Is automated and digitized ballot processing inherently more dangerous than manual pencil and paper?
Great answers already about supply-chain attacks, complexity, transparency. I'll give an answer in a different direction: accountability and auditability (basically; how easy is it to do a from-the-ground-up recount?).
With a paper-based system, in the case of disputes, as long as boxes aren't physically lost or destroyed you can always go back to the paper source-of-truth and do a recount. For example, if the voting machines physically screwed up, you can go to the supreme court to get a ruling on whether "hanging or dimpled chads" count, and then go back to the paper and do a recount.
With a computerized system, if something goes wrong and the votes are recorded incorrectly in the database (either by accident or malevolently), there is a much greater risk that that data is just lost and it's impossible to reconstruct voter's original intent compared to a paper system.
TL;DR given the amount of value we place on free and fair elections, and the amount of effort we assume attackers might be going to to try and subvert them, our tolerance for risk here is very low. Paper has fewer things to go wrong, and is easier to go back to the source-of-truth and do a recount.
Most answers seem to focus on why automatic systems aren't used or aren't considered a good idea. I'll try to address the core question of what makes them inherently less/more secure. The central trade-off here is: Breach Risk vs. Breach Impact
Breach Risk: Here software systems win if we look at them in isolation. Taken a random person, software systems are arguably harder to overcome than paper voting. I.e. everyone knows how to fake a paper vote: just stuff a few more ballots in the box (and take out some others if you're a tad smarter). To overcome a software system you (should*) need at least some basic specialist knowledge. So the initial hurdle is typically higher with a software system. There are a few ways to get around that if the whole voting process is ill-designed, e.g. if it is easy to have people vote against their intend by "helping" them. Note that this only considers the "local" breach risk, i.e. given a random person, can they overcome the system. Using software system processes can however widen the target surface, i.e., an attack (or preparations) can happen easier from another country (yet still by specialists), meaning it does not necessarily require residents of the attacked country to be involved (or at least fewer). So the overall risk assessment is less clear and depends on what attack scenarios you consider more likely.
Breach Impact However, on the other end of the spectrum, a breach can be much more severe, because
- It is harder to detect (it needs also experts to detect a breach, whereas many manual breaches can be detected with both eyes open, e.g. watching the ballot box with 4 eyes catching those nasty hands exchanging votes).
- Therefore it is also harder to convince the public of a) the presence of a breach or b) the absence of a breach
- Once a breach is found, it's possible to have a far wider effect: If the same software counts half the votes of a country, a single breach can change the outcome of every single voting district (and if the breach is somehow online executable with a very small number of people involved). Thus both the risk to get detected stays low as there is a very limited amount of interaction needed and the impact can be huge.
And especially because it potentially requires only a small group of highly trained / well paid experts this seems so anti-democratic and thus so unsuited to handle voting, because it would play into the hands of any "bad elite" or an existing authoritarian government to manipulate votes without anyone ever finding out.
A high breach impact for individual breaches also means those are very valuable and thus everyone in the line that has some level of access is also a valuable target and you only need to successfully bribe a small set of people rather than multiple ones.
Also note that the overall risk (either breach risk or impact) increases with the benefits we want to have: We typically prefer automatic voting because it's supposed to be faster/more convenient to vote and to get the votes counted. But nearly all measures to make it more fast and convenient typically increase the breach risk or the breach impact. Voting from your personal computer/mobile? Much less secured environment and a common trojan can manipulate your vote (not to speak of the whole verification process, just wait until 10 seconds before vote ending and then submit votes for all the people who haven't voted yet). Automatic counting without proper(!) paper trail (or without looking at it every time): high impact risk.
*should, because the system and process around it can always be totally crappy and have the weaknesses of both worlds; example: use paper to collect the votes, stuff them into a ballot box, then the next day upload them into a cloud based system with the admin interface to check the count and the debug feature to change individual votes online on www.voting.com, and after the upload directly auto-burn the paper ;)
The point here is trust and control.
If you can trust the digitized voting system, the risk of fraud and errors is much weaker than in a manual procedure. But... if you can trust...
In a manual procedure, the risk of fraud is mitigated by having observers representing the candidates. It is of course far from perfect, but it could be used for centuries without major problems - here I assume that the part organizing the vote is fair enough to accept observers trusted but all the candidates. That means that it is not perfect but it can be controlled by all interested parties.
In a digitized procedure, only experts could control anything and a bug or a flaw allowing attackers to take the control could lead to a true disaster with little to no way for candidates or their representants to mitigate the risk.
What follows is only my opinion.
Nevertheless, I think that we are on the way to digitized elections, because of the cost of the manual procedure in human being time, and because younger people are more inclined to trust automatic systems than older ones which always tried to have a manual emergency solution.