Epp Maaten, auditor, Estonian National Audit Office
Modern technologies can contribute toward the emergence of better societies. Technologies allow citizens to become more active in policymaking, and they are becoming an integral part of the democratic process. Technologies make it possible to strengthen representative democracy by making it easier to conduct elections and consultations with the public. Estonias Internet voting project helps the government to pursue its policy of using technologies to make the public sector more efficient and client-friendly. It also offers voters a additional way of casting their votes.
Small-scale pilot projects in this area have been carried out in several countries, but the number of those projects in which the validity of Internet-cast votes could be verified remaines small. Estonia, indeed, has been the first country in the world to introduce I-voting in which legitimate results were obtained at the national level. This was during a local government election in October 2005. In March 2007, Internet balloting was once again used successfully in a parliamentary election, and the number of I-voters was three times higher than was the case in 2005.
TOOLS FOR SECURE INTERACTION
Over the course of the last decade, governments in many parts of the world have been enhancing the potential of information and communications technologies in terms of improving the efficiency of government services. Of course, this has presented new challenges. Identification and authentication of users is one of the most challenging aspects of E-governance. Many countries in the world have some form of identity card, but few are electronic cards. Estonias ID card enables secure online authentication and digital signing.. Whats more, the card itself as well as the Public Key Infrastructure which is needed for electronic use of cards, has been true by the end of 2001.
The national ID card is the primary source of personal identification for people who live in Estonia, and it is mandatory for all citizens and resident aliens aged 15 or older. The card has a dual purpose it is a physical document, but it also serves for the purpose of electronic identity. Each card has two discreet PKI-based digital certificates one for authentication, the other for the digital signature. The certificates list only the holders name and personal code. They also have two associated private keys on the card, each protected by a unique PIN code.
The certificates contain no usage restrictions. By nature, they are universal and meant for communications between private persons, with organisations, or with the government. In addition to authentication characteristics, the card can be used to encrypt documents so that only the intended recipient can decrypt them. This is an efficient means for the secure transfer of documents via public networks. Each ID card also contains all of the data that are printed on it in a special, publicly readable data file. This makes it possible to use the card for E-tickets, for instance, which is the most widely used application of the card at this time.
CONDITIONS FOR I-VOTING
The use of digital channels is expanding steadily in Estonia, and various kinds of E-services are being offered both in the pubic and the private sector. According to a benchmarking report in 2007 [1], Estonias level of online availability in terms of basic pubic services is above the average in the EU27+ (The EUs 27 member states plus Iceland, Switzerland, Norway and Turkey). Estonias nationwide communications infrastructure is developing constantly 53% of Estonian households have a computer at home, and 89% of those computers are connected to the Internet [2]. The eagerness with which Estonians have been applying new IT solutions clearly points to a high level of E-readiness in the population.
The legislative foundations for I-voting were created by Parliament in 2002. The law said that the new voting method had to be in place in 2005 and also that it would not replace traditional voting entirely. In 2003, the National Electoral Committee launched the development of the I-voting system. By 2005, I-voting software produced by the local Cybernetica AS company was ready for a public test drive.
Of vital importance in starting the Internet voting project was the expectation of a widespread use of the national ID card. ID cards have been used for the past five years, and in March 2007, more than 80% of the voting age population had one. Only electronically authenticated persons with suffrage rights were able to cast a ballot, which meant the assembly of a roll of voters based on the National Population Register. This centralised register meant that there was no need for any additional registration of voters in advance of the election.
I-VOTING PRINCIPLES
Internet voting has all of the fundamental principles of traditional voting, but there are a few extras in the system. In order to guarantee that no one has been forced to vote against his or her free will, there is the possibility to cast an I-vote, but then to go and replace it with another I-vote or a traditional paper ballot. I-voters can change their electronic vote as many times as they want and the final one is counted.. It is also possible for someone who votes on the Internet to visit a polling station during the early voting period to invalidate the Internet vote. An electronic vote cannot be changed or annulled on election day. The principle of one person, one vote is upheld. Voters can cast more than one ballot, but at the end of the day they have only cast one vote.
The confidentiality of votes is guaranteed through the double-envelope scheme which is used in postal voting in some countries. The voter seals his or her choice into a blank inner envelope (i.e., encrypts it). Then the envelope is put into a larger one, and that envelope has personal data on it (i.e., signed digitally). The larger envelopes are collected centrally. Before the vote is counted, the outer envelopes and their personal data are removed, and the anonymous white envelopes with their encrypted votes are forwarded to a system which outputs the voting results. The public key of the voting system is integrated into Voter Applications, and it encrypts the votes. The private component of the key pair is used in the Vote Counting Application to decrypt the vote.
The architecture of the I-voting system contains several building blocks which are shown in Figure 1. The voter uses the Voter Application, which is downloaded from the Vote Forwarding Server. This makes possible all of the necessary selection, encryption, signing and sending. The received votes are forwarded to the Vote Storing Server, which is inaccessible from the outer world. Votes are counted offline with the Vote Counting Application and the Hardware Security Module. All central components involve extensive logging mechanisms, and each transaction in the system leaves a trace. Key management is of major importance here, as the security and anonymity of I-votes rely exclusively on the encryption and decryption of votes.
Figure 1. System architecture [3]
Internet voting is possible from the sixth to the fourth day before election day. The voter needs and ID card and an Internet connection with an installed card reader. The voter inserts the ID card into the reader and goes to http://www.valimised.ee. Identification is ensured by entering the first PIN number from the ID card. Eligibility is checked via data from the Population Register. If the voter is eligible, then the relevant list of candidates appears, and the candidate can be chosen. The choice is confirmed by entering the second PIN number as the digital signature. The system confirms that the vote has been cast.
Once electronic voting is completed, a list of all voters who have taken part is forwarded to polling stations to prevent voters from casting a second vote on election day. After the polls are closed, the National Electoral Committee, who has the private key in order to decrypt the votes, opens the secret I-votes and counts them.
THE FIRST TWO PROJECTS
Both in the 2005 local election and the 2007 national election, everything went according to plan, and there were no significant security problems. 30,275 I-votes were cast in the national election, and of those voters, 32 also went to a polling station, their I-vote thus being invalidated. The figures in 2005 were 9,317 and 30. Figure 2 shows that the number if I-voters more than tripled between the two elections 18% of all votes cast during early voting days were electronic (8% in 2005).
Figure 2. I-voting turnout
Because Internet voting in Estonia is such a unique thing, there has been a need to take a closer look at who exactly takes part in this. Two international studies were conducted by the Council of Europe in cooperation with the Estonian National Electoral Committee [4]. Respondents in the studies said that I-voting was first and foremost seen as a convenience. Voting was faster, more practical and simplified participation. In 2007, 85.8% of I-voters cited this as the reason why they voted electronically. In 2005, nearly one-fifth of I-voters said that they used the system just because it was an interesting and new thing, but this proportion came down to less than 5 % in 2007. All of the voters from 2005 who also cast electronic ballots in 2007 said that they have become loyal I-voters thanks to the fact that their experience in 2005 was convincing to them.
An important finding in the two studies is that age, gender, political views, income and educational levels do not have a significant impact on the decision of whether to vote on the Internet or at a polling place. Factors impacting the decision to vote electronically included computer skills, frequency of Internet use, and overall trust in the mechanism of I-voting. People who did not choose Internet voting reported being afraid of the technological complexity of the process. Others felt that the traditional system of casting votes is adequate. The main technological obstacle was inadequate knowledge to use the ID card electronically, as well as the absence of card readers. The survey also found that the majority of I-voters cast their ballots at home, although many did so at work. Many I-votes were received from state and municipal offices, banks and telecommunication companies.
CONCLUSIONS
Internet voting has not necessarily had an immediate effect on overall voter turnout. It takes time to change peoples attitudes and behaviours. The fact that the number of Internet voters tripled between the first and the second I-enabled election in Estonia, however, shows that the new voting method is attracting greater confidence, and in future it may end up replacing some of current voting methods. I-voting offers many advantages, like the ability to cast a vote anywhere, not just at the specific polling place of the specific voting district. It also offers better access to differently abled people and to those who for other reasons find it difficult to be physically present at a polling station (the elderly, citizens living abroad, etc.).
Figure 3. Number of I-voters using the E-signature for the first time in an election
It can be clearly said that the Public Key Infrastructure in Estonia, the digital signature and the process of authentication have served as absolute prerequisites for the creation of an efficient E-country. Internet voting is just part of the overall concept of E-governance. Indeed, it could even be said that it is just another application of the ID card, encouraging people to come closer to E-services and the relevant technologies. It is important to understand, however, that as can be seen in Figure 3, I-voting has considerably impacted the electronic use of the Estonian ID card.
This is an historical event Estonia has used Internet voting with binding results two times now, and in the long-term perspective, we can say that I-voting will certainly become as commonplace and natural as voting with paper ballots is right now.
REFERENCES
1. http://ec.europa.eu/information_society/eeurope/i2010/docs/benchmarking/egov_benchmark_2007.pdf.
2. Survey E-Seire, TNS Emor, Spring 2007.
3. General Description of the E-Voting System, National Electoral Committee 2004; http://www.vvk.ee/elektr/docs/Yldkirjeldus-eng.pdf
4. InterInet voting in the March 2007 Parliamentary Elections in Estonia, A.H. Trechsel, EUDO 2007 http://www.coe.int/t/e/integrated_projects/democracy/EVoting/Report_Evoting_Estonia_for_the_CoE_2007.doc.
5. E-Voting in the 2005 local elections in Estonia, A.H. Trechsel, F. Breuer 2006 http://www.coe.int/t/e/integrated_projects/democracy/02_Activities/02_e-voting/00_E-voting_news/FinalReportEvotingEstoniaCoE6_3_06.asp#TopOfPage
Authors contacts: +372 640 0726, epp.maaten(at)riigikontroll.ee |
.gif){kind=small}
.gif)
