With Norway holding parliamentary elections this week, the country has taken the opportunity to hold its second e-voting pilot. The pilot follows an earlier trial which took place during the local government elections in 2011. According to statistics released by the Ministry of Local Government and Regional Development, the ministry responsible for running elections in Norway, the e-voting participation increased significantly compared to 2011. The trial was carried out in 12 municipalities, chosen for geographical and demographical diversity, which play home to 250,000 of Norway’s 3.6 million voters. … Even though the e-voting system with security front and centre, it still has attracted some criticism from security professionals. The first and most discussed issue were concerns raised over the encryption used in the pilot. The encryption software on the voters’ computers was thought to not have a good enough random number seed for the algorithm and, according to the security company Computas which was engaged by the government to control the system, the seed value was “very predictable”.
Other security professionals also pointed out that if the voter used a smartphone or a tablet with mobile network for voting, the system could be much less secure, opening up the possibility of a hijacked web browser to communicate with the software controlling the SMSes on the phone, and then intercept the SMS receipt after casting a second vote, without the user being aware anything has gone awry.
These elements, and probably several more, are bound to be put under the microscope when the ministry begins to evaluate the performance of the e-voting trials. It’s already been decided that the entire code for the voting system will be rewritten if the parliament decides to continue the project to next poll, the local government election in 2015.