Survey: Attitudes toward e-voting unaffected by ID card security risk
Figures from a recent survey show that the ID card security risk exposed in early September has not significantly impacted the attitude of people in Estonia toward e-voting, as those who previously deemed e-voting necessary still do so and those who were against e-voting before are still against it.
The survey, which was commissioned by Postimees and BNS and conducted by Kantar Emor, was carried out immediately after the security risk with ID cards was announced to the public. Altogether 1,468 people between the ages of 15-74 were asked from Sept. 8-14 what kind of activities they deem necessary on the internet. Emor had previously asked the same question in April.
While 66.9 percent of people in Estonia polled in April considered the opportunity to vote electronically necessary, this figure dropped slightly to 63.8 percent in September. Meanwhile, 27.6 percent of respondents in April and 31.8 percent of respondents in September deemed e-voting unnecessary. The remaining respondents had no opinion on the matter.
According to Aivar Voog, survey expert at Kantar Emor, these changes were marginal.
"An increase in security risk is perceived more by women and people in Estonia with a lower education level," he said, adding that one's attitude toward e-voting is largely dependent which party the respondent supports. "Approximately half of Conservative People's Party of Estonia (EKRE) and Center Party voters consider the opportunity unnecessary. As the Center Party is supported mostly by non-ethnic Estonians, their attitude toward e-voting is also critical."
In contrast, nearly 100 percent of people in Estonia consider e-banking and the e-tax system necessary. "Thus, attitudes toward these activities is not dependent on sociodemographic indicators," Voog noted. Altogether 99.4 percent of respondents in April and 98.9 percent of respondents in September deemed e-banking necessary, while 98.4 and 97.2 percent, respectively, considered the e-tax system necessary.
Effect of security risk smaller than expected
"I would have expected a harder blow immediately after [the disclosure of the security risk]," Mihkel Solvak, a political scientist at the University of Tartu, said.
Solvak recalled how, in May 2014, ahead of the European Parliament elections, Tallinn city government invited Alex Halderman from the University of Michigan to speak about e-voting, who said that electronic voting is so unsafe that it must be done away with immediately. "The media also covered this extensively," he recalled. "Experts made great efforts to clarify that his claims were not competent."
Thus far, approximately one third of voters have used the opportunity to e-vote in elections in Estonia. Voters using the e-voting system made up 30.5 percent of voters in the Riigikogu elections in 2015, while the number stood at 31.3 percent in the European Parliament elections in 2014, and at 21.2 percent in the local elections in 2013.
"Perhaps the number of e-voters in Estonia will not increase any more, as users of electronic identification make up approximately 50 percent of ID card holders," Solvak suggested. "One third of votes are already cast electronically, but a certain group of people will continue voting on paper."
Security risk detected that could affect 750,000 ID cards
Prime Minister Jüri Ratas (Center) announced at a press conference on Sept. 5 that a security risk involving Estonia's national ID cards had been exposed and recommended that people start using the SIM card-based Mobile-ID instead. The potential security risk affects a total of approximately 750,000 ID cards issued since October 2014, including cards issued to Estonian e-residents.
Experts have noted, however, that the risk is only theoretical, and cracking the code of all faulty cards would cost approximately €60 billion.
The National Electoral Committee decided at a meeting on Sept. 6 that e-voting would take place as planned in the local government council elections next month. It was also announced on Sept. 12 that the Information System Authority (RIA) is already working on a potential solution to the problem.
Editor: Aili Vahtla