Ron Rivest, of RSA fame, has published a paper (PDF) describing a new voting system:
Not only can each voter verify that her vote is recorded as she intended, but she
gets a “receipt� that she can take home that can be used later to verify that her vote is actually included in the final tally. Her receipt, however, does not allow her to prove to anyone else how she voted.
In brief, the system allows the voter to create three ballots and then take a copy of one of them as a receipt. Attackers would not know which ballot was the real one, thus creating privacy, while the voter would have a copy of the original, thus creating verifiability. I haven’t finished reading it yet, but the first question that jumps to mind is what happens if the voter forges or alters their receipt to dispute the recorded votes?