Liisa Past: Online voting fits into lively Estonian digital ecosystem
While its implementation seems to remain a farfetched idea in other countries despite increased digitalisation in other areas, online voting, also known as e-voting or i-voting, dates back to 2005 already in Estonia, where it is right at home in a society where banking, prescriptions and other services have long since largely gone digital as well.
2019 is a busy year for all election organisers across Europe. In addition to votes being cast to select members of the European Parliament in late May, there are about 20 other elections taking place throughout our corner of the world. This means that the Estonian National Electoral Committee and the State Electoral Office have to plan for, carry out and tally votes twice in less than three months — to elect members of the Riigikogu on 3 March and members of the European Parliament on 26 May.
The only way to ensure that a citizen's vote is cast and counted as intended is through proper preparation and procedures that include security considerations.
Unique i-voting
Estonia is unique in the use of i-voting, which allows for the possibility of all voters to cast their vote from any internet-connected computer anywhere in the world. The system digitally mimics the double-envelope approach widely used in postal and advance voting around the world.
I-voting uses a separate computer application (no mobile phone voting is available yet) and relies on government-backed secure digital identity. The authentication function of the digital ID is used to identify the voter, just as a polling station official would with a state-issued ID. The signing function of the ID is then used to sign the digital outer envelope of the i-vote, thus assuring that the vote is secret and cannot be traced back to the individual.
As a further precaution, i-voting takes place during advance voting period, and so should any relevant irregularities be reported, voters could recast their ballot on paper on Election Day. To counter for an uncontrolled voting environment at home, in the workplace or elsewhere, voters are allowed to recast their ballot however many times they wish, with only the final vote being taken into account. This removes a bad actor's motivation to manipulate or buy i-votes, as the voter can just cast their ballot again. Voters can also verify that their vote was properly cast using a secondary device such as a smartphone.
Since i-voting was introduced in 2005, there have been no i-voting incidents affecting the legitimacy of election outcomes. Today, about one third of voters prefer the convenience of online voting from wherever they are, the number having steadily grown from less than 2% 14 years ago. This speed of growth has allowed for constant testing and development as the system has scaled to current level of use.
This approach, however, is not unique to voting. Rather, it is facilitated by and fits into a lively digital ecosystem. In Estonia, 99% of banking transactions are done and medical prescriptions are issued online, with the proportion of taxes filed electronically not far behind. There are thousands of digital services provided by the state as well as the private sector, most facilitated by the same digital identity scheme.
The Estonian experience demonstrates that any digital service and trust in it should not and cannot be developed in isolation. Instead, users take a holistic approach.
Every government-issued ID card includes a chip that together with PIN codes becomes the key to one's electronic identity for both identification purposes as well as legally binding digital signatures. Once a user is comfortable using one service, such as online banking, they become more likely to use other digital services as well, be it voting, accessing digital health records, or signing contracts.
Since being introduced in early 2000, the government-backed secure digital ID has been used more than 800 million times for authentication, and 600 million digital signatures have been given. Almost 1.3 million ID cards are currently in circulation, although not everyone uses them electronically.
Centralised risk management
Thus it is hardly surprising that one third of Estonian voters also prefer to vote online. I-voting, together with the comprehensive elections information system that encompasses all elements of elections for which the State Electoral Office is responsible, means that the security of the election processes is centralised.
This means that resources are assigned for development, testing and information security that would not be available for individual local elections managers. Furthermore, the State Electoral Office has increasingly relied on a taskforce model according to which appropriate public sector and private entities are engaged in and responsible for elements of organising elections. The RIA is involved in the digital backbone of elections and elements of cyber security, for example, while the government's strategic communicators contribute in the face of intensifying information operations against elections across the world.
This sort of cooperation model has been introduced in many countries in recent years. As attacks against the very central functions of democratic systems become more sophisticated and commonplace, election management bodies cannot be expected to manage these risks alone. Sweden and Estonia, for example, have introduced relevant cross-sectorial task forces, while in the US, the Department of Homeland Security and the Election Assistance Commission (EAC) have teamed up to offer a catalogue of cyber security assessment and consulting services to the 10,000 election organisations in the country.
Elections are not — and should not be — where a nation experiments with the use of technology. Rather, as the Estonian experience with i-voting and election information system demonstrates, elections have to be as digital or analogue as the government and civil services around them. Elections can rely on technology that fits into a lively digital ecosystem, but even then, technology should not be focal.
Elections are and have been a constitutional and rule of law question. Technology, be it pen and paper or a centralised digital system, has to be introduced in a secure manner, with its full impact understood. Estonia, thus, does not necessarily provide an example of i-voting for all to follow, but rather a useful case study of the use of technology that other governments can adapt to fit their circumstances.
-
Liisa Past is a Next Generation Leader at the McCain Institute for International Leadership at the Arizona State University (ASU) and former Chief Research Officer at the Cyber Security Branch of the Estonian Information System Authority (RIA), where she designed, led and carried out analysis related to cyber security, including risk, threat and impact assessments. She has been a driving force behind the Estonian comprehensive risk assessment of elections and the Compendium on Cyber Security of Election Technology, published under the auspices of the Cooperation Group of the EU Network and Information Security Directive. As a Next Generation Leader, Ms Past focuses on further developing election cyber security frameworks.
Follow ERR News on Facebook and Twitter and never miss an update!
Editor: Aili Vahtla