Volunteers to Put E-Voting Software to the Test
A group of IT experts says it intends to carry out a test attack on Estonia's e-voting software following the release of the source code two weeks ago.
Although it was possible to test the system before the code was made public, only administrators had access to the results, reported Õhtuleht.
The group of volunteers, led by security expert Renee Trisberg, says it hopes to finish testing the voluminous and complex system one month ahead of Estonia's next local elections, on October 20 (electronic voting begins 10 days earlier).
Since the general framework of the e-voting system has been public for years, Trisberg said, he believes that it is generally secure and that his team can only expect to find minor errors.
"I have been a supporter of the e-elections. One must do his part to ensure that nothing happens, even just a simple mistake. Years of finger-pointing will follow if a malfunction were to occur,“ Trisberg said.
The disclosure of the code earlier this month stirred debate in IT circles, where many criticized the user license accompanying the software because it restricts amending and sharing of the code.
But Elver Loho, vice president of the Estonian Internet Community, said the critics were splitting hairs and, more importantly, the code itself was not the subject of criticism.
"There have only been superficial evaluations of the code's appearance, but if you have a long project where tens of workers have gone over it over the years, it will inevitably mess up the appearance,“ Loho said, adding that no serious security complaints have yet emerged.
Another issue is that parts of the code, such as that pertaining to verification of votes, have still not been disclosed.
"If we were to be 100 percent idealistic, all of the components would have had open source code from the beginning. But in the real world it tends to be that if some parts do not have an open source code, then it is all the more safer,“ Loho said.
Would you like your receipt?
The upcoming elections will be the first in which electronic voters are given the chance to verify online whether a vote has been submitted. Officials and advocates argue this makes e-voting safer than paper ballots because no such verification is given in regular elections.
"For me the fact that the system allows you to verify who you voted for and to re-cast your vote if you really want to, in some sense makes the system even more secure than paper elections,“ Loho said.
The verification is so far only available for the Android operating system and officials say mistakes cannot be disputed because the program is in its trial stage.
The additional security feature was developed after the parliamentary elections of 2011, when University of Tartu student Paavo Pihelgas said he had easily created a virus that could infect a voter's computer and block ballots from being counted. The student petitioned the Estonian Supreme Court to invalidate the electronic voting results, but the court rejected his petition on the grounds that no actual manipulation had been found.