Real-world elections often require threshold cryptosystems so that any t out of l trustees can proceed to tallying. This is needed to protect the confidentiality of the voters' votes against curious authorities (at least t+1 trustees must collude to learn individual votes) as well as to increase the robustness of the election (in case some trustees become unavailable, t+1 trustees suffice to compute the election result). We describe a fully distributed (with no dealer) threshold cryptosystem suitable for the Helios voting system (in particular, suitable to partial decryption), and prove it secure under the Decisional Diffie-Hellman assumption. Secondly, we propose a fully distributed variant of Helios, that allows for arbitrary threshold parameters l,t, together with a proof of ballot privacy when used for referendums. Our modification of Helios can be seen as revision of the seminal multi-authority election system from Cramer, Gennaro and Schoenmakers, upon which the original Helios system is based. As such, our work implies, to our knowledge, the first formal proof of ballot privacy for the scheme by Cramer et al. Thirdly, we provide the first open-source implementation of Helios with a fully distributed key generation setup.