Just days ahead of elections, researchers warned Estonia's e-voting system could be rigged.
Image: Flickr/European Parliament
Days before voting opens for Estonia’s European elections, a group of researchers came out with a summary of a report that questioned the security of the country’s innovative online voting system. They said that they had found “such serious security vulnerabilities” that, by their recommendation, e-voting should be discontinued.
That happened on Monday, and e-voting for the country’s European elections opens on Thursday morning. Estonia’s Electoral Committee seemed as surprised at the news as anyone, and since then the findings have spurred rebuttals (and rebuttals of rebuttals), ignited political debate, and thrown the whole idea of e-voting into disarray.
It seems rather quaint that, when we can do everything else on our iPhones, most of the world still votes by trudging along to polling stations to drop cards in boxes or sending paper ballots by snail mail. Estonia, the small country with the big technological reputation, introduced e-voting as an option in 2005, and over 20 percent of voters have used it in recent elections, with voters using the chip in their national ID card and a PIN to prove their identity. The National Electoral Committee notes that it’s particularly useful for voters who live remotely or travel a lot, and said that in the last two elections e-votes were collected from 105 different countries.
But the convenience of e-voting is rather undermined if it’s not secure, and this new report pulls no punches, even going so far as to suggest that Russia could use security flaws to rig the election. “Estonia’s Internet voting system blindly trusts the election servers and the voters’ computers,” Alex Halderman, a University of Michigan computer scientist on the international team behind the report, said in a press release.“Either of these would be an attractive target for state-level attackers, such as Russia.
The group called a press conference on Monday to inform everyone—media, political parties, government—of their findings at the same time. They released videos that demonstrate attacks on a replica they built of the Estonian e-voting system, like the one below:
In the videos, they suggest that both voters’ computers and the election servers are at risk of attack, with insufficient observation to properly audit such breaches.
So is the dream of e-voting dashed? It depends who you ask.
The Estonian Electoral Committee published a response to the findings in which they state that the researchers had not discovered any new attacks that weren’t already taken into consideration, that the attacks they outlined aren’t feasible, and that the e-voting system has passed all security tests in the past. “We believe that online balloting allows us to achieve a level of security greater than what is possible with paper ballots,” they wrote.
Priit Vinkel, the Electoral Committee’s head of staff, told me that with paper balloting, for instance, the reliance on the postal system presents a big risk. “When we look at internet voting, all the most important components of the system are under the control of the central electoral organisers, and therefore can be controlled, audited, and looked upon,” he said.
He admitted that there will inevitably be flaws in the e-voting system—“You can never have 100 percent security in any system”—and that the voter’s computer was the weakest link, as it's out of their control. But even if a vote was somehow wrongly sent from a voter’s computer, he said, it was possible for individuals to change their vote. “It’s possible to verify the vote that has been sent to the central servers after the voting procedure,” he said. In any case, people can change their ballot online or at a polling station until voting ends.
The Electoral Committee also complained that the researchers hadn’t shared the full results with them, nor notified them in advance except to warn them on Saturday of a press conference on Monday. Vinkel told me they were “as surprised as the rest of the media” and rather thrown by the timing of the release. At this point, he said, e-voting would open as planned tomorrow.
But inevitably, the issue has become politicised. “This has been of course used as a kind of political material as one party, based on that, wanted to stop internet voting because of these allegations,” said Priit. That was Estonia’s Centre Party, which has a history of criticising the e-voting system.
The group of researchers behind the report is independent, but local site Baltic Business News points out that the trip that initiated their report (they were invited to observe the e-voting system in action in October 2013) was paid for by the Tallinn City Government, controlled by the Centre Party. However, the researchers emphasise they did not accept any financial support from within Estonia after that, nor were they in contact with any Estonian parties.
Jason Kitcat, a UK councillor on the international team, disagreed with assertions that e-voting is as secure as other systems or that attacks were unfeasible. He said the audits they had observed in Estonia were not detailed enough to pick up on sophisticated attacks. “What we’ve been able to show is that you can undetectably modify votes with attacks if you’re a sufficiently resourced attacker, both at the client’s end, the voter’s end computer, or through access to the vote servers,” he said.
On the timing of their release, he said it was unfortunate they couldn’t have raised issues sooner, but that their work had simply taken this long to complete and that they felt “duty-bound” to announce their findings before the elections this week.
Talking to Kitcat, it was clear that the researchers were united in their opposition to the idea of e-voting in general. “It’s our view as a team—and it’s a view of many colleagues in the field that we’ve discussed this with over the years—that the current field of technology means that e-voting, online voting, cannot be done in a sufficiently secure and accurate and secret way,” he said.
The potential problems with any kind of voting technology, and particularly online systems, have been discussed for a long time, but the extent to which these outweigh the benefits, and how they stand up to the certainly not-insignificant problems with conventional voting methods, is clearly still up for dispute.
For now, it looks like pens and paper won’t be going obsolete any time soon.