Punch card fraud is retail. One card, ten cards, maybe a hundred cards.
Electronic fraud can be wholesale, swinging hundreds or thousands of votes at a time and in fractions of a second (depending on the point of attack.)
Electronic voting fraud does not require expertise the point of attack, so only one programmer is needed.
So death by a thousand cuts is more preferable? Yes, an undetected fraud to swing elections by electronic voting machines can be wholesale, but I'm sure the fraud risk is many magnitudes lower than paper ballot fraud.
So what's your solution to possible electronic voter fraud?
"So what's your solution to possible electronic voter fraud?"
The first step is transparency in both hardware and software.
There is no room for trade secrets in any part of election processing. Patents are another thing, since they require full disclosure, they are not a problem.
This requires that every aspect of the processing must be open to inspection, not just by those approved by some authority, but by anyone.
I am not an open source zealot, but if there is any place for open source software and hardware, it is in the processing of elections where the result must be fair and, just as importantly, seen to be fair.
Once open, you can be assured that it will be attacked for free, but a reasonable bounty for provable attacks would not hurt to stimulate effort.
At some point, a judgment will have to be made that the system is secure enough for the next election. As you mentioned, no system is perfectly secure. It would be nice however, if the the electronic systems were more secure than the paper based ones, not just more incomprehensible to mere mortals.
Just as the manual procedures for handling votes must be established and public before the election and not subject to change the day of or the day after (as Democrats tried to do in Florida), the electronic voting procedures (software) must be established well before the date of the election.
This requires that the software be certified and the installation verifiable. To have more than minimal confidence, at least parts of the system must be implemented with physical security in mind, i.e. as a trusted platform.
It is clear that the existing proprietary systems can be easily gamed at various points in the process. It is not important whether they have actually been exploited or not. It is sufficient that it is known to be possible and practical. From that point, the result cannot be trusted because there is no electronic audit trail at the voting machine level.
Untrustworthy elections are corrosive to our democracy because they permit tampering to be rationalized by real or imagined tampering by opponents.
Although it would fall short of the ideal, if the resulting systems were only as well implemented, tested and reviewed as the software that drives web transactions at Amazon or in the FireFox browser, we would be far ahead of where we are today with the smoke and mirrors security of current voting systems.
After 2000, politicians responded with the quick, be-seen-to-be-doing-something fix. Shiny, expensive and ineffective technology was purchased to appease the uninitiated. We need to keep a blow torch to the behinds of the politicians to keep them moving in the direction of secure voting systems that are trustworthy.
BTW, as you point out, SHA1 has been compromised although the number of iterations is still on the scale that it would not be a threat today, it is one in the longer term and should be replaced with something, perhaps Tiger or Whirlpool or something not yet invented.