While transactions are not traceable, it is important to realize that this scheme is centralized. If you look at the 13 steps of a payment transaction in the paper, then you'll see that at several steps you still need the cooperation of a "bank". This bank can still freeze/confiscate your account at will, or refuse to do business with you in the first place. It's also not clear why a bank would voluntarily give up the ability to trace payments.
There are attempts to combine the decentralization of bitcoin with untraceability. Monero[1] is a working coin using ring signatures. Zerocash[2] is still being researched/developed.
I think the example of the carbon-paper envelopes is flawed.
It assumes the elector can recognize the quirks of the signature of the trustee, yet it also assumes that the trustee can not do this (for lack of having a copy of his signature). There are two simple attack vectors here:
1.) The trustee can see who is on the return envelope, and if it is the address of a person whose vote he wants to know he adds a quirk to his signature which he can later recognize. Thus the scheme fails.
2.) The trustee can make a carbon copy of his signing of the carbon-lined envelope. Thus he can identify every tiny quirk of every signature on every envelope. He also knows the return addresses, so he can link the return addresses to the votes.
Or did I miss something here? Or would the trustee in the digital version not be allowed to use different signatures? If not, how would an elector recognize his own ballot?
There are attempts to combine the decentralization of bitcoin with untraceability. Monero[1] is a working coin using ring signatures. Zerocash[2] is still being researched/developed.
[1] http://www.monero.cc/
[2] http://zerocash-project.org/