Recent research on e-voting: the case of Estonia

Safety and security of national voting systems is a topic that is addressed at almost all cyber security conferences. Yesterday I talked about the challenges of e-lifestyle at the first Finnish Cyber Spirit Conference in Helsinki and said that nobody has proved that i-voting is less secure than traditional voting with paper and pencil and voting boxes. I also promised to suggest additional reading about researches conducted by Estonian and foreign ICT experts on e-voting and e-voting in Estonia.

But first I would like to clarify some basic points.

First, Estonian e-voting is Internet voting or i-voting – a system that allows voters to cast ballots online and should not be confused with electronic voting systems involving technical devices/machinery and used in some other countries.

Secondly, all digital services are vulnerable, as are all smart devices and „offline“ services. Some risks are common – e.g. human factor involved in both voting systems, some risks are different: hacking versus corruption or falsifying of voting results. There is no 100% secure voting system – neither online, nor offline. But there are possibilities, even obligation to face the challenges and take appropriate measures to minimize risks.

Thirdly, Estonian i-voting system is developed by Cybernetica (https://cyber.ee/en/e-government/i-voting/) in close cooperation with foreign experts, including the testing of the system, finding vulnerabilities etc.

And finally, i-voting could be introduced in the countries where people trust Government and Government takes all necessary steps (political, legal, educational) to provide secure and safe digital/e-services. I-voting can’t be imposed on people but people can demand it from the State, the same way as people can demand better services in the „offline world“.

There is a lot of general information about Estonian i-voting. Attached are the links to the website of the Estonian National Electoral Committee that provides general information about i-voting http://www.vvk.ee/voting-methods-in-estonia/ and the Cybernetica’s white paper on Internet voting system that is more specific and technical. https://cyber.ee/uploads/2013/03/cyber_ivoting_NEW2_A4_web.pdf

I also consulted with Kristjan Vassil, senior research fellow at the Johan Skytte Institute of Political Studies at the University of Tartu, one of the leading experts in the field. He published along with Mihkel Solvak (also senior research fellow at the Johan Skytte Institute of Political Studies at the University of Tartu) in 2016 a study „E-voting in Estoia: Technological Diffusion and Other Developments Ovr 10 years“.

http://skytte.ut.ee/sites/default/files/skytte/e_voting_in_estonia_vassil_solvak_a5_web.pdf

I would also suggest another research – an international study „Potential and Challenges of voting in the EU“ commissioned and supervised by the European Parliament and conducted by the DG for Internal Policies, that analyzes e-elections from the EU perspective. The study looks into recent Internet voting cases/practices in Estonia, Norway and Switzerland. Here are some key findings of the study:

  • Estonia is a successful case of implementation of Internet voting: the number of individuals voting over the Internet has been increasing consistently, voters who try Internet voting remain loyal to this option, and Internet voting is now entirely diffused over the electorate.

 

  • Switzerland has been carrying a gradual and decentralized bottom-up implementation of Internet voting coordinated at the national level. The results have been extremely encouraging and the plans are to further expand the system.

 

  • Norway conducted trials between 2011 and 2013 but cancelled the project in 2014 due to security concerns expressed by political actors and absence of increase in turnout levels.

 

The study concludes that “Internet voting has been implemented successfully and has gone beyond the trial stage in multiple contexts. E-voters are growing in numbers and remain loyal to Internet voting after having been exposed to it. Internet voting for the European Parliament elections could build on the Estonian case.”

The study also underlines that „in a sense, and despite legal, security and political concerns that will probably always be there, independently from whether one has introduced Internet voting or not, the European Union now has the opportunity to take up these challenges in order to bring European Parliament Elections closer to the citizens. For sure, Internet voting won’t be the panacea for European democracy. But it has the potential to facilitate access to the polls and serve as an example for other constituencies concerned with the modernisation of electoral processes.“

 

For more information please visit http://www.europarl.europa.eu/RegData/etudes/STUD/2016/556948/IPOL_STU(2016)556948_EN.pdf

I would also like to suggest a study by Maarit Ströbele, Nele Leosk and Alexander H. Trechsel Two Countries / Two Decades / Two Outcomes: A brief comparison of e-government solutions in Estonia and Switzerland that was published in January 2017.

 

The main goal of the report is to develop a selective overview of the current situation in Switzerland and to compare it with Estonia, which has successfully introduced a nationwide e-government system.

 

The report states that „Estonia owns its e-governance success to two main building blocks: the Data Exchange Layer X-Road and the electronic identity (eID)“ and analyzes in depth both concepts.

 

For more information please visit

http://procivis.ch/wp-content/uploads/2017/01/Report-Two-Countries-Two-Decades-Two-Results-vFinal-January-25-2017.pdf

 

In conclusion– these are just a few references to independent studies that provide information about practical, technical and political aspects of e-voting/i-voting in Estonia and in other countries. Digital/e/i-services are never 100% safe and secure, as also offline services are never 100% safe and secure. But the risks can and should be minimized. Cyber revolution came to stay, digital services came to stay. Smart countries take advantage of that and don’t step back when facing the challenges caused by the use of ICTs. On the contrary – they face the challenges and tackle the challenges for the benefit of their people and societies.

Jäta kommentaar