Days before voting opens for Estonia’s European elections, a group of researchers came out with a summary of a report that questioned the security of the country’s innovative online voting system. They said that they had found “such serious security vulnerabilities” that, by their recommendation, e-voting should be discontinued. That happened on Monday, and e-voting for the country’s European elections opens on Thursday morning. Estonia’s Electoral Committee seemed as surprised at the news as anyone, and since then the findings have spurred rebuttals (and rebuttals of rebuttals), ignited political debate, and thrown the whole idea of e-voting into disarray. It seems rather quaint that, when we can do everything else on our iPhones, most of the world still votes by trudging along to polling stations to drop cards in boxes or sending paper ballots by snail mail. Estonia, the small country with the big technological reputation, introduced e-voting as an option in 2005, and over 20 percent of voters have used it in recent elections, with voters using the chip in their national ID card and a PIN to prove their identity. The National Electoral Committee notes that it’s particularly useful for voters who live remotely or travel a lot, and said that in the last two elections e-votes were collected from 105 different countries.
But the convenience of e-voting is rather undermined if it’s not secure, and this new report pulls no punches, even going so far as to suggest that Russia could use security flaws to rig the election. “Estonia’s Internet voting system blindly trusts the election servers and the voters’ computers,” Alex Halderman, a University of Michigan computer scientist on the international team behind the report, said in a press release.“Either of these would be an attractive target for state-level attackers, such as Russia.
The group called a press conference on Monday to inform everyone—media, political parties, government—of their findings at the same time. They released videos that demonstrate attacks on a replica they built of the Estonian e-voting system, like the one below: