Could Estonians be able to vote safely using smart devices in the near future, Arne Koitmäe asks.
The Estonian digital tiger took a big leap in 2005 when Estonia adopted electronic voting. What used to belong to the realm of science fiction has become a completely normal way to cast a vote without which one no longer imagines elections.
E-voting gives people the chance to have a say in matters of the state irrespective of where they are or what time it is. To what extent should e-voting keep up with technological progress and what could be the next leap?
Two recent studies have sought to answer these questions. One concluded that facial recognition is not ready to be used for e-voting, while the other analyzed the feasibility of e-voting using smart portable devices.
PC versus smart device
Right now, it is only possible to vote online using a computer for which one needs an ID-card reader or Mobile-ID. Voters cast a total of 247,232 e-votes at the 2019 Riigikogu elections, which comes to more than a third of all votes cast. The relative importance of e-voting has been growing from one election to the next.
If problems associated with e-voting used to concern whether people had computers at home and knew how to use them fifteen years ago, the question today is whether people still use PCs to consume internet-based services. In other words, perhaps online services are primarily used via smart devices today?
First, let us look at what speaks in favor of m-voting.
Statistics confirms that use of smart devices is up. In 2020, 98 percent of Estonians used the internet, while 83 percent used a smart phone to access it. Smart devices are increasingly used for everyday operations, meaning that using a smart phone to cast one's vote would take place in a familiar environment.
The coronavirus period has also clearly demonstrated the growing popularity and necessity of smart devices. Making it possible to vote using a smart device would constitute another option, in addition to polling stations and using a PC, in the difficult situation.
The matter is relevant as, looking at the infection rate and forecast, Estonia needs to remain watchful of the coronavirus in light of October local elections.
Now for the risks of m-voting. Even though casting their vote using a smart phone might not differ much from voting using a PC for the voter, it would render the system more complex and pose additional security risks.
An initial m-voting analysis commissioned by the National Electoral Service and State Information System's Authority (RIA) points to several risks that would need to be managed before m-voting can be adopted. Many concern outdated mobile operating systems or missing updates.
Another problem is availability of user applications. The latter only work through Apple and Google app libraries that are beyond the control of the elections organizer. Attackers gaining access to a person's electronic identity through their smart device is another risk. Right now, Mobile-ID is bound to the user's smart phone and the web application to their PC, while m-voting would bring both into a single medium.
One way to boost the security of e-voting is creating a feedback channel for voters. This alternative was also proposed by the facial recognition software study. A voter is notified that a vote has been cast in their name via email or SMS so they could be sure no one has voted in their place.
This helps avoid the risk of someone voting for someone else without their knowledge – for example, when a voter's smart device or PIN codes end up in the wrong hands.
Electronic voter lists to be adopted this fall would also make it possible to offer this kind of feedback to people who vote traditionally. Stealing another person's identity is illegal and punishable whether perpetrated in the physical or virtual world.
The study that looked at the feasibility of m-voting concluded that m-voting can be adopted if said problems can be solved. The coalition agreement also prescribes more e-citizen mobile applications to offer modern possibilities for participating in core state processes, including e-voting.
The next step on the road to m-voting reliability and security is to develop a test application. This should in turn be tried out on test voters. A favorable result would give the green light for moving forward. A negative result or a red light would also provide clarity in terms of why adopting m-voting is not yet possible.
Public and legal debate
The legislative side of adding a new method of voting cannot be overlooked. Current election laws do not regulate voting using smart devices. The nature of using smart devices to cast votes also requires a broader discussion – it would make voting even easier and more convenient, but would it also render it more vulnerable to attempts at influencing choices?
We launched e-voting debates in 2002 and adopted the system in 2005. M-voting will similarly not happen overnight, provided there is the will and way to make it happen. It is too soon to answer the question whether Estonia is ready to take electronic voting to the smart device, while it is time to launch a broader public debate concerning the mode of voting.
Editor: Marcus Turovski