Online voting has become a norm in Estonia – and it is now more secure than ever.
Back in 2005, Estonia became the first nation to hold a legally binding general election over the internet – something that has become a norm now, while most countries are still only contemplating the possibility. Other countries that have tested electronic voting, have mostly done so by introducing individual voting machines, which use vendor-produced software and are more prone to errors. In comparison, Estonia’s voting over the internet is very straightforward. Like all the other digital services in the country, the internet voting system is made possible via the Estonian ID cards or Mobile-ID that enable secure remote authentication and legally binding digital signatures.
Internet voting – or as it is called in Estonia, i-voting – is available in the country from the tenth to the fourth day prior to election day. Voters can change their electronic votes an unlimited number of times, with the final vote being tabulated. It is also possible for anyone who votes using the internet to vote at a polling station during the early voting period, invalidating their online vote. It is just not possible to change or annul the electronic vote on the actual election day.
Growing number of online voters
As with most digital services introduced in Estonia, convenience matters – online voting saves time and paper. Though there is also another reason – internet voting gives those who otherwise might not vote an opportunity to do so. In an age where the younger generation of voters might not bother walking to a traditional polling station, internet voting can increase political participation – and thus democracy.
Estonians have increasingly embraced the digital voting option. In 2005, when it was introduced at local elections just 1.9% of the voters cast their vote online. However, by the 2015 parliamentary election, 30.5% of the voters used internet to make their democratic choice clear. Trust is clearly growing.
Safeguards are always in place
So far, there has not been a single incident where an online vote in Estonia was under suspicion – nor has there been any successful hacking episode. However, due to the Estonia’s pioneering status in the field – just a handful of countries in the world have ever allowed any kind of electronic voting – there are still plenty of those who question its integrity. While a few domestic politicians have voiced criticism, most of the scepticism has so far come from abroad.
For years a small number of foreign IT-experts have maintained that any voting system that transmits voted ballots electronically cannot be secure. The Estonian Information System Authority, which executes supervision over government’s cyber security, has always dismissed these claims, describing them as a political rather than technical attack, against the country’s i-voting system. In fact, the authority says i-voting is significantly more secure than paper ballots – safeguards are always in place. This includes audits, not only for the IT-system, but also for the procedures and the results. It includes constant monitoring of the system and improvements and patches throughout time.
Then there was an OSCE (Organisation for Security and Cooperation in Europe) election observation mission that suggested implementing cryptographic measures to ensure voting was observable. Tarvi Martens, the National Electoral Committee’s head of i-voting, says the new software, introduced ahead of the upcoming Estonian local elections on 15 October, should asway the OSCE’s concerns about the end-to-end verifiability.
“Before, an online voter could always be assured that their vote reached the server properly – there is an application which makes sure a vote is delivered. But the only way to check that the votes in the server were counted properly – and that they didn’t just ‘disappear’ – was through the audit,” Martens says. “The election monitors and auditors could observe whether we conduct everything according to our manual – but there was no way to control how correct this manual and software was.” According to him, smart cryptographic measures that prove the integrity of the online voting, have been implemented.
Martens also brushes aside the criticism, specifically by a team of “international computer security experts”, who in May 2014 claimed they would be able to breach the Estonian online voting system, change votes and vote totals, and erase any evidence of their actions if they could install malware on the election servers. “The critics mostly watched videotapes [of the election process] – they didn’t ask questions. Then they made arbitrary conclusions. It was clearly a political attack because the team turned up a day before the election and made hostile announcements. Scientists don’t behave like that,” Martens says.
He concedes that convincing other nations to follow Estonia’s suit with online voting is not the easiest of tasks because there are too many fears about cyber security and countries are not willing to take risks. He doesn’t completely rule out risks with internet voting – like with any kind of voting for that matter. But he points out that if worse comes to worst and there is an unknown disruption, it is always possible to annul the internet voting and vote traditionally, via ballot box, on the actual election day.
“Estonians have a unique situation – we have an ID card system and people actually use it. This is an electronic identity and forms a basis to determine who is actually sitting behind a computer – this authentic tool is a necessary attribute for internet voting,” Martens explains.