Tallinn University of Technology researchers Tarvo Treier and Kristjan Düüna found a flaw in Estonia's e-voting system that could have hypothetically allowed e-ballots to be manipulated.

The flaw was removed before last year's European Parliament elections.

"We tried various attack methods that came to mind. We examined every step, testing what would happen if something was done at a particular stage and whether it would later be possible to determine from the data whether everything had been conducted correctly. We discovered that one specific step we tested was very difficult to audit. With over 300,000 ballots, we could not find any software that would allow an auditor to examine them en masse. We asked the Election Service for clarification on how this is done. We were told that ballots are reviewed manually and randomly. We saw that this was a very difficult task to execute and could be done better," Treier told Wednesday's "Aktuaalne kaamera".

After the researchers' pointed out the flaw, an application was introduced that automatically verifies votes instead of requiring manual review.

The head of the Election Service Arne Koitmäe said this does not mean that electronically cast votes in previous years were less protected.

"Auditors did check all the data, and in this specific aspect, they did it manually," he said.

But, "Aktuaalne kaamera" asked, is one method, paper voting or e-voting, more secure than the other?

"Both can be falsified in the same way. However, I would say that in the case of e-voting, it is significantly more difficult," Koitmäe said.

Alo Einla, head of election information systems at the Information System Authority (RIA), said: "This was not a security vulnerability but rather an improvement to the auditing process. I can confirm that the e-voting system is secure and transparent – not just during elections, but every day, as RIA continuously works to improve it."

Treier also plans to continue analyzing e-voting.

"In the stage I examined, I focused on a specific part of the process, and I am satisfied with the improvements made. However, there are still steps that I plan to study further. I plan to continue e-voting," Treier said.

This issue arose this week after newspaper Postimees published an article by researcher Ago Samoson on Tuesday saying Treier and Düüna's work highlighted security flaws. However, on Wednesday, Treier said Samoson had misinterpreted their research and findings.  

Estonia has used e-voting for over 20 years. Some parties, such as EKRE, regularly call for the process to be scrapped and encourage their supporters to cast paper ballots.

Next week a commission of experts from the OSCE's Office for Democratic Institutions and Human Rights (ODIHR) will travel to Estonia to study the e-voting system.

This is not the first time the international body has checked Estonia's voting system. This time EKRE MP Arvo Aller requested ODIHR make the visit.

Kaja Tael, Estonia's Permanent Representative to the OSCE, said there is nothing unusual about this. She said election monitoring is one of ODIHR's main tasks.

--

Follow ERR News on Facebook and Twitter and never miss an update!