I wrote a paper late last year that demonstrated a practical attack against ballot secrecy for a Canadian online voting vendor. Thought you all might find it interesting.

A third-party observer can deduce (with a high probability) the candidate a voter voted for, despite the voter's connection to the voting serve being encrypted. This is because the length of the encrypted data leaks information.