Conference PaperPDF Available

Internet Voting: Experiences From Five Elections in Estonia

Authors:

Abstract and Figures

Estonia has been one of the pioneers of Internet Voting by introducing Internet Voting in binding elections in 2005. Since then this novelty method has been used in five elections. Although Internet Voting is just one of many voting methods, the number of Internet voters has grown exponentially throughout the years. The reasons of relative success in the process include for example the size of the country and positive experiences with previous e-services. The role of a secure online authentication — the e-ID-card is crucial in implementing an idea of remote online voting in an uncontrolled environment. Changing the i-vote with another i-vote and the supremacy of the paper ballot serve as main strongholds against vote buying and other infringements of the principle of free elections. In addition, the main issues that have emerged throughout the years are addressed.
Content may be subject to copyright.
176
Internet Voting: Experiences From Five
Elections in Estonia
Priit Vinkel
Estonia
Abstract: Estonia has been one of the pioneers of Internet Voting by intro-
ducing Internet Voting in binding elections in 2005. Since then this novelty
method has been used in ve elections. Although Internet Voting is just one of
many voting methods, the number of Internet voters has grown exponentially
throughout the years. e reasons of relative success in the process include for
example the size of the country and positive experiences with previous e-serv-
ices. e role of a secure online authentication — the e-ID-card is crucial in
implementing an idea of remote online voting in an uncontrolled environment.
Changing the i-vote with another i-vote and the supremacy of the paper ballot
serve as main strongholds against vote buying and other infringements of the
principle of free elections.
In addition, the main issues that have emerged throughout the years are ad-
dressed.
Keywords: Internet Voting, Electronic Voting, E-voting, I-voting, elections,
e-government, e-services, remote authentication
1. Introduction
In 2005, Estonia was the rst country in the world to have re-
mote voting over the Internet in pan-national binding elections. Since
then the number of Internet voters has grown more than 14 times.
is short paper looks at the essential principles of the Estonian In-
ternet Voting system and addresses some of the emerged problems.
177
Most likely Internet Voting in Estonia is there to stay as already a
quarter of voters vote over the Internet. However, the constant strug-
gle of improving the system and the surrounding processes is crucial
in preserving the trust of the voter in online voting.
2. Estonian Internet Voting system
2.1 Pillars of Success
Statistical overview. Using Internet Voting for pan-national
elections is not a very widespread practice. Only Switzerland, Esto-
nia and Norway allow legally binding remote Internet Voting at least
on the wider local level. erefore, the understanding of the factors
that help for implementing this system is quite important. e cur-
rent concept of Internet Voting that has been used for voting in two
general (Riigikogu) elections (2007 and 2011), in two local elections
(2005 and 2009) and one European Parliament election (2009). e
number of Internet voters has grown rapidly through the years, reach-
ing its peak of 140 000 in 2011 Riigikogu elections (see Table 1).
Table 1. Internet Voting statistics in Estonia from 2005 to 2011
2005 LE 2007 PE 2009 EP 2009 LE 2011 PE
Number of Internet votes 9 681 31 064 59 579 106 786 145 230
Number of repeated
Internet votes 364 789 910 2 373 4 384
Number of Internet
voters 9 317 30 275 58 669 104 413 140 846
Internet votes cancelled
by paper ballot 30 32 55 100 82
Internet votes counted 9 287 30 243 58 614 104 313 140 764
Internet votes among
participating voters 1.9% 5.5% 14.7% 15.8% 24.3%
Internet votes among
advance votes 7.2% 17.6% 45.4% 44% 56.4%
Source: Estonian National Electoral Committee
178
e number of changed votes either by giving a repeat vote over
the Internet or going to the polling station could be seen as consider-
ably moderate, reaching up to 3% of the overall Internet votes and
only up to 100 cancellations in the stations. In addition, there are two
important factors that could be observed. Firstly, Internet Voting is
just one of over ten voting methods in Estonia. However, it has se-
cured second highest popularity with almost a quarter of votes being
given electronically. e most popular method has always been the
Election Day (Sunday) voting with half of the votes. Nevertheless, the
emergence of Internet Voting has spiked the turnout in advance vot-
ing equalizing the voting periods before and during the Election Day.
Secondly, Internet Voting has also achieved vast popularity among
advance voting as such, where more than half of the advance votes
were given by electronic means in 2011.
A widely discussed topic has always been the inuence of In-
ternet Voting on overall turnout, because this goal has been one of
the main reasons of adopting this voting method. Estonia has had
a steady experience in e-enabled elections and one of the scientic
reviews has stated a real positive inuence of Internet Voting on
turnout estimated up to 2.6%. Nevertheless, the actual role of remote
electronic voting on voter activity is under discussion.
When thinking of the reasons of the voter for choosing such a
new voting method, one factor has emerged all these years — accept-
ing Internet Voting relies heavily on the trust of the voters. Without
a doubt, trust is a key factor for almost all crucial e-solutions but the
direct connection with remote Internet Voting has been reiterated
in all according scientic surveys. e three most important factors
of keeping and building this trust could be summarized as put on
Figure 1.
179
Fig. 1. ree pillars of Estonian Internet Voting
Open receptive society. e Republic of Estonia currently has
about 1.35 million inhabitants, dispersed over 45.227 km2 . Accord-
ing to the Global Information Technology Report 2012, in the cat-
egory of government success in ICT promotion Es tonia lies on 9th
place forerunning such IT giants as US, Finland or Japan. In the eld
e-participation Estonia shares position 9 with Singapore. In the cat-
egory of presence of ICT in businesses, the top three countries are
Korea, Sweden and Estonia. Since 1 June 2010, even the ocial pub-
lication of legal acts, State Gazette, is entirely electronic, all legal acts
are published only on the Internet. An important factor explaining
the possibility to launch totally new solutions like the ocial virtual
identity or Internet Voting is the smallness of the country. Lennart
Meri, the late president of the Republic of Estonia compared in his
speech at St. Olaf College in Minnesota on 6 April 2000 Estonia with
a small boat: “A super tanker needs sixteen nautical miles to change
her course. Estonia, on the contrary, is like an Eskimo kayak, able to
change her course on the spot.
erefore, as the number of actual voters is around 1 million
and there is generally a positive notion towards innovation, such
ideas as Internet Voting could be addressed more easily.
180
Secure remote e-authentication. e cornerstone of Estonian
e-services, public as well private, is e-ID. Since 2002, ID card is the
new generations mandatory primary identication document. e
ID cards are issued by the Government and contain certicates for
remote authentication and digital signature. All Estonian citizens and
resident aliens older than een must have an ID card.
Each ID card contains two discreet PKI-based digital certi-
cates — one for authentication and one for digital signing. e cer-
ticates contain only the holder’s name and personal code and have
two associated private keys on the card, each protected by a unique
user PIN. e certicates are not restricted of any use: they are by na-
ture universal and meant to be used in any form of communications,
whether between private persons, organizations or within the govern-
ment. e e-ID card can be also used for encryption of documents so
that only the person intended to view the document can decrypt it.
is is an ecient means for secure transfer of documents using pub-
lic networks. In addition to that, each ID card contains all data printed
on it also in electronic form, in a special publicly readable data le.
e number of issued ID-cards has in June 2010 exceeded
1.1 million. Over two-thirds of cardholders have used the e-ID card
for remote personal identication and over one-third — for digital
signature. It is to be noted that Internet Voting has strongly promoted
the electronic use of ID card. Another important promoting factor
has been the agreement between banks to allow unlimited Internet
banking only with ID-card or PIN-calculator. e old password-
cards can be used only for very small transactions.
In order to use the ID card, the smart-card reader and a com-
puter with relevant soware (free to download) plus Internet con-
nection and Windows, Mac or Linux operating system are needed. A
couple of years ago a new solution was brought to the market: m-ID,
where a mobile telephone acts as an ID-card and a card reader at the
same time. In addition to functionality of an ordinary SIM, a Mobile-
ID SIM also holds a person’s mobile identity that enables providers of
internet services to identify the person and to give digital signatures.
Personal identication and digital signature functionality are secured
by up-to-date security technology and corresponding Personal Iden-
181
tication Numbers. What makes the solution more convenient is
the fact that an ID-card reader in the computer is not needed any
longer — instead, it enables making electronic transactions, just like
an ID-card: it makes it possible to log into e-services, internet banks
etc. and sign contracts digitally.
Parliamentary debate over e-ID card raised several privacy and
security questions, but the parties supporting compulsory e-ID com-
manded over majority of votes. e most controversial questions
were the possible risk of identity the and overall IT security. To pre-
vent the use of the ID-card issued to another person, respective pro-
visions were added to the Penal Code. According to the law, fraudu-
lent use of the ID card is punishable by a pecuniary punishment or
up to three years of imprisonment.
In practice e-ID is used for user authentication in several Data-
bases, the State Portal serving as an e-service-centre; e-ticket in the
public transportation; loyal customer identication tool in several
private companies; and even used be there to insert comments to the
online daily newspaper Eesti Päevaleht, which was to prohibit anony-
mous comments to prevent libel cases.
Eective measures to guarantee compliance with electoral
principles. e secrecy of voting has traditionally been viewed in Esto-
nia as the right and obligation to cast the vote alone in a voting booth.
In the case of the Internet Voting the state is not in the position to se-
cure the privacy aspect of the procedure. Legislators proceeded from
the interpretation of the Constitution according to which secrecy of
voting, drawing on its two sub-principles — the private proceeding of
voting and the anonymity of the vote — is required to ensure free vot-
ing and is not an objective per se. Consequently, instruments aimed
at securing secrecy can be adapted, provided that voters are given
the opportunity to vote freely for their preferred choice without fear-
ing condemnation or expecting moral approval or material reward.
e voter’s right to anonymity during the counting of the votes
is guaranteed to the extent to which it can be secured in the case of
absentee ballots by mail; the so-called “system of two envelopes” (vis-
ually seen on Figure 2), used for absentee ballots by mail, is both reli-
able and easy to understand for the e-voters.
182
Fig. 2. Double envelope system used in Internet Voting
A double-envelope scheme known from the postal voting in
some countries guarantees the secrecy of the vote. e voters’ choice
is encrypted by the voting application (i.e. voter seals the choice into
an inner blank envelope) and then signs it digitally (i.e. he puts the
inner envelope into the bigger one and writes his name/address on
it). e signed and encrypted votes (outer envelopes) are collected
to the central site to check and ensure that only one vote per voter
will be counted. Before counting, digital signatures with personal
data (outer envelopes) are removed and anonymous encrypted votes
(inner envelopes) are put to the ballot box for counting.
e scheme uses public key cryptography that consists of a key
pair — a private and a public key. Once the vote is encrypted with a
public key then it can only be decrypted with the corresponding pri-
vate key. e National Electoral Committee, holding the private key,
collegially opens the encrypted I-votes on Election Day.
In order to guarantee the freedom of voting, e-voters have been
granted the right to re-vote electronically an unlimited number of
times and replace the vote cast on the Internet by a paper ballot.
However, this can only be done within the advance polling days. In
case of several I-votes the last one is counted; in case of contest be-
tween an I-vote and a paper ballot, the paper ballot is counted. In the
highly unlikely case where several paper-ballots are cast, all votes are
183
declared invalid. us, the “one vote — one voter” principle is osten-
sibly guaranteed.
In Internet-based voting, the possibility to change the I-vote is
not just permissible; it is considered a constitutional obligation. Ac-
cording to the opinion of the Supreme Court of Estonia, the principle
of the freedom of vote gives rise to the obligation of the state to pro-
tect voters from persons attempting to inuence their choice. With
regard to that principle, the state has to create necessary prerequisites
in order to carry out free polling and to protect voters from unde-
sired pressure while making a voting decision.
In the judgment, the Supreme Court maintains the following:
e voter’s possibility to change the vote given by electronic
means, during the advance polls, constitutes an essential sup-
plementary guarantee to the observance of the principle of free
elections and secret voting upon voting by electronic means. A
voter who has been illegally inuenced or observed in the course
of electronic voting can restore his or her freedom of election
and the secrecy of voting by voting again either electronically
or by a ballot paper, aer having been freed from the inu-
ences. In addition to the possibility of subsequently rectifying
the vote given under inuence, the possibility of voting again
serves an important preventive function. When the law guar-
antees a voter, voting electronically, the possibility to change
the vote given by electronic means, the motivation to inuence
him or her illegally decreases. ere are no other equally eec-
tive measures, besides the possibility to change the vote given
by electronic means, to guarantee the freedom of election and
secrecy of voting upon electronic voting in an uncontrolled me-
dium. e penal law sanctions do have their preventive mean-
ing but subsequent punishment — dierently from the possibil-
ity of changing one’s electronic vote — does not help to elimi-
nate a violation of the freedom of election and secrecy of voting.
e Supreme Court thus conrmed the constitutionality of one
of the main premises of the Estonian remote Internet Voting project.
Moreover, the corresponding principle has been acknowledged and
adopted also by the Norwegian Internet Voting project.
184
2.2 System architecture
e main components of the Estonian I-voting system (seen on
Figure 3) are the Voter Application; the Vote Forwarding Server; and
the Back-oce, which is divided in two: the Vote Storing Server and
the Vote Counting Application. e Voter Application is a stand-alone
application in voters’ personal computers to cast and encrypt votes.
Fig. 3. e general architecture of the Internet Voting system
e processes of the Vote Forwarding Server (a network server)
are authentication, the checking of franchise, sending a candidates’
list to voters, receiving signed and encrypted ballots. e network
server immediately transfers the received encrypted ballots to the
Vote Storing Server and transposes the acknowledgements of receipt
from the Votes Storing Server to the voters. e network server com-
pletes the work when the I-voting period nishes. e Vote Storing
Server receives encrypted ballots from the network server and stores
them until the end of voting period. e Votes Storing Server has
also a responsibility of votes’ managing and cancelling. e Vote
185
Counting Application is an oine program, which summarizes all
encrypted ballots. e encrypted ballots are transferred from Vote
Storing Server to Vote Counting Application by using oine data
carriers. Vote Counting Server does not receive voters’ digital signa-
tures and so, does not know voters’ personal data.
Additionally, the I-voting system delivers independent log les,
which consist of trace of the received encrypted ballots from the Vote
Forwarding Server, all annulled encrypted ballots, and all encrypted
ballots sent to the Vote Counting Application and all counted en-
crypted ballots. e used cryptographic protocol links all records in
the log les. e National Electoral Committee has the right to use
the log les to resolve disputes. Hence, there is an independent audit
trail to verify the I-voting process and help solve problems should
they appear.
3. Emerged issues and future trends
3.1. Main issues aer ve elections
Security. It is impossible to prove security, but only the oppo-
site. is popular IT proverb has kept its ground in the Estonian In-
ternet Voting case. Moreover, e-enabled elections from 2005 to 2009
had only limited concerns regarding security issues tied explicitly to
one way of voting — over the Internet. e National Electoral Com-
mittee had no complaints presented and the overall notion had been
fairly positive. However, aer 2011 Riigikogu elections, a discussion
ared up about the mere possibility of infringement of security. Most
probably the growingly prominent position of Internet Voting among
other voting methods has played a signicant role in this fact. A thor-
ough discussion about the technical issues emerged in 2011 has been
covered by Heiberg et al.
Verication of the I-vote. Norway entered the circle of coun-
tries providing e-enabled elections in September 2011 by introducing
Internet Voting in ten local government units. In addition, a pos-
sibility to verify the cast I-vote by using customary SMS and paper
186
polling cards was oered for the voters. Lied by this example the
discussions of oering this possibility in Estonia have emerged as
well. So far, the Estonian system has not foreseen a separate possi-
bility to verify the I-vote. In case of re-voting the Voter Application
shows a message of the fact that the person has voted before and it
could actually be seen as rst-level verication (stating the arrival of
the vote). Nevertheless, the discussions of introducing the concept
of vote verication to the Estonian Internet Voting system are still
ongoing. A perfect solution looks for a balance between security, us-
ability, accessibility and feasibility.
Uniformity of elections. is issue has been imminent from the
very beginning of the concept. e Estonian I-Voting system put a
lot of eort in fullling all universal principles of election. Never-
theless, the very fact that Internet Voting is fundamentally dierent
from traditional voting is grounds enough to have doubts in equal
conduct of matters. e actual conundrum is that Internet Voting
can never have all the same characteristics as paper voting. e main
issue within the complex of uniformity is whether changing the vote
should be exclusively an e-matter. As already stated before, chang-
ing the e-vote is not about changing the ticket but rather changing
in order to be free. erefore, constitutionally I-voting must be con-
ducted in an un-uniform matter.
Role of “so laws”. Not all provisions t in the narrow limita-
tions of a legal act. ere are some principles concerning I-voting that
need to be agreed upon by the players — the parties — themselves.
e agreement includes aspects from prohibiting I-voting parties to
persuading voters to change their vote for other reasons than guaran-
teeing the secrecy of the vote. However, there were some parties that
did not agree with these so provisions which started a discussion of
integrating the agreement further into “hard law”. So far the discus-
sion is still in process.
4. Conclusions
In order to increase the competitiveness of the Estonian soci-
ety, the government places more emphasis on the development of
187
citizen-centred and inclusive e-society based on virtual identity and
e-solutions in all possible elds. Internet Voting is, on the one hand,
an essential public e-service in the Estonian information society; on
the other hand, it is a revolutionary tool in electoral administration,
where its impact deserves permanent attention and sustainable scien-
tic research.
e Estonian Internet Voting system benets from three factors.
First, the Estonian ID-card — a secure and widely accepted way of
remote electronic identication. Second, that e-services are widely
accepted in the Estonian society. And third, that we have managed
to build the Internet Voting system as similar to the traditional vot-
ing principles as possible, including means to guarantee secure and
anonymous voting (the virtual voting booth or possibility to change
the i-vote and the virtual twin envelope system). erefore, Internet
Voting is prominently seen as just another e-service in communicat-
ing with the government (state), as a part of the modern information
society.
In all the ve elections where e-enabled voting has been imple-
mented, the factor of trust has been of the utmost importance. With-
out a doubt, trust will stay the most important factor of choosing In-
ternet Voting also in the future and building and stabilizing trust is
the most important but also one of the most dicult tasks of the state.
About the Author
Mr. Priit Vinkel has been member of the secretariat of the Esto-
nian National Electoral Committee since 2005, working for the legal
and constitutional committees of the Estonian parliament and since
2007 in the elections department of the chancellery of parliament. He
is a PhD student at Tallinn University of Technology, has graduated
from Tallinn University of Technology (2008) master studies (cum
laude) in public administration and from Tartu University (2005) in
political science. His academic interests involve new voting technolo-
gies, electoral systems and eective electoral administration.
... Estonia is the first country to carry out a successful pilot project in municipal elections in 2005. Estonia went on further to first use Internet voting in the 2007 parliamentary elections [7]. ...
Chapter
Full-text available
The covid-19 pandemic has brought about new ways of conducting business through the use of Information Communication Technologies and elections have not been spared either. Internet voting is another form of strengthening democracy through the use of Information Communication Technologies. Africa lags in the implementation of electronic voting, especially Internet voting. This chapter applied a critical socio-technical analysis that analyses factors that influence the applicability of Internet voting within the African context. The researcher applied desktop research which included 30 journals to gather data from the Internet and other documentation sources. The findings reveal that decision-makers can partially implement Internet voting in some of the countries in Africa like Kenya, Libya, Nigeria, Morocco, Mauritius, Tunisia, and Seychelles. To successfully implement Internet voting, the decision-makers in African nations have to fully invest in the Information Communication Technology infrastructure, provide the necessary security, legislation and carry out intensive voter education to build trust among voters.
... Anyhow, the first country to introduce the online voting system is Estonia in 2005 for local and national elections [44]. Based on Estonian model of online voting system, Malaysia should emulate and implement this system. ...
Article
Full-text available
The Internet, through information and communication technology (ICT), has been a much utilize enabler with explosive usage through various popular social media platforms. One such usage is e-political participation. Therefore, the aim of this paper is to address online political (e-political) participation among Malaysian youths, specifically, university students. A cross-sectional, quantitative method was employed with a sample size of 500 full-time students from Universiti Teknologi MARA (UiTM) Shah Alam, Selangor, Malaysia. With a returned response of 78%, the findings showed a high online political participation among the students. The popularity and user-friendly social media channels influenced the students’ political awareness and interest, including social networking. The implications from the study indicate that in Malaysia’s current political environment, engaging youths in politics is no longer an uphill task as the Internet and social media are the main enablers. However, such active e-participation has its drawbacks such as the validity and credibility of the messages and content posted through various popular social media channels such as Facebook, Twitter, WhatsApp or Telegram. No matter the circumstances, the political voices of youths should count towards the government’s national agenda, policy making and socio-economic growth of Malaysia as well as identifying future leaders for succession planning.
Research
Full-text available
Gauging e-Political Participation Among University Students
ResearchGate has not been able to resolve any references for this publication.