrupted the code to make the result be what the hacker wanted instead of what the voters wanted.