Electronic voting in Estonia
The idea of having electronic voting in Estonia gained popularity in 2001 with the "e-minded" coalition government. Estonia became the first nation to hold legally binding general elections over the Internet with their pilot project for the municipal elections in 2005. The electronic voting system withstood the test of reality and was declared a success by Estonian election officials. The Estonian parliamentary election in 2007 also used internet voting, another world first.
The term Power voting (or e-voting) can refer to both fixed voting locations (as in voting booths) and remote (as in over the Internet) electronic voting, in order to reduce the confusion between the two the electronic voting in Estonia is called i-Voting. The security model is modeled after the way in which advance voting and postal voting is handled.
Overview of Estonian Internet voting
The Estonian internet voting system builds on the Estonian ID card. The card is a regular and mandatory national identity document as well as a smart card allowing for both secure remote authentication and legally binding digital signatures by using the Estonian state supported public key infrastructure. As of March 2007 over 1.08 million cards have been issued (out of a population of about 1.32 million).
Internet voting is available during an early voting period (sixth day to fourth day prior to Election Day). Voters can change their electronic votes an unlimited number of times, with the final vote being tabulated. It is also possible for anyone who votes using the Internet to vote at a polling station during the early voting period, invalidating their Internet vote. It is not possible to change or annul the electronic vote on the Election Day. A comparison of the cost-efficiency of the different voting channels offered in the Estonian Municipal Elections (2017) concluded that the Internet Voting is the most cost-efficient voting channel offered by the Estonian Electoral System.
The principle of "one person, one vote" is sustained as the voter can potentially cast more than one ballot but still only a single vote. This was challenged in August 2005 by Arnold Rüütel, the President of Estonia, who saw the new e-voting provisions in the Local Government Council Election Act as a breach of the principle of equality of voting. The President brought a petition against the e-voting provisions to Estonian Supreme Court but lost.
Transparency and verifiability
According to 2011 recommendation of OSCE/ODIHR election observers and because of voting client hacking case brought to Supreme Court in 2011, Estonia implemented verification of the vote for individual voter in 2013. Verification is done using smartphone application, using QR code from the screen of desktop voting client, after which on the screen of smartphone verification application displays the name and number of the candidate the vote was cast for. Individual verification is implemented for the voter to verify that the vote cast was stored on vote collecting server up to 30 minutes or one hour, depending on the election. There are no direct means for the voter to verify that the vote was also tallied as cast.
Server side source code of voting system was published in June 2013 because of pressure by civil society lead by computer scientist Tanel Tammet, one of the authors of research papers on requirements for electronic voting from 2001. The code was published on GitHub and has been available for all following elections. Neither voting client source code nor reference code has been published as election officials determined this would make it easy for malevolent actors to build fake clients. As voting protocol is public, anyone can build a client.
Again, motivated by report of OSCE/ODIHR election observers in 2015, extensive reports of independent observing team lead by J Alex Halderman in 2015 and public pressure by local activists, universal verifiability of vote tallying was introduced in 2017. Verification of the tally is done by mixnet making use of homomorphic properties elGamal encryption provided by library by Douglas Wikström. Universal verification of the tally is not a mandatory part of the process and is conducted by the dedicated data auditor. Tallying the votes with mixnet is done in parallel with plain text extraction of the votes from encrypted envelopes, which are decrypted using secret key of voting commission and of which the digital signatures of voters are removed during the process.
Although white paper of the 2017-2019 implementation of electronic voting system claims to embrace end-to-end verifiability, this has been denied by independent researchers. Inclusive working group to assess "verifiability, security and transparency" of the electronic voting was created by minister of entrepreneurship and information technology of newly elected government in June 2019, which produced a report consisting of 25 improvement proposals, proposals 11, 13 and 25 referring to the problems with the concept of verifiability. The coalition agreement of government also states the need for independent international audit for the system.
Despite praise from Estonian election officials, computer security experts from outside the country that have reviewed the system have voiced criticism, warning that any voting system which transmits voted ballots electronically cannot be secure. This criticism was underscored in May 2014 when a team of International computer security experts released the results of their examination of the system, claiming they could be able to breach the system, change votes and vote totals, and erase any evidence of their actions if they could install malware on the election servers. The team advised the Estonian government to halt all online voting, because of the potential threats that it possessed for their government.
The Estonian National Electoral Committee reviewed the concerns and published a response saying that the claims "give us no reason to suspend online balloting"; the purported vulnerabilities were said to be either not feasible in reality or already accounted for in the design of the e-voting system. The Estonian Information System Authority also responded to the claims, describing them as a political, rather than technical, attack on the e-voting system, and criticizing the method of disclosure. The connection of international researchers group to the Estonian Centre Party (which has long been critical of e-voting) has also been a common speculation among Estonian state officials and has been even suggested by prime minister.
The main author of a white paper for Estonian electronic voting from 2001, Helger Lipmaa has been critical of the system up to the level of using paper ballots himself. The main author of second white paper for Estonian electronic voting from 2001, Tanel Tammet has been campaigning for opening up the source code and implementing independent parallel systems to guarantee trust in the e-voting. Server side code was published with Creative Commons BY-NC-ND license on GitHub as result of those efforts in July 2013.
OSCE/ODIHR election observation mission has voiced concerns about Estonian e-voting during all parliament elections, starting from proposal to suspend e-voting if the problems are not addressed in 2007, then in 2011 suggesting election commission should create an inclusive working group for improving e-voting and implement cryptographic measures to ensure voting is observable and noting that verification implemented for 2015 only partially addresses previous recommendation.
In 2012 overview of international experience with e-voting, IFES independent researchers notice that although insofar successful, in situation of "emerging international electoral standards with respect to Internet voting" Estonian voting system faces necessary improvements for "better legislation, a transparent policy and formalized procedures" as well as "broader democratic goals, such as enhancing civic e-participation" need to be considered.
In 2013 Free Software Foundation Europe criticized partial publishing of the source code of e-voting system and for using non-software licenses for publication. FSFE also suggests researching into solutions that lessen reliance on system administrators and instead build the system on cryptographic models of trust. Since the weakest part of voting infrastructure is voter's computer, FSFE suggests Estonia should mitigate the risks of unnoticed subversion of votes in compromised client machines and "publicise the dangers as widely as possible, along with instructions to minimise the risk and rectify the situation should a risk realise".
There have been also attempts to expose problems of voting system by proofs of concept. In 2011 Paavo Pihelgas created a trojan that was theoretically able to change voter's choice without user noticing. He used this as basis for filing an election complaint and demanded that Supreme Court invalidates election results. The court dismissed the case because Pihelgas's "voter's rights had not been infringed as long as he had knowingly put himself into the situation".
In 2015, an activist from the Estonian Pirate Party, Märt Põder, took credit for casting an invalid ballot "using a GNU debugger to locate the breakpoint in Linux IVCA where the candidate number is stored and replace it with an invalid candidate number". Being only one among 176 491 e-voters to do it, the activist explained to the media that client application source code should be opened up and taught as part of general education in public schools to make people trust e-voting. Later negotiating with electoral commission an activist went on to stress that end-to-end verifiability is a prerequisite for reliable e-voting and that the whole process of planning, procuring and implementing e-voting should be conducted also in English and that way opened up to international community for proper scrutiny.
In 2016 University of Oxford computer scientists while acknowledging relative success of conducting e-voting claimed that e-voting system officials "have relied since the system’s inception on building trust through interpersonal relations" and that "may work well for a close-knit society such as that of Estonia", however "informal processes (including lessons learned) should be further clarified and formally documented".
In beginning of June 2019, minister of entrepreneurship and information technology Kert Kingo of the newly elected government created an inclusive working group to assess the "verifiability, security and transparency" of the Estonian electronic voting system. The working group consisted of state officials, representatives from universities and research institutes, critics, and creators of the system. In December 2019 they presented results of the six-month investigation, with 25 proposals for improving the core infrastructure of the Estonian e-voting system.
In the 2017 local municipal elections, 186,034 people voted over the Internet. This means that roughly 31.7% of participating voters gave their vote over the Internet.
In the 2013 local municipal elections, 133,808 people voted over the Internet. This means that roughly 21.2% of participating voters gave their vote over the Internet. It was also the first election where vote verification with mobile device was implemented. 
In the 2011 parliamentary elections, 140,846 people voted over the Internet. This means that roughly 15.4% of the persons with the right to vote and 24.3% of participating voters gave their vote over the Internet. It was also the first election to allow for voting through chip-secure mobile phones, following a law approved by Parliament in 2008.
In 2007 Estonia held its and the world's first general elections with Internet voting available from February 26 to 28. A total of 30,275 citizens used Internet voting (3.4%), which means for every 30 eligible voters one of them voted through the Internet.
In 2005 Estonia became the first country to offer Internet voting nationally in local elections. 9,317 people voted online (1.9%).
Outcome and results
See the material on the homepage of the Estonian National Electoral Committee: http://www.vvk.ee/index.php?id=11509
Number of persons with the right to vote: 1,059,292 Votes: 502,504 - valid (with e-votes) 496,336 - invalid 6,168 Voter turnout: 47% E-votes given: 9,681 - incl. repeated e-votes 364 Number of e-voters: 9,317 E-votes counted: 9,287 E-votes cancelled: 30 Percentage of e-votes among all votes: 1.85% Percentage of e-votes among votes of advance polls: 8% Number of e-voters who used ID card electronically for the first time: 5,774 Percentage of e-voters who used ID card electronically for the first time: 61%
- "BBC NEWS | Europe | Estonia forges ahead with e-vote". news.bbc.co.uk. 2005-10-14. Retrieved 2017-01-29.
- Reports and Statistics about Internet Voting in Estonia
- Estonia to hold first national Internet election, News.com, February 21, 2007
- "Archived copy" (PDF). Archived from the original (PDF) on 2010-11-18. Retrieved 2010-01-07.CS1 maint: archived copy as title (link)
- "Isikut tõendavate dokumentide seadus – Riigi Teataja".
- What is the ID card?
- ID Card Issuing Statistics info-box at the top of the page
- "Elections and E-Voting". Archived from the original on 2015-04-07. Retrieved 2007-03-01.
- Krimmer, Robert; Duenas-Cid, David; Krivonosova, Iuliia; Vinkel, Priit; Koitmae, Arne (2018), Krimmer, Robert; Volkamer, Melanie; Cortier, Véronique; Goré, Rajeev (eds.), "How Much Does an e-Vote Cost? Cost Comparison per Vote in Multichannel Elections in Estonia", Electronic Voting, Springer International Publishing, 11143, pp. 117–131, doi:10.1007/978-3-030-00419-4_8, ISBN 9783030004187
- Judgment of the Constitutional Review Chamber of the Supreme Court, Case No. 3-4-1-13-05
- Juvonen, Atte (October 1, 2019). "A framework for comparing the security of voting schemes" (PDF). Blog of Atte Juvonen. p. 79. Retrieved May 28, 2020.
- "E-voting task force finishes report including 25 proposals for improving system". Post Times - Estonian News. Baltic News Service. 13 December 2019. Retrieved 2 May 2020.
- "E-valimiste turvalisuse töörühma koondaruanne" (PDF). Ministry of Economic Affairs and Communications. December 12, 2019. Retrieved May 28, 2020.
- "Report on the Estonian Internet voting system," Sept. 3, 2011. https://www.verifiedvoting.org/report-on-the-estonian-internet-voting-system-2/
- "Independent Report on E-voting in Estonia," https://estoniaevoting.org/
- Comment on the article published in The Guardian
- E-voting is (too) secure
- Attacks on Estonia's e-voting are political rather than technical
- Security Analysis of Estonia's Internet Voting System [31c3] by J. Alex Halderman
- "The criticism made headlines in the international media, receiving coverage from The Guardian and the BBC. This led to a public debate between Alex Halderman and the Estonian authorities. According to Professor Robert Krimmer, the report had many valid points, although the assessment of the impact could be debated. The results of the debate, in terms of immediate consequences, was limited, however."
- E-valimiste realiseerimisvõimaluste analüüs
- Paper-voted (and why I did so)
- E-valimised Eesti Vabariigis: võimaluste analüüs
- E-valimiste võimalikud tehnoloogilised platvormid
- Teeme ära avaliku e-valimiste kontrolli, kõik huvilised turvaspetsid oodatud kaasa lööma!
- Release of E-Election Software Code 'Did Not Go Far Enough'
- "Yet, unless the above-mentioned factors are effectively addressed, the authorities should reconsider whether the internet should be widely available as a voting method, or alternatively whether it should be used only on a limited basis or at all."
- "In recent years, advances have been made in the field of cryptography to enable end-to-end verification of the votes cast, i.e. a possibility for an individual voter to verify that his/her vote was (i) cast as intended, (ii) recorded as cast, and (iii) counted as recorded. /—/ Estonia's Internet voting system does not employ such tools. /—/ The OSCE/ODIHR recommends that the NEC forms an inclusive working group to consider the use of a verifiable Internet voting scheme or an equally reliable mechanism for the voter to check whether or not his/her vote was changed by malicious software."
- Heiberg, Sven; Willemson, Jan (2014). "Verifiable internet voting in Estonia" (PDF). IEEE Conference Publications. 2014 6th International Conference on Electronic Voting: Verifying the Vote (EVOTE): 1–8.
- "The NEC introduced a verification process for voters to confirm that their online vote was cast as intended and recorded on the ballot storage server as cast, which partially addressed an OSCE/ODIHR recommendation."
- International Experience with E-Voting
- Open Letter on Freedom and Internet Voting to Estonia's National Electoral Committee
- OSCE findings on Estonian e-voting
- Complaint of Paavo Pihelgas to invalidate the electronic voting results of 2011 parliament elections
- Heiberg, Sven; Parsovs, Arnis; Willemson, Jan (2015). "Log Analysis of Estonian Internet Voting 2013--2015, section 5.24.1".
An activist from the Estonian Pirate Party took credit for casting the spoiled ballot . The technique employed involved using a GNU debugger to locate the breakpoint in Linux IVCA where the candidate number is stored and replace it with an invalid candidate numberCite journal requires
- Kuidas ma e-valimisi otsast natuke häkkisin
- Püüan nüüd aktivistina olla läbipaistvuse osas riigile eeskujuks ja annan teada, et käisin neljapäeval Vabariigi Valimiskomisjonis vestlusel
- Vaadeldamatu e-hääletus pole usaldusväärne
- An Independent Assessment of the Procedural Components of the Estonian Internet Voting System
- "Kinnitati e-valimiste töörühma koosseis". Ministry of Economic Affairs and Communications. 21 June 2019.
- "Väliskaubandus- ja IT-minister kutsub kokku elektroonilise valimissüsteemi ja elektroonilise hääletamise töörühma". Ministry of Economic Affairs and Communications. 7 June 2019.
- Punamäe, Sander (26 June 2019). "E-voting creator: the system is bulletproof". Postimees.
- "Estonian e-voting creator deems formation of working group political statement". The Baltic Times. 2019-06-26.
- "Voting results in detail".
- "Valimistulemus valdades ja linnades".
- "Statistics about Internet Voting in Estonia".
- "Statistics about Internet Voting in Estonia".
- "Verifiable Internet Voting in Estonia" http://research.cyber.ee/~jan/publ/mobileverification-ieee.pdf
- Jari Tanner, Associated Press (2008-12-12). "Estonia to vote by mobile phone in 2011". USA Today.
- "E-hääletanute arv tõusis üle 100 000". Archived from the original on 2009-10-17. Retrieved 2009-10-14.
- "Internet Voting in Estonia".
- Estonia claims new e-voting first, BBC March 1, 2007
- Estonia pulls off nationwide Net voting, News.com, October 17, 2005
- Internet Voting in Estonia: Statistics and Methodology
- E-Voting in the 2005 local elections in Estonia by Fabian Breuer and Alexander H. Trechsel, European University Institute, Report for the Council of Europe
- E-Voting Uses in Elections in Estonia Entry on Estonia in the International E-Voting Database hosted by E-Voting.CC
- Practical Security Analysis of E-voting Systems by Triinu Mägi, a master thesis studying the security of the Estonian e-voting system and Secure Electronic Registration and Voting Experiment (SERVE)
- E-Voting Conference: Lessons learnt and future challenges Agenda and presentations of the Oct 2006 Tallinn conference, hosted by the e-Governance Academy (an Estonian e-governance and e-democracy NGO, organiser of the event)
- 2nd International Workshop on Electronic Voting 2006 in Bregenz, Austria.
- An interview on YouTube about the trust-aspect of i-voting in Estonia with Thad Hall from the University of Utah who was observing the elections in Estonia. Skip to 01:30 for the actual interview.
- "Online Voting Clicks in Estonia" An article in Wired News on e-voting in Estonia that is also mentioned at the beginning of the interview with Thad Hall.
- "Centre of Excellence for Internet Voting" Based in Estonia, network of engineers that specialise in the implementation of Internet voting in Government elections.