> Voters would need to enrol to vote, as they already must, then be
> given a unique username and password to log on to the system.
> Standard operating procedure.
There are a few things in this world where individual data points are harmless, but the centralization of them can be disasterous. Voting records is one of them. The fact is that voter fraud and abuse has been with us and will be with us, but a light-hearted approach to designing an online system can leave you with much less than you used to have, flawed though it may be.
>>- Voters can't be identified from their votes
>
> because each recorded vote is identified only by a transaction
> number, the actual voter is not identifiable. Except by the one
> person who knows who cast that particular ballot, the voter in
> question.
I think that you haven't thought this through enough. The combination of anonymity and non-repudiation is the stuff of PhDs.
/jordan