Electronic and Online Voting

"If we make the reasonable assumption that it is impossible to make a 100% secure system..."

Security is not only about the accuracy of the counted votes, it is also about how easy or hard it is to tinker with the system and most importantly how likely it is to recognise an attempt of tinkering.

Tamperproof voting is possible with a blockchain style of voting, as it requires the pool of nodes to be in consensus before a record is agreed across the network.
I have been working on a specific system capable of handling online voting at a higher threshold of acceptance than the bitcoin blockchain default values, it has an internal record that can display attempts at non-consensus decisions, along with what was the majority decision and the minority decision.

Digital systems offer a high variety of attack vectors and exploitation of many of those will be undetectable whereas the paper ballot system is very well understood, due procedures very well established and manipulation on a broader scale pretty much impossible to do without being recognised. The paper ballot is the clear winner in my eyes.

The problem with paper ballots is that it is actually easier to cast multiple votes in person simply by attending multiple voting locations and doing multiple voter details. I can confirm that would be difficult to detect in urban electorates such as Mt Roskill, as the voter details could easily be determined from social media.

Local postal elections are definitely less secure than even in person voting, as it takes no effort to gain additional votes.

By my understanding in-person voting for councils is long dead. Society somewhere along the way decided that the "acceptable level of security" is low enough to use postal voting. (as in the flag referenda)

So, options are either call to end postal voting, or defend postal voting as less insecure than online voting.

@robertfrittmann mentions

New Zealand's public-sector IT implementation history is fraught with tragedy: INCIS, WINZ kiosks, NovoPay,

It's worth noting that every single one of these high-profile debacles involved projects outsourced to private companies, who supplied proprietary software. Any voting system to be used for local or central government elections must be designed and developed by a suitably qualified, fulltime, research team, employed by the Electoral Commission, and all software involved must be free code ("open source"), that can be audited by experts selected by all political parties (and anyone else that cares to do so). Technical scrutineering processes also need to be developed to ensure that binaries used for an election have indeed been compiled from the audited code, not from a version modified just before compiling (I think GIT has hashing tools for this).

Thanks also to @robertfrittmann for pointing to the discussions on the NZOSS list, it's worth skimming through both. One thing I notice everywhere this topic comes up is a frankly naive faith in the robustness of the current system. I think it's worth reproducing in full my fiancee's description of checking for multiple votes after the vote counting:

"In 2008, I worked a polling station on election day. After the initial
vote count, I worked for one week at the Mt Roskill electorate office.
There were 20 of us on the team, working long hours, for minimum wage,
in a short-term job, with minimal training. We worked under one manager,
who was useless, and was sexually harassing female staff. So after the
first day, I ended up as the de facto manager of the team of 20,
reporting directly to the Returning Officer for the electorate, who
seemed to be as confused as I was about how some of the post-election
checking processes were supposed to work.

"At the electorate office, we had a huge stack of electoral roll books
lined up against the wall in one room, that had come from various
polling stations. The 20 of us worked in this room, checking each book
against a master copy (broken up into sections of the alphabet to share
the task). Our job was to carefully go through each polling station
book, and for each person whose name had been crossed out on election
day, we had to draw a red line through their name on the master copy.

"Occasionally, I would look up the person's name in the master copy, and
with my red pen raised to draw a line through their name, I would see
there was already one there. In some cases, this happened multiple times
with the same name. So, we would write "2" or "3" or "4" next to the
crossed out name in the master book, to indicate how many times their
name had already been crossed out in the other books that had already
been checked.

"Early on, I discovered one of the many flaws in this system. Although we
knew how many times votes had been recorded against the same name
(assuming that me and all the people I was working with were being
sufficiently thorough), we had no record of the first polling station
book this had happened in. In fact, initially I was the only person who
was putting aside the books that contained evidence of a multiple vote
at all, instead of just throwing them all in the done pile. Our
objective seemed to be to go through all the books, as quickly as
possible, so all the stuff that I was bringing up about multiple votes,
and what we were supposed to do to find the first book, was seen as an
impediment to getting the job done. Despite encouragement from the
Returning Officer to keep doing what I was doing to improve evidence
collection, I left the job after a week because I could no longer cope
with the sexual harassment from my manager.

"There was clear evidence of a certain amount of voting fraud in Mt
Roskill, in 2008. Because I essentially took over the process, we did
end up with a stack of polling booth books that contained some of this
evidence, although at the time I left the job, we still hadn't even
looked for the first book in each case. I have no recollection of any
system that matched names with multiple votes cast under them, with
ballot papers, nor any sign of anyone activating such a system to
retrospectively correct vote counts. There were no scrutineers involved
in any stage of the process beyond election day."

I'm convinced that it is possible to develop an e-voting system that is not just as secure as the current paper-based system, but more secure. Providing the conditions I laid out earlier in this comment are met, and that sufficient time is taken to do thorough testing.

The NZ Open Source Society has set up an Online Democracy email list specifically to discuss the social and technical considerations of both e-voting and online decision-making (eg liquid democracy).