In a criticism of a system the country has widely touted, an international team of independent experts identified "serious security vulnerabilities" in Estonia's Internet voting system and recommended its immediate withdrawal, but government representatives dismissed the findings as a unconstructive and possibly malicious criticism from relatively little-known researchers.
The team members were officially accredited to observe the Estonian Internet voting system during the October 2013 municipal elections, said the experts in a statement. The full report and videos explaining the findings are at https://estoniaevoting.org.
The problems, referred to as "alarming," included lax and inconsistent operational security, insufficient transparency measures for proving an honest count, and a software design that was vulnerable to attack from foreign powers, they said.
The Estonian Electoral Committee responded, saying that the report caught them by surprise and they have had no cooperation or contact with the group.
"The report is really not fair, and unhelpful," said Priit Vinkel, head of the committee, who said the system will go online Thursday at 9:00 to allow Estonian citizens to vote in the European Parliamentary elections.
"The timing is suspicious for us, with it being announced right before the election process begins. We are really happy with constructive criticism, but there is nothing that we see in the report that we already did not know and have been addressing."
Vinkel said that the Electoral Committee had no contact with the group until receiving notice that the report would be up on the web, and that there would be a press release and a press conference. He said that after every election, a technical team looks at the election data and looks for weak spots to upgrade the system.
Vinkel said the largest improvements in the past year have been to improve the verification system, specifically for mobile devices. He mentioned iPhones and iPads.
"We want to give the voters confidence that their votes will get the same results through the e-voting system," he said. "We were blindsided by the website allegations. We were busy doing our job."
The e-voting group, which observed the October 2013 municipal elections in Tallinn, said in its online report that Estonia's internet voting system should not be used for the European Parliament elections because its security vulnerabilities could lead to faked votes or totals, pointing to what it terms "fundamental security weaknesses and poor operational procedures."
The group said that they observed sloppy procedures by election officials, such as typing passwords and PIN numbers in view of cameras, using insecure computers and internet connections.
The researchers said they also analyzed published documents, source code and software, and then conducted experiments with a laboratory recreation of the e-voting system. While noting that the system might have been adequate when it was launched, it is now "dangerously out of date", and insufficient to protect against manipulation in an era of state-sponsored cyberattacks. The report said that "Estonia’s system places extreme trust in election servers and voters’ computers — all easy targets for a foreign power."
The report concludes there are "multiple ways that today’s state-level attackers could exploit the Estonian system to change votes, compromise the secret ballot, disrupt elections, or cast doubt on the fairness of results."
The report also suggested that those kinds of attacks could occur by sufficiently motivated nation states, or well-funded candidates who hired criminal hackers with the requisite skills.
In June 2009, approximately 44% of eligible voters took part in the European Parliament elections, and about 60,000 used e-voting methods. In the parliamentary elections of March 2001, 61% of the electorate voted, and a little less than one-quarter voted online. Once Estonia's e-voting starts on Thursday, it will continue for seven days until 18:00 on May 21.
The group said it received a grant from the United States' National Science Foundation to carry out the research. It also received money from the Tallinn City Council to cover its lodging and expenses during its observer mission in 2013.
The authors of the report also said it used the published source code and client software in a laboratory setting, and said it found it vulnerable to a range of attacks that could alter election results, including server-side attacks that installs malware that rigs the vote count, and client-side attacks using bots that overwrite ballots that have been cast. The report concluded that despite gestures towards transparency in the voting system, such as releasing portions of the software as open source code, Estonia's system fails to provide compelling proof that election outcomes are correct.
Vinkel said that many of the report's alleged problems, such as "key logging", have been known since the start of the e-voting system, and they are not new threats.
"We look for blind spots after every election," he said. "We look for loopholes, and carry out audits to see that the results match up. In the case of this report being released this week, we really don't know what to think."
Attempts to contact the head of the group, Dr. J. Alex Halderman, an assistant professor of electrical engineering and computer science at the University of Michigan, were unsuccessful. Many of the members of the team that put the report together have been harshly critical of electronic voting systems around the world.
A vaunted and unique system
Estonia's e-voting system - the only one in the world to see significant use - has been used for five elections, including general, local and European Parliament elections since it was introduced in 2005.
A new feature at the October local government elections was an Android-based electronic receipt of sorts that allows a voter to verify if their e-ballot went through properly.
Estonia is sometimes dubbed "E-stonia" for services such as e-taxes, e-school, e-medicine and other innovative, bureaucracy and cost-cutting public services.
Past controversy has mainly played out in a feud between the ruling party and the opposition party run by Tallinn's mayor (who was notably more popular among ballot voters than e-voters in 2009).
In one episode, Tartu University student Paavo Pihelgas discovered a theoretical security hole making it possible for a virus to block votes to certain candidates without the voter knowing that tampering occurred. Pihelgas came forward after the 2011 general elections, when 24.3 percent of votes were cast online.
The student petitioned the Estonian Supreme Court to invalidate the electronic voting results. On March 21 the court's Constitutional Review Chamber rejected his petition on the grounds that it lacked substance - no actual manipulation had been found nor had an impact on the election's outcome been established.
Days afterward, the Center Party, which fared relatively poorly in the elections, attempted to have the results annulled based partly on the student's findings, saying there were significant deficiencies in the electronic voting system. Later, the party unsuccessfully attempted to put an end to e-voting through legal avenues.