Saturday, October 10, 2009

The Case of Estonia: The First Country to Use Online Voting for a National Election

A nation striving to diverge from its Soviet past, Estonia allowed online voting for its 2005 local elections and its 2007 Parliamentary Elections. According to John Bordland,

“With his online vote for parliament, the entrepreneur helped make a bit of elections history. This small Baltic country is in the midst of its first -- and the world's first -- national election featuring internet balloting open to all voters”

The real-world implementation of a revolutionary voting medium on a national scale asks us to question whether or not the system is actually consistent with democratic procedure; if a voting system does not accurately account for the will of the people through poor implementation (e.g. security lapses), then it fails to be democratic.

Even prior to the election, computer scientists in more developed countries such as the United States have shown skepticism toward Estonia’s plan to implement online voting. Bordland describes,

“Critics worry that voting systems using ordinary Windows PCs and the open internet could be hacked by unscrupulous outsiders, or subverted insiders. A high-profile United States Defense Department system called SERVE, or Secure Electronic Registration and Voting Experiment, aimed at allowing overseas military personnel to vote was canceled after a 2004 review by computer security experts said it presented an easy target for hackers. Those same concerns apply to Estonia's system, some security experts warn.”

The online voting system, though intended to make voting more accessible for the general public, may just be a little too "accessible." If malicious stakeholders such as power-hungry politicians, special interest groups, and exploitative nations who find it beneficial to rig elections in favor of one candidate or another for economic or national security reasons hack the online voting system, could Estonia justifiably claim that its elections represent the will of the people? If current technology is so susceptible to attack, how can Estonia justifiably rely on it? According to the Estonian National Electoral Committee,

“Besides the main functional tasks the iVote system management is largely focused on the security. The system is only online during ballots and the secrecy of votes is guaranteed by advanced encryption technologies as well as by special operational means…The results of the study concerning the parliamentary elections in March 2007 will be available later this year.”

The National Electoral Committee’s “guarantee” of the secrecy of votes and vague “special operational means” seems mind-boggling, considering that the committee simultaneously admits that the results of its parliamentary elections are not even available; the parliamentary election occurred in 2007 and a legitimate evaluation of the election’s security lapses has not been publically released yet. How can the Estonian government justifiably guarantee the security of online voting when the 2007 election was the very first time any government has ever implemented the voting procedure? Can a government that claims that the implementation of its voting procedure was “successful” without making the security issues of its election transparent to its constituents be trusted with online voting?

Works Cited:

Bordland, John. "Online Voting Clicks in Estonia." Politics: Security. 2 March 07. WIRED. 11 October 09. http://www.wired.com/politics/security/news/2007/03/72846.

Maaten Epp (Estonian National Electoral Committee Vice Chair). "Internet Voting in Estonia." 01 July 2009. National Electoral Committee. http://www.epractice.eu/en/cases/ivote.

2 comments:

  1. Very interesting. I didn’t know that Estonia had done this. Has there been much discussion of the security issues in the computer industry trade press, blogs, etc.? It’s interesting to note from the Wikipedia article that they start by having an electronic national ID card http://en.wikipedia.org/wiki/Estonian_ID_card

    This might help with some of the endpoint fraud issues, but of course doesn’t address the system problems of hacking. It’s also of note that only a small fraction of voters used it. This makes the problems less severe, but of course the goal is to increase the number so that’s a temporary comfort.

    It will be interesting to see how this evolves in future elections. Based on the 2005-2007 sequence, I assume they have one this year.

    Also I like the idea of having online voting on your site about online voting!

    ReplyDelete
  2. If cell phone voting proves to be secure in Estonia, look out world!

    Suppose cell phone voting is conducted in India. The BBC reports that India’s paper based election took something like five months to complete. With online/cell phone voting, it could be done in a couple of days. Plus, it could be more honest and with a more accurate count.

    Suppose cell phone/online voting had been done in Afghanistan? If the technology is secure, all the paper based fraud would have been eliminated.

    People all over the world have cell phones, even the poor.

    ReplyDelete