Internet Voting in Estonia Tarmo Milva Deputy project

Internet Voting in Estonia Tarmo Milva Deputy project manager Estonian National Electoral Commitee

E-stonia ? l Population: 1. 35 M Everyday Internet usage: 54% Internet banking: 86% Mobile penetration: 95% 1000+ Free Internet Access points l PKI penetration: >65% l Biggest national e. ID card roll-out in the Europe ! l l

Internet Voting? l l l In October 2005 Estonia had first-ever pan-national Internet Voting with binding results ~80% of voters had a chance to vote via Internet due to the ID-card ~2% of participated voters used that possibility

ID-card Project l l l Started in 1997 Law on personal identification documents: Feb, 1999 Digital Signature Act: March, 2000 Government accepted plan for launching ID-card: May, 2000 First card issued: Jan 28, 2002 Apr 2006: 910 000+ cards have been issued

The Card l “Compulsory” for all residents l Contains: l l l Personal data file Certificate for authentication (along with e-mail address Forename. Surname@eesti. ee) Certificate for digital signature

Usage of the ID-card l l Major ID-document Replacement of l l l l (transportation) tickets library cards healt insurance card driver documents etc. . . Authentication token for all major e-services Digital signature tool

Internet Voting ? l l Not a nuclear physics Just another application for ID-card. . . with some special requirements & measures. . .

What it takes ? Token for i-voters Politicians & Laws Procedures Trust Technology Voters

Legal foundation 2002 1) voter can use internet for voting 2) voter is authenticated using ID-card 3) voter confirms his selection with digital signature 4) e-voting takes place during absentee voting i. e. days 6. -4. before the Election Day

Big Fight in 2005 l l Amendments to the electoral law to reflect the reality Long discussions in the Parliament The President rejected the amended law twice National Court decided that the amendments are correspondant to the Constitutional Law l Issue: With Internet voting you can vote repeaditly

I-voting Main Principles l l l All major principles of paper-voting are followed I-voting is allowed during period before Voting Day The user uses ID-card l l l Repeated e-voting is allowed l l System authenticates the user Voter confirms his choice with digital signature Only last e-ballot is counted Manual re-voting is allowed l If vote is casted in paper during the Election Day, e-vote(s) will be revoked

Voter registration l Missing l All citizen (residents) should register their place of living in central population register Only voters with registered addresses are eligible l l Population register is used

To vote via Internet voter needs: l An Estonian ID card with valid certificates and PIN-codes 1. Computer used for voting must have: l A smart card reader A driver for ID card (free to download from page www. id. ee/installer) A Windows, Linux or Mac. OSX operating system l l

I Website for voting www. valimised. ee

II Authentication § Put your card into card reader § Insert PIN 1 for authentication ****

III Ballot completion § Choose a candidate

IV Authentication § Confirm your choice § Insert PIN 2 *****

V Confirmation

Envelope scheme Encrypted vote E-voters Digital signature E-votes Public key Results Private key

Architecture Central System List of Voters Voter application List of Candidates Vote Forwarding Server log Vote Storing Server Vote Counting Application log Audit application Key Management Audit

Principles for selecting technology for I-voting l l Involve all major influencers and “specialists” Keep it as simple as possible Build it on secure&stable platforms (Debian) No: l l l Databases (engines) 9 GL envirmonments – use C & Python 3 rd party libraries too much

Managing Procedures l l l All fully documented Crash course for observers-politicians & auditors All security-critical procedures: l l Logged Audited & observed Videotaped All major IS-specialists involved for networkmonitoring 24/7 for d. DOS or trojans

Physical Security l l l Governmental security hosting Two independant departement guarding the server room Strict requirements for entering the server premises l l Auditor(s), cam-man, operator, police officer Sealing of hardware

Some statistics

Lessons learned l l I-voting is not a killer-application. It is just another way for people to vote People’s attitude and behavior change in decades and generations, not in seconds I-voting will be as natural as Internet-banking but even more secure Internet voting is there to stay

More information http: //www. vvk. ee/engindex. html val@riigikogu. ee tarmo@sk. ee