Tarvi Martens, the father of Estonia's internet voting system, said he was not impressed by a software flaw discovered by a university student.
Admitting that no system is perfect - and asserting that only insecurity, not security, can be proven - Martens sees no reason why the online voting system should not continue to be used. "Our attitude was to put it to work and then see whether there are security problems or not, having first very clearly acknowledged the kind of problems that may come up," Martens told uudised.err.ee.
University of Tartu student Paavo Pihelgas created a computer virus that could exploit a flaw he found in the internet voting system. He is now challenging the legitimacy of the parliamentary election on March 6 in the Supreme Court. The virus could hypothetically block votes given to the "wrong" candidate. "People can do whatever they want with their computers," said Martens. "If someone distributes a virus, it is a criminal act. In that case, we would have definitely tracked it down."
Asked why Estonia's unique internet voting model is not used in national elections elsewhere in the world, Martens said that few countries have established high-quality electronic identification cards needed to confirm a voter's identity. The technology is secure, but political consensus needs to be reached, Martens said.
Estonia reached that consensus in 2001, and the Election Act mandated the first e-voting election in 2005. "A political agreement is very difficult to achieve because politicians do not understand the IT world well enough. If they think there are risks, then they prefer to keep away, remain conservative and refrain from the bold step forward," said Martens.