Estonia leads world in making digital voting a reality

The last time 23-year-old Eva-Maria Tõnson attended a polling station, she was a child accompanying her parents. On the three occasions that the Estonian has voted — in municipal, national and EU elections — she cast her vote online.

As everyday transactions and services migrate online, some countries have sought to expand the digital revolution to elections, creating internet voting systems that they say can deliver free, fair and secure results. Online voting has been trialled in several countries, but only Estonia has embraced it.

Steve Schneider, director of the Surrey Centre for Cyber Security, a UK-based research centre, calls the Estonian system, which has been in place since 2005, “state of the art”.

In the Baltic nation’s March 2019 parliamentary elections, more than 40 per cent of ballots were cast using the “i-Voting” online system.

Underpinning this is Estonia’s policy of e-governance. “People already use an electronic ID card for filing tax forms and logging into different government services,” says Ms Tõnson. “Anytime I access my online banking or patient data — even when signing up for a Covid-19 test — I use my ID card.”

Yet few other countries come close to this level of digitisation. And while the Institute of Engineering and Technology (IET), one of the world’s largest societies of engineers, acknowledges there is scope to improve access and convenience through internet voting, satisfaction with traditional methods of voting in the UK, for instance, remains high.

The key is to have the supporting digital infrastructure in place beforehand, says Anett Numa, digital transformation adviser at e-Estonia, a Tallinn-based innovation hub. Only then, once people are used to accessing public services online, and trust in the system, will internet voting become more widely adopted elsewhere in the world.

In part, the goal of i-Voting was to expand participation and keep young people engaged with the political process. Some 200,000 Estonians, out of a population of 1.3m, live abroad, including Ms Tõnson. As a student at Cambridge university, Ms Tõnson doubts there would otherwise have been enough time for her to vote at the Estonian embassy in London.

However, i-Voting has not increased voter turnout, says Ms Numa — a finding that has also been borne out by a separate Norwegian study from 2013. Instead, it provides another channel for those who would otherwise have voted.

Yet there are cyber security concerns. “The challenge is, how do you ensure the integrity of the election without giving away the secrecy of the vote?” asks Prof Schneider.

The answer is encryption. Once authenticated, the voter casts their ballot across a platform that routes to a central database. The easiest analogy is to think of an envelope, says Ms Numa.

The vote is encrypted, or put into an “envelope” and marked with a virtual signature. That “inner envelope” is then placed into a second envelope, which is signed with the identification code of the voter.

From there, the contents of the inner envelopes can be shuffled, decrypted and calculated, or added together without the need to decrypt. These methods are known as mixnet and homomorphic tallying, respectively.

Critics of this approach, including Mike Specter, a researcher with the Internet Policy Research Initiative at MIT, focus on the value of decentralised systems. At present, electoral officials carry out risk-limiting audits, which use a statistical sample of paper ballots, to confirm that votes have been correctly tabulated, says Mr Specter.

Without physical ballots, it becomes more troublesome to have recounts. This is compounded by the problem of storing votes in one large integrated database. If someone were to set fire to a drop box for mail-in ballots, that kind of attack is localised and not scalable, whereas a bug in an i-Voting system may call into question an entire election.

One way some academics and policymakers are looking to improve transparency within these internet voting systems is to apply the principles of blockchain — distributed ledger technology — to create a database that is both decentralised and open to inspection. Potential hackers would need more than half the entire computational power used by the participants to interfere with the encryptions, making it too costly to alter votes.

Yet “a determined, well-resourced threat, such as a hostile nation state, would be capable of launching an effective cyber attack”, says Prof Schneider.

In addition, it is not just the security of the system at stake, but the devices voters use to cast their ballots. Malware could potentially misallocate or discard ballots before they show up in the system and without the voter realising.

Estonia has tackled these difficulties by inviting scrutiny from experts, political groups and the media. The electoral authority has improved the system by making it open source and adding verifiability functions for individual voters through a QR code, and the election as a whole through mixnet tallying.