Then LINUX would be totally unsecure, i.e. there'd be no valid encryption or, for that matter, any sort of data security in LINUX.

That's not the case, so I submit that it's not always true.

It's possible to contrive methods that, despite the fact that every detail is "out in the open," are virtually impentrable. That, of course, doesn't mean absolutely impenetrable.

However, the critical feature is detection. If the central collection point for precinct tallies is challenged, it can be recounted. It can be verified against the tallies from each of the individual precincts, and each of them can be verified against the "middle" step in the 3-stage process I proposed.

If they're in agreement, then, no harm, no foul. Since they're isolated from the 'net, at steps 1 and 2, remote tampering is unlikely, as they have no facility to do it, and the felonious miscreants who attempt to alter the records in hundreds or even thousands of polling stations by changing the stage 1 AND stage 2 machines to match the tampered-with content of the stage 3 machines or those at the central vote counting station, will surely be caught. Since the paper records are stored and the electronic records are stored, recounts can be automatic, yet still visually verifiable if there's any question.

Since I see a printed paper record of what I entered, I should notice that I accidentally voted for Mr. Buchannan, (Hasn't he already been president? Oh no ... that was another Buchannan) when I intended to vote for Gus Hall (hmmm ... he wasn't on the last ballot ...) I should be able to correct my misstep, and verify that the correction has been made. If I'm not thorough enough to notice, well, it's my loss.

RE