The Supreme Court of Estonia rejected the appeal of the Conservative People’s Party of Estonia (EKRE) of the National Electoral Committee’s Sept. 6 decision not to ban electronic voting at the local government council elections taking place next month. The Supreme Court explained that, according to the Local Government Council Election Act, the National Electoral Committee has the right not to start electronic voting if the security or reliability of the electronic voting system cannot be ensured in such way that electronic voting could be conducted pursuant to the requirements of the act. The National Electoral Committee is not, however, required to cancel e-voting if it receives information indicating the possibility of adverse consequences.
Articles about voting issues in the Republic of Estonia.
The Conservative People’s Party of Estonia (EKRE) has submitted an appeal to Estonia’s National Electoral Committee challenging the committee’s decision to allow e-voting in the local elections this October despite a detected security risk that could affect 750,000 ID cards. According to EKRE parliamentary group chairman Martin Helme, the party finds that the Sept. 6 decision of the National Electoral Committee to still allow e-voting in the upcoming elections opens them up to vote manipulation and the influencing of election results, party spokespeople said. The party is seeking to have e-voting called off and the elections to be held with paper ballots exclusively.
Estonia suffered an embarrassing blow to its much-vaunted ID cards that underpin everything from electronic voting to online banking, just days before hosting a big EU exercise on cyber warfare. International scientists have informed Estonian officials that they have found a security risk that affects almost 750,000 ID cards and that would enable a hacker to steal a person’s identity. The Baltic country of just 1.3m people stressed there was no evidence of a hack of what it has proclaimed to be the world’s most advanced IT card system. The cards are used to access a wide range of digital services from signing documents to submitting tax returns and checking medical records, as well as by foreigners who are e-residents in the country.
An international team of researchers has informed the Estonian authorities of a vulnerability potentially affecting digital use of Estonian ID cards issued since October 2014; all the cards issued to e-residents are also affected. On 30 August, an international team of researchers informed the Estonian Information System Authority (RIA) of a vulnerability potentially affecting the digital use of Estonian ID cards. The possible vulnerability affects a total of almost 750,000 ID-cards issued starting from October 2014, including cards issued to e-residents. The ID-cards issued before 16 October 2014 use a different chip and are not affected. Mobile-IDs are also not impacted. … In the light of current events, some Estonian politicians called to postpone the upcoming local elections, due to take place on 16 October. In Estonia, approximately 35% of the voters use digital identity to vote online.
Last Thursday, Estonia’s Information System Authority (RIA) was informed by an international group of researchers that a potential security risk had been detected affecting all national ID cards issued in Estonia after October 2014. Estonian experts have determined that the potential risk does indeed exist, affecting 750,000 currently valid ID cards issued after Oct. 17, 2014. ID cards issued prior to this date use a different chip and are unaffected by this risk. Likewise unaffected is the SIM card-based Mobile-ID system, which the government is recommending people sign up for.
A total of 143 election coalitions across Estonia have applied for registration ahead of the local government council elections this fall. “The number of election coalitions may not be final, as if, for example, an election coalition does not include a single candidate’s name, the coalition will not be registered,” explained State Electoral Office director Priit Vinkel.
Estonia, the only country in the world where voters elect their leaders through online balloting, is taking steps to fend off potential hacking attacks as cyber-security fears intensify. A software overhaul for the system, introduced in 2005, is ready for testing before local elections in October, according to Tarvi Martens, the National Electoral Committee’s head of e-voting. The upgrade includes anti-tampering features known as end-to-end verifiability that addresses security concerns from groups such as the Organization for Security and Cooperation in Europe, he said. “End-to-end verifiability is the ‘Holy Grail’ for electronic voting,” Martens said this month in a phone interview. “When we talk about international criticism, the new software now addresses it.”
Estonia: 10 Years After the Landmark Attack on Estonia, Is the World Better Prepared for Cyber Threats? | Foreign Policy
The Estonians just wanted to relocate a statue. Ten years ago today, authorities in Tallinn set out to remove a Soviet World War II memorial from the capital’s downtown. The Russian government had warned that removing the statue would be “disastrous for Estonians,” but since Moscow no longer called the shots in the Baltic state, the statue was duly shipped off to a suburban military cemetery. Soon after, Estonians found that they couldn’t use much of the internet. They couldn’t access newspapers online, or government websites. Bank accounts were suddenly inaccessible. “It was unheard of, and no one understood what was going on in the beginning,” Toomas Hendrik Ilves, then Estonian President, told Foreign Policy. Soon, he was informed that it was not an internal failure — but an attack from the outside. It was a Distributed Denial of Service Attack — an orchestrated swarm of internet traffic that literally swamps servers and shuts down websites for hours or days.
Blockchain technology can safely be used to authenticate e-voting by shareholders at a company’s annual general meeting, Nasdaq said this week, following a pilot project in Estonia. … Voting security experts in the U.S. were skeptical about the pilot project’s wider applicability, especially with regard to national elections. “Blockchain solves a small part of the overall set of problems [with e-voting], but nowhere near all,” said Pamela Smith, president of election integrity advocacy group Verified Voting. “If you have a boat with many leaks, plugging one of them should not make you assume the others won’t swamp you,” she told CyberScoop via email.
Long before Moscow became the prime suspect in the Democratic National Committee data breach, hackers tied to the Russian government have sought to sew political discord via the internet. Most notably, many experts believe that in 2007 Russian operatives unleashed a series of devastating cyberattacks on neighboring Estonia following a dispute with Moscow over a Soviet-era war memorial. At the time, Estonia had the world’s most connected society, giving attackers plenty of targets. They succeeded in taking down government computers, banks, and newspaper sites, trying to paralyze the “e-way of life” Estonians painstakingly crafted after the Soviet Union dissolved in 1991. And now, as a growing number of digital attacks hit countries’ most critical systems, from hospitals to electric utilities to voting infrastructure, Estonia has become a critical voice and an important model when it comes to preparing for escalating conflict in cyberspace.