In India, the threats were things like the ability to print enough forms without leaks to counterfeiters, transport them on Indian roads, store them until polling day in villages where no doors have locks, and so on. And while the counting was highly parallel and scrutinised by auditors, it was also painful, because here was a rule along the lines of "both vote forms and counters' hands must remain visible from when votes are unsealed until counting is complete". Sometimes the counters went for more than 24h without a bathroom break, so would you volunteer to count?
In India, the threats were things like the ability to print enough forms without leaks to counterfeiters, transport them on Indian roads, store them until polling day in villages where no doors have locks, and so on. And while the counting was highly parallel and scrutinised by auditors, it was also painful, because here was a rule along the lines of "both vote forms and counters' hands must remain visible from when votes are unsealed until counting is complete". Sometimes the counters went for more than 24h without a bathroom break, so would you volunteer to count?
I wrote a blog posting about it, http://rant.gulbrandsen.priv.no/indian-election-machines, but the most relevant point here is:
When you consider security issues, START WITH THE THREAT MODEL. Always. And it's not the same threat model everywhere.