I don't really understand why we are always stuck in the past on things like this. 155 million votes, spread out over thousands of polling stations is a minuscule number. Why not have each voting station digitally scan/print every ballot cast, and then once the stations close - upload everything to a centralized and publicly accessible server organized by station and their reported polling result. If anybody wants to do a recount, they can - to whatever degree of confidence, and using whatever method they prefer.
One might still make claims of ballot stuffing or exclusion, but there would be literally zero doubt that the count itself was accurate.
Have a look at the links I shared above, particularly https://verifiedvoting.org/votingequipment/ for a quick summary; it gives some analysis of different voting equipment and concerns thereof.
In particular, purely-digital systems are widely regarded to be too vulnerable to hacking to be safe. What you're describing sounds like DRE with VVPAT, which isn't considered to be a secure option, though it's better than DRE without VPAT since as you note you can in principle audit it. (However, note that most jurisdictions don't yet do RLAs to randomly audit, so right now digitizing, even with VPAT, could weaken the system.)
I think the basic idea here is -- if paper is secure and will be your fallback, and digital is insecure, you should just build your process to be optimized for paper-first, rather than digital-first. Digitizing as you suggest doesn't really gain anything over paper (except perhaps reporting provisional results faster, but you'd still need to do a risk-limiting audit to verify that your digital votes didn't get hacked so this might be a wash), but it does add more attack surfaces along the chain of custody.
Ultimately, paper is a very robust solution to the problem of making the system hard to subvert at scale; you can think of it as a sort of "proof of work", where it would be extremely difficult for, say, Russia, or the DNC / RNC to tamper with large quantities of ballots across the nation. Compare that robustness with a digital system, where IF it works you have the same properties... but around here we all know that almost all digital systems can be owned by a persistent enough adversary.
If you're willing to relax some of the requirements around refutability, there are some interesting e-voting schemes, for example you can do some cool stuff with homomorphic encryption like https://github.com/microsoft/electionguard/. But there is something to be said for having a tallying algorithm like "count the pieces of paper" that doesn't require a PhD to understand.
Perhaps I phrased it poorly. When I refer to "scanning", I mean as in making an image of a physical source, as in a digital scanner, not scanning as in processing data.
The idea is to create a publicly accessible collection of an image of every single ballot, organized by the station from which they were collected. This can then be manually cross referenced, by anybody, against the reported vote count and result.
And yes, digital only ballots would pose a major problem here and in general.
The concern because of this is reasonable: identification would allow voter coercion or vote buying. But I think there are two issues with this concern. The first is that our current system doesn't prevent this. Bringing recording equipment into voting booths is not allowed, but in practice has 0 enforcement or enforceability since many (most?) locations offer shielded voting booths that even include privacy curtains.
The other practical issue with this concern is that buying or coercion would need to be of substantial scale, centralized, advertised, involved traceable transactions, and so on. And this is a criminal felony so the consequences for a leak are substantial. Ultimately, it just does not seem like a realistic attack vector.
So in many ways, I would consider this a feature more than a bug. You can personally verify that your ballot did indeed get counted (at least if you're willing to dig through thousands of ballots looking for your 'secret code') without allowing anybody else to see how you voted.
The current system does make this expensive. Making the ballots public will effectively make the votes public once some student posts a model on github.
To be clear, you do mean makes the voters public right? Because the whole idea of this suggestion is precisely to make the votes public. And I do agree that, within hours, there would be models developed to effectively parse the ballots and help detect any discrepancy - something the current centralized operators just can't seem to manage.
The problem is if the people casting the ballots can be identified by third parties. And in this regard, I don't understand what you mean or if that is what you are even talking about.
People casting ballots will be identified by anyone with an AWS account, yes. The location of the vote and the handwritten checkmark are likely enough to identify the voter.
I prefer to think in ratios rather than absolute numbers. If the whole country is voting then that’s a lot of votes, but it’s also a lot of manual labor made available to run the vote.
A counter can get through 10,000 single issue ballots in a four hour hand count. If an election has 10 issues then, on average, one person can count a thousand votes.
There have been various proposals to publish all the records after an election has been been certified. Which is always shot down on the basis of voter privacy (protecting the secret ballot).
One might still make claims of ballot stuffing or exclusion, but there would be literally zero doubt that the count itself was accurate.