There are several issues that need to be considered when this software is deployed for use in a large county.
It can reasonably be anticipated that hackers, terrorists and similar lowlife will attempt to disrupt the election. Natural disasters and innocent human error can also knock out facilities at just the wrong time. Reasonable precautions should be taken so web servers resist denial of service attacks. All systems should be up to date on security patches, and it is recommended that official sites use an operating system with a high intrinsic resistance to mischief. Central sites should be replicated and dispersed (both geographically and by network service provider), and redundant paths to polling places should be provided insofar as possible, e.g. two wired DSL lines and a wireless backup on a government channel.
InetVote relies heavily on databases. It is essential to use a database engine that runs on redundant servers, and which is self-healing if one of the servers is knocked off the net and later is able to rejoin it.
Backup is a major problem. During voting, all the action (except for the Registration Table) is append-only, and new records should be sent promptly to streaming removeable media such as tape. This is in addition to regular periodic backups of the tables.
The certificates of the Registrar of Voters and the Election Board are self-signed. Operationally, all that's necessary is that they trust themselves and that the Election Board trusts the Registrar of Voters to sign Ballot Tickets. The voters should never see these certificates in a context requiring trust. Thus it is useless to purchase trust from a company whose root certificate is distributed with the major web browsers.
On the other hand, the web servers do need to be configured to insist on SSL/TLS encryption for all voting-related traffic, and they need server certificates that voters' browsers will believe in, i.e. commercially purchased trust.
There isn't much discussion in the demo of issues at the polling place; however, likely the majority of votes will be cast there rather than from voters' home computers. InetVote does not work well with conventional manual polling place practices; the effect would be as if the voter were registering on the spot, using something from the poll worker as a credential. This is too much work, and it opens up all the abuse possibilities that plague the manual system now.
Much better would be if, on a manual registration, the Registrar of Voters would mail a physical object to the voter, such as a USB key with the Registration Certificate on it and an unencrypted private key (stealable out of the mail), or a piece of paper with the base64-encoded certificate and key printed on it, to be scanned at the polling place (and also stealable).
Voters are furious about certain commercial computerized voting systems, because they fail to provide an audit trail for recovery in case of disasters or suspected fraud. InetVote is excellent in this regard. However, at the polling place it will be important to deliver to the voter the signed copy of the ballot and certificates and the corresponding private key (presumably unencrypted). If the Registration Certificate is on a USB key, the ballot copy can be deposited there too. On the other hand, if printed paper is used, each polling station needs a printer adjacent to the computer. A cheap, slow printer probably won't be satisfactory either. The short ballot for this demo fills one page (mostly certificates), and I expect that a typical ballot in Los Angeles County would fill two or three pages.
With pure paper a shared printer is unsatisfactory because, when the voter goes to collect his copy, he and his votes are publicly on display to the poll workers and to his neighbors. On the other hand, if the ballot copy were on a USB key, perhaps the shared printer could be in an enclosure, privately printing the ballot copy off the USB key.
The computers at the polling place will need a web browser with a robust kiosk mode, such as Opera, and a specialized plugin that can generate the private keys (presumably unencrypted).
In the United States in the days of the Wild West, it frequently happened that a person committed a crime, such as murder, on the East coast, and then fled West to make a new life. Some such people rose to high office in the West, and thus there was political support for the concept of privacy of identity. Thus to this day, it is very hard in the United States for a person to prove his identity, and even harder to determine if two identities actually refer to the same person.
In other countries where the Secret Police are an unpleasant reality, every citizen is issued an identity certificate at birth, and identities can be rooted in a solid foundation (neglecting the details of records lost through incompetence, and easily forged documents). The job of InetVote would be a whole lot easier in, for example, the former Soviet Union. On the other hand, there wouldn't have been much need for InetVote in the FSU.
The candidate appearing first on the ballot has an advantage. InetVote has a feature to randomize the order of candidates, individually for each voter. In the manual system this is normally done but all the ballots for a particular precinct are identical; randomization is across precincts.