 |
| Source: emol.com |
Most people likely would not name Estonia
as their first choice of countries that are cutting edge, technologically
advanced, but the demographic republic in the Baltic region of Northern Europe is
actually one of the most forward thinking, particularly when it comes to the
technology implemented in its government agencies and national voting
paradigms.
While Estonia still offers a more
traditional way to cast a ballot, it also has a long standing history with the
adoption of Internet-based voting. It has even gone so far as to open
up its “server side” source code to the
public. For security reasons, the client side code remains secret and
protected, but the server side is open to public scrutiny. And the Estonian
population has embraced the I-voting revolution.
In the most recent parliamentary election
in October of this year, over 133,000 voters cast their ballots electronically
rather than using the more manual method. This represents over 20% of all the
ballots cast in the election and what's even more interesting is that voters
had the opportunity to vote online using their choice of no fewer than three
different modalities, including one that involved mobile phones.
Measures were taken to ensure that all
three of the online voting options were as secure as possible, authenticating
the ballot while not necessarily connecting it directly to any individual
voter. This worked in much the same way as a double-envelope method may be used
with a more traditional ballot; the paper ballot is placed in an unmarked
“inner” envelope, which is then placed inside of an “outer” envelope with the
voter's information. A clerk can verify the outer envelope information,
removing the sealed inner envelope to place it into the ballot box. For the
purposes of the online ballot, a digital signature and PIN served a similar
purpose.
The first of the Internet voting options involved
the voter using the government-mandated ID card with its two public key
infrastructure (PKI) based digital certificates. With this secure card and a
card reader (available nationwide in many stores), the voter inserts the card
and enters their PIN codes while on the government e-voting website and
downloads and runs the voting application. They can confirm their identity with
their first PIN, select their preferred candidate, and confirm the vote with
their digital signature by entering the ID card's second PIN. After that, the
person receives the confirmation that the vote has been registered on the
system.
The second voting option involved the use
of an alternative “digital ID card”, also issued by the government and used
primarily for online purposes. Just as the first method, the voter navigated to
the government e-voting website using the credentials and security afforded by
the digital ID card and its corresponding codes.
The third and newest method of I-voting in
Estonia involved a mobile phone and a PC computer. The user registered for a
mobile ID by providing the government with the SIM card from their phone, along
with their government-issued secure ID card. The two were linked and the user was
provided with two secure PIN codes via text message. The voter then navigated to
the e-voting website on a computer, entered their phone number and first PIN
code, and cast the vote. The second PIN was entered on the corresponding mobile
app on the phone and the ballot was then authenticated.
Another innovation tested at the October
election was a verification
system of I-votes, developed to detect with a device (in this
opportunity only Android mobile phones or tablets) if the computer you used to
vote was infected with any malware that changed the I-vote or blocked the I-voting.
While there are certainly concerns surrounding
Internet voting, Estonia's comprehensive system demonstrates how it can be
implemented to great success. Other countries and governments around the world
may benefit from collaborating with and learning from Estonia's example.
