Estonia, which created the world’s first nationwide Internet-based voting system, has finally released its source code to the public in an attempt to assuage a longstanding concern by critics. “This is the next step toward a transparent system,” said Tarvi Martens, chairman of Estonia’s Electronic Voting Committee, in an interview Friday with ERR, Estonia’s national broadcaster. “The idea, which was the result of joint discussion between numerous Estonian IT experts and the Electronic Voting Committee, was implemented today. We welcome the fact that experts representing civil society want to contribute to the development and security of the e-elections.” Martens and his colleagues have now put the entire source code on GitHub—previously it was only made available after signing a confidentiality agreement.
As we reported last year, Estonia has had national voting via its Digital ID card since 2007. A Digital ID card is available to all Estonians and legal residents. The card uses open-source public key-private key encryption software (upgraded in 2011 to 2048-bit), which allows government agencies to perform various secure functions online connected with a citizen’s identity. These include financial transactions, public transportation tickets, and student university admissions records, among others.
Previously, e-voting critics such as Barbara Simons, the former president of the Association of Computer Machinery, told Ars that the lack of open source software was a strike against trusting Estonia’s system. “We don’t know how the Estonian system is working,” she told Ars in 2012. “We do know that the second largest party thinks that the voting was rigged in 2011. The reason they think it was rigged was that the ballot counts online were different than the paper version. There are possible explanations, but I couldn’t say that it was rigged—there’s no way that anyone can prove anything. [The Estonian government] won’t let independent security experts review it without signing a nondisclosure agreement.”
Reached for comment on Friday, Simons said she was still skeptical. “I think it’s good that the source code has been released, but it doesn’t prove that the released code is what is used during the election,” she told Ars. “We know that last minute code changes can be made with no independent oversight.”