As I noted earlier, there are all sorts of risks with remote voting over the internet, even if I suggest a way to make it doable. However, this is different from the question of voting machines. Like the folks at Verified Voting I believe that a voter-verifiable paper ballot is the simplest way to make computerized voting more secure. And I like voting machines because they can improve access and even make preferential ballot possible down the road.
But I look at the huge cost we are paying for voting machines. I propose breaking the voting machine process into two steps. The first is the ballot preparation machine. It helps the voter generate their ballot, and then prints it out on paper, in a human readable form that is also machine readable. You need lots of those.
With paper ballot in hand, you walk over to the scanning machine, which is stage 2. This machine reads the standard-format paper ballot, does OCR on the human readable text and confirms the ballot is readable as the voter desires. It also counts it. The ballot is then placed in a locked ballot box.
The scanning machine will be expensive, and secured, and built by an audited vendor. However, you need only a small number of those. The voting stations, which you need many of, can mostly be cheap. In fact, they can be free.
That's because you would generate a voting program that runs on standard PC hardware. On slow standard PC hardware. Probably an open source program, meant to run on Linux, and audited and verified by the open source community. They would love this job.
Then you ask the public to donate their old, slower PCs. Give them a small tax deduction if needed, but frankly I think you would get so many machines you wouldn't even need that. You could even be strict on the hardware requirements. Wipe the bios and put in a fresh one, possibly put in a cheap hard disk with the voting system installed. Get donated laser printers. You don't have a lot of security concerns with these machines because there is not a lot they can do to bollux the election.Of course, they can do something. A compromised machine could watch the voter, try to sneak in results in areas they aren't likely to check, try to help in vote buying. It might try to present political ads to the voter but that seems a pretty risky thing to do. However, the open source process, combined with the new BIOS and hard drive would pretty much prevent these attacks. After being set up, these machines would not be connected to anything, and any ports (floppy, USB, CD, serial, parallel) would be sealed or removed.
But the real security comes in the human readable ballot. No matter what somebody tries to get the machine to do, you can look at the ballot. It will say "George W. Bush" or "John Kerry" in plain text. The only risk would come on decisions further down that the voter might not bother to double check.
There are other risks of course. Some people want a paper ballot you can see but not touch. That's possible here, but more expensive. It requires custom printer hardware. They fear people could be sent in with a pre-prepared ballot by vote-buyers, and be expected to substitute that for the ballot they cast in the booth, which they return to the vote-buyer as proof. Frankly with absentee ballots possible, I am less worried about this but it can be designed around at cost.
The scanner/counter machines need to be more secure, as secure as the current electronic voting machines. However, any error or fraud they make can be checked with the human readable paper ballots. Other checks are possible like scanning on two different machines from different vendors. Even here, the open source community could produce a machine, and many people feel it would be good if the counting machine's source code were public in any event.
However, this drops the cost of voting machines by an order of magnitude, since I think you probaby only need 1 scanner/counter for every 5-10 voting machines, and they are simpler. You might want to have some specialized voting machines with access for the disabled, or touch screens, in each polling place, if the generic hardware isn't good enough. Frankly, generic hardware is pretty versitile.
If parts break with heavy use, who cares? This stuff is, once again free. Happily donated by the public. If it breaks, swap in a spare on the spot -- that's the advantage of generic hardware.