Online voting: How Estonia counts, and secures, its electronic votes
Following record online voter turnout in the 2023 Riigikogu elections, in which more than half of all votes were cast electronically, the State Electoral Office (riigi valimisteenistus, RVT) explained to ERR exactly how online votes are counted, recounted and kept secure in Estonia.
The RVT explained that several amendments to the Riigikogu Election Act entered into force in 2021. Among other changes, voters were granted the opportunity to override their electronically cast vote by voting via paper ballot at a polling place located within their designated voting precinct on Election Day.
This means, however, that online votes cannot be tallied until precincts have wrapped up their work on Election Day night.
Once all precincts have finished their work, a list of people who have voted in person at polling places within a precinct is submitted to Estonia's central online voting system.
The list of people who voted in person by paper ballot on Election Day is then compared with the list of people who have voted online, and repeat votes are annulled, with a vote by paper ballot cast on Election Day overriding the same voter's previous, online vote.
Once repeat votes have been checked for and annulled, the process of anonymizing electronic votes begins, in which voters' personal data, i.e. their digital signature, is separated from their vote, leaving only encrypted information regarding a voter's selection.
Prior to being opened, these encrypted online votes are also mixed in order to make it impossible to match the encrypted votes with voters' personal data.
After online votes have been mixed, they can be decrypted with a private key, which is divided between several members of the National Electoral Committee (Vabariigi Valimiskomisjon, VVK) and the RVT. At least five keepers of the key shares must be present to open the votes.
This key is used to decrypt, or open, the mixed votes, after which they can begin to be tallied.
Once electronic votes have been counted, a counting certificate is issued confirming the correct opening of the votes cast online and can be checked using an audit application. This certificate makes it possible to check whether an unencrypted vote and cryptogram are interconnected based on the public key.
All of these procedures take time, and before any operations involved in the process are initiated, they are described to election observers in Estonian and English. How long some processes take depends in part on the number of electronic votes as well.
Everyone has the right to participate as an observer as electronic votes are counted and recounted, as well as to participate in electronic vote observer training.
Electoral Office chief: Entire online voting process can be checked
Estonia's online voting results were released late Sunday night, several hours after polling places closed their doors on Election Day. Previously, online voting results were available much sooner. In an appearance on Vikerraadio's "Uudis+" on Monday, RVT director Arne Koitmäe explained that this was the result of changes to the online voting system introduced by amendments to the Riigikogu Election Act.
"As with paper ballots, online voting results only start being verified after voting has concluded — after 8 p.m. on Election Day," Koitmäe explained. "There's been a change here in that while [verification] began before 8 p.m. already in the elections before last, now, because a voter can annul their electronic vote by voting via paper ballot all the way up to the night of Election Day, we don't initiate these procedures until it's certain that voting has concluded at all precincts."
Electronic votes and paper ballots are checked electronically against signatures. "A voter provides their signature [to confirm] they are voting, and the same is noted in a list of voters as well," he continued. "And that list of voters is electronic, so after voting has ended, the election information system forwards that data to the online voting system."
Conservative People's Party of Estonia (EKRE) chair Martin Helme announced that his party intends to challenge the election results, claiming that online voting distorted the results of the elections.
According to Koitmäe, however, it isn't possible to manipulate Estonia's electronic votes.
"This system is specifically designed to allow for the entire process to be checked," the electoral official underscored.
"In other words, first of all, as online voting is underway, all votes are digitally signed by voters, and when these votes are received by a so-called virtual ballot box, these votes are also registered by a third party, i.e. a registration service," he explained.
"And once voting concludes, this data is compared to ensure that no votes have been either added to or removed from that box," he continued. "And as votes are being counted, the system also issues a dedicated counting certificate which mathematically demonstrates that these votes have been tallied correctly. And third parties can verify this as well. Anyone at all can actually write their own audit application and test whether the results are accurate or not."
Estonian elections' online voting is monitored by auditors as well. According to Koitmäe, this year's Riigikogu elections were monitored by KPMG auditors.
"Auditors ensure the accuracy of procedures as well as conduct a full online voting dataset check — they verify that the integrity of the data is ensured and that the results are accurate," he explained.
The RVT official said that vote counting procedures are public and that EKRE representatives can also verify the data for themselves if they'd like. He noted that electronic votes can be recounted just like paper ballots.
Both electronic vote and paper ballot recounts were conducted in Estonia on Monday, and the final results of the 2023 Riigikogu elections would be clear by Monday night.
This result won't be officially confirmed, however, until all election complaints are resolved or the deadline for submitting complaints has passed.
Electronic votes and paper ballots are preserved until all complaints have been finally settled in the Supreme Court of Estonia.
Ministry official: Security ensured by digital double envelope system
Liisa Past, director of the Cybersecurity Department at the Ministry of Economic Affairs and Communications, stressed that in Estonia, legislation governs the requirements imposed on various types of voting.
Online voting is just one of several ways to cast your ballot in Estonian elections, alongside voting at Estonian embassies abroad or having a ballot box brought to you at home, a care facility or even the hospital.
"In other words, the law requires, among other things, that voting be secret, and that one person may cast one vote," Past said. "Among ways this is ensured is the fact that, by casting their electronic vote with a digital signature, a person forms an outer envelope as such."
Much, she noted, like one physical envelope containing a ballot is placed inside another bearing identifying info when voting absentee by mail. Secrecy is ensured in much the same way with electronic voting in Estonia, only the double envelope system in question is digital.
There are several additional procedures and cryptographic measures, i.e. mathematical verification, to ensure that the ballots going into the digital ballot box are the same ones to come out.
According to Past, each stage of the voting process must be traceable and documented, and any changes in electronic votes will be reflected in logs.
"First of all, this electronic [ballot box] is encrypted, and second, every one of the votes inside it is protected by a digital signature," she explained. "And every step taken is logged, which means that changes made can be seen in the log as well."
The cybersecurity official noted that cryptographic measures will indicate whether any content has been modified.
"And on the flipside, all actions taken leave a trace, i.e. technical log, where every change, every action is likewise traceable," she added.
Past confirmed that Estonia's online elections are also monitored by observers who are trained beforehand.
"In addition, both the electronic voting system as well as the election information system are audited in accordance with information security standards," she highlighted. "An international audit company has also conducted an independent assessment; that report is publicly available as well."
More than half of all votes cast online
In all, 312,181 people voted online in the 2023 Riigikogu elections, accounting for just over half of all 610,320 ballots cast, according to the latest data from the RVT.
This set a new online voting record for Estonia as well as marked the first time that more than half of all votes cast in an election have been cast online.
Follow ERR News on Facebook and Twitter and never miss an update!
Editor: Aili Vahtla