Is the cyber security in Estonia ensured? Why the government wants to change the period of i-voting and what signal with that we send to the world? Talk show host Urmas Vaino helps to set things straight.
Indrek Saar, Minister of Culture, Social Democratic Party
Jaanus Karilaid, Member of Parliament, Center Party
Priidu Pärna, Member of Tallinn City Council, Pro Patria and Res Publica Union
Anto Veldre, RIA analytic
Kristjan Vassil, UT senior researcher
Märt Põder, organizer of journalism hackathon
Arti Zirk, TUT IT faculty student
Tarvi Martens, Electoral Committee, Head of Internet Voting
Kristen Michal, Member of Parliament, Reform Party
Mihkel Slovak, UT senior researcher
Henrik Roonemaa, Geenius.ee editor
Erki Savisaar, Member of Parliament, Center Party
Andres Kutt, RIA, IT architect
Sven Heiberg, Cybernetica AS, Project Manager of Internet Voting System
Jaak Madison, Member of Parliament, Conservative People’s Party
Jaanus Ojangu, Chairman of Free Party
Agu Kivimägi, Stallion cyber security consultant
Jaan Priisalu, TUT researcher
Silver Meikar, Adviser to Minister of Culture
Kalev Pihl, SK ID Solutions, Board Member
Oskar Gross, Head of Cyber Crime Unit of Central Criminal Police
Klaid Mägi, RIA, Head of the department for handling incidents (CERT-EE)
Heiki Kübbar, Founder of ICEfire OÜ
Birgy Lorenz, Board Member of Network of Estonian Teachers of Informatics and Computer Science
Andres Kahar, KAPO Bureau Manager
Sven Sakkov, Director of NATO Cooperative Cyber Defence Centre
Heiki Pikker, TUT Cyber Security MSc student
“Real-World Electronic Voting: Design, Analysis and Deployment” is a new book about to appear on secure electronic voting. One chapter describes the Internet voting used in Estonia.
In Chapter 6, Dylan Clarke, an ERC research fellow at Newcastle University, and Tarvi Martens, the chief architect of the Estonian remote Internet voting system, describe the Estonian Internet voting system. Since the first pilot in 2005, Internet voting has been used for the whole country in three sets of local elections, two European Parliament elections and three parliamentary elections.
Abstract. We describe an update of the Estonian Internet Voting scheme targeted towards adding verification capabilities to the central system. We propose measures to ensure the auditability of the correctness of vote decryption and i-ballot box integrity. The latter will be improved to a level where it would be possible to outsource the vote collection process to an untrusted party and later fully verify the correctness of its operations.
The short summary is that I-voting system used for local municipal elections in October 2017 will use ElGamal cryptosystem that can be plugged into mix-net. Currently it is not clear whether the general public will be allowed to verify mix-net inputs and outputs.
The new system should provide end-to-end verifiability features:
The current software, created in 2004, needs overhaul as the gradual updates (such as adding the Mobile-ID capacity and others) have rendered the grasp on the source code structure challenging. “The new system will be more universal, allowing more possible applications, in addition to using it for Estonian nation-wide elections and referendums – such as internal elections of large corporations, local government polls and also abroad,” said Tarvi Martens, chairman of Estonian Electronic Voting Committee.
The voting procedure will remain the same for the voter and the source code will remain open. “The planned changes will allow the observers to keep an eye on how the stored e-votes will become election results more efficiently, based on mathematical proof,” Martens explained. “In other words, mathematics will prevail over the human factor. Technical proof allows us to control the system with much more efficiency,” he added.
The full cost of the first contract is 236 800 euros (VAT excluded). The bid was open to all EU entities and received bids from three companies. Cybernetica has won the bid for developing the Estonian electronic voting system, entailing a renewal of the system for the local government elections in October 2017.
During the first half day, Estonian researchers will present the results of a 3-year scientific project that studied the Estonian flavour of verifiable Internet voting from both technical and social aspects. The second half of the first day will be devoted to the presentation of the development ideas of the Estonian solution. The second day holds additional interventions on the topic of remote online voting and offers brainstorming activity where feedback to the ideas of the first day will be gathered interactively.
09:00 – 09:30 Registration
09:30 – 09:45 Opening keynote
09:45 – 10:30 Kristjan Vassil “Diffusion of Internet Voting in Estonia”
10:30 – 11:15 Mihkel Solvak “Impact of Verification on Trust toward Internet Voting”
11:15 – 11:45 Coffee break
11:45 – 12:15 Taavi Unt “Usage Patterns in Internet Voting Log Files”
12:15 – 13:45 Jan Willemson, Sven Heiberg and Arnis Paršovs “Log analysis of Estonian Internet
14:00 – 15:00 Lunch
16:00 – Coffee break
15:00 – 17:30 Tarvi Martens, Sven Heiberg and Jan Willemson “Estonian Internet voting 2017+”
10:00 – 10:30 Bingsheng Zhang “How to Achieve Unconditional Integrity in an End-to-end Verifiable E
10:30 – 11:00 Kristjan Gjøsteen “A security usability study on the Norwegian e-voting system”
11:00 – 11:30 Carsten Schürmann “Creating Credible Elections”
11:30 – 12:00 Coffee break
12:00 – 12:30 Jurlind Budurushi “An Investigation into the Usability of Electronic Voting Systems with
Paper Audit Trails in the Context of Complex Elections”
12:30 – 13:00 Helger Lipmaa “Privacy and Accountability in Networks via Optimized Randomized Mixnets”
13:00 – 13:30 Filip Zagorski “Improving security of remote voting”
13:30 – 14:30 Lunch
15:00 – Coffee break
14:30 – 17:00 Argument game
Electronic Voting Committee invites those interested in Internet voting to attend the day of ideas event, which will take place on Thursday, 18 June, 2015 from 11:00 to 15:00 in the hall of commandant house at Toompea street 1, Tallinn.
I-voting in Estonia has been used already for 8 elections in 10 years. The system has been continuously developed, but since the time of the next regular elections is after little more than two years, it is an opportune time for introducing something larger and more substantial.
Hence the aim for the day of ideas: everyone will have the opportunity to present his ideas or thoughts on how to make i-voting even better, more secure, more transparent, more reliable, etc. – invited are both technical and organizational improvement proposals.
To have a smooth management of the event:
a) register your participation no later than 16 June by sending an e-mail to vvk dot ee.
b) describe in a few sentences the idea and give an estimate on the time needed for the presentation. If you wish, you can show the slides.
Invited are also those who do not have their ideas, but still would like to participate in the debate about the ideas.
Additional information: Tarvi Martens (Head of the Committee)
Sven Heiberg “What is possible for 2017”
Ivo Kubjas “Mixnets – why, what and how?
Arnis Paršovs “Homomorphic Tallying for Estonian Internet Voting”
Tanel Tammet “About e-election problems”
Ahto Truu “Data integrity detection KSI service”
Estonia is the only country in the world that relies on Internet voting in a significant way for legally-binding national elections — up to 30% of all voters cast their ballots online. This makes the security of Estonia’s Internet voting system of interest to technologists and citizens the world over. Over the past year, I helped lead the first rigorous, independent security evaluation of the system, based on election observation, code review, and laboratory testing. The findings are alarming: there are staggering gaps in Estonia’s procedural and operational security, and the architecture of the system leaves it open to cyberattacks from foreign powers. Our investigation confirmed the viability of these attacks in the lab, but the Estonian government has chosen to downplay them. We urgently recommend that Estonia discontinue use of the system before the country suffers a major attack.
The presentation contains good technical overview of Estonian i-voting. The presenter argues that Estonian i-voting has weak operational security. Some of the arguments used by the presenter are quite questionable:
Harri Hursti, one member of our team who is a very large Finnish man and known as a prodigious drinker, went out for serious drinking with this very nice Russian fellow, who is the head of security for the election operations team. During this dinner, I am told, each man consumed two bottles of Vodka, after witch nothing can be hidden from the truth. So, Hursti reports that by the end of this evening he had dranked that root password out of the head of security.
SK Annual Conference 2014 took place in November 6, 2014.
9:00-9:45 Registration and coffee
9:45-9:55 Drone presentation, Jaan Kronberg
10:00-10:05 Opening remarks by SK CEO Kalev Pihl
10:05-10:30 SK overview of the 2014 and NutiKaitse 2017, Kalev Pihl, SK
10:30-10:45 e-Residence, Kaspar Korjus, Estonian Development Fund
10:45-11:20 What will happen in January 1, 2015? (BDOC and Mobile-ID), Liisa Lukin, SK
11:20-11:45 Coffee break
11:45-12:20 eIDAS, Mait Heidelberg, MKM
12:20-12:45 International DigiDoc client, Jaan Murumets, SK
13:30-14:30 Online Arms Race, Mikko Hyppönen, F-Secure
14:30-15:00 Coffee break
15:00-15:30 New Generation of eID Smartcard, Andreas Lehmann, Trüb Baltic AS
15:30-16:00 eID future trends, Tarvi Martens, SK
16:00-16:20 Questions and Answers
16:20-16:30 Closing remarks and prize lottery
16:30-17:00 Scandinavian experience, Alev Ström
17:00-17:30 Evening snack