A group of IT experts says it intends to carry out a test attack on Estonia’s e-voting software following the release of the source code two weeks ago. Although it was possible to test the system before the code was made public, only administrators had access to the results, reported Õhtuleht. The group of volunteers, led by security expert Renee Trisberg, says it hopes to finish testing the voluminous and complex system one month ahead of Estonia’s next local elections, on October 20 (electronic voting begins 10 days earlier). Since the general framework of the e-voting system has been public for years, Trisberg said, he believes that it is generally secure and that his team can only expect to find minor errors. “I have been a supporter of the e-elections. One must do his part to ensure that nothing happens, even just a simple mistake. Years of finger-pointing will follow if a malfunction were to occur,“ Trisberg said.
The disclosure of the code earlier this month stirred debate in IT circles, where many criticized the user license accompanying the software because it restricts amending and sharing of the code. But Elver Loho, vice president of the Estonian Internet Community, said the critics were splitting hairs and, more importantly, the code itself was not the subject of criticism.
“There have only been superficial evaluations of the code’s appearance, but if you have a long project where tens of workers have gone over it over the years, it will inevitably mess up the appearance,“ Loho said, adding that no serious security complaints have yet emerged.
Another issue is that parts of the code, such as that pertaining to verification of votes, have still not been disclosed. “If we were to be 100 percent idealistic, all of the components would have had open source code from the beginning. But in the real world it tends to be that if some parts do not have an open source code, then it is all the more safer,“ Loho said.