Yesterday, July 20, the City of Tallinn bolstered its drive to bar the nation’s much-touted e-voting system from local elections, holding a press conference where prominent US computer scientist Barbara Simons said that such systems are inherently vulnerable.
The University of California, Berkeley PhD and former Association for Computing Machinery president spoke about risks such as malware, attacks on the server managing the election, insider threats and false websites.
Speaking in general terms, not about Estonia’s system in particular, she said that the nature of e-voting makes it impossible to audit or recount the votes. She also warned of the possibility of software viruses or worms that could infect a computer, casting votes without the user’s knowledge.
Along with the technical information gleaned from Simons’s presentation, those present at the press conference were also able to gain a clear sense of the agenda behind the event.
The conference was conducted in a tightly-controlled manner, ending as journalists were cut off after only three questions. A 158-page book entitled “Today’s Internet is Not Ready for E-Voting,” produced by the City Council, was also distributed to those in attendance.
Tarvi Martens, architect of the nation’s e-voting system and a key figure in the Estonian IT and infosecurity field, shrugged off the US expert’s claims.
“Her story is nothing new,” he told ERR radio. All of the risks that Simons brought up, he said, are well-known and have been taken into account.
Martens said that experiments have been run with hackers hired to attempt to crack Estonia’s voting system. “Tests have been conducted repeatedly. Only low-level problems were found and these were addressed. No one has managed to ruin anything,” he said.
If something should happen, he added, there is a backup plan. “If an attack takes place, then we have a legal basis to annul the results of e-voting […] Electronic elections have already been held five times [in Estonia] and nothing happened. Everything works correctly,” said Martens.
Martens has proposed a debate with Simons, but the challenge has gone unanswered so far.
The Battle, Continued
The July 20 press conference represents the latest of several attempts by the Tallinn City Government and its ruling Centre Party to challenge the legality of the nation’s pioneering e-voting system, which was first used in nationwide elections in 2005.
Earlier this year, questions were raised about the system when a student claimed to have found a flaw that would theoretically allow a virus to block candidates from appearing on an affected voter’s ballot screen.
The Supreme Court rejected his challenge of the March 6 parliamentary election results, however, since no actual manipulation had been found.
Days afterward, the Centre Party, which fared relatively poorly in the elections, attempted to have the results annulled based partly on the student’s findings.
In May a report by the Office of Security and Cooperation in Europe (OSCE) gave the country’s internet voting system an overall clean bill of health, but cited a number of technical and procedural holes that they recommended plugging. Parliament later set up a working group to address the issues.
Last month, the Tallinn City Council filed a motion with the Supreme Court to abolish e-voting at future local elections, this time citing legal, rather than technical, deficiencies.