Estonia's e-voting system – is it safe?

By bne IntelliNews May 22, 2014

Mike Collier in Riga -

 

In the classic 1976 thriller "Marathon Man" the most memorable scene features a Nazi war criminal played by Laurence Olivier repeatedly asking Dustin Hoffman's character "Is it safe?" with the aid of a dental drill and an unpleasant lack of anaesthetic. Estonia's National Electoral Committee must know how he feels after the appearance of an academic report that purports to drill numerous holes in the country's much-vaunted electronic voting system and called for it to cancel e-voting.

On May 12, just two weeks before the continent-wide European elections, a team of researchers including assistant professor J. Alex Halderman of the University of Michigan announced on a newly created website called "Independent Report on E-voting in Estonia" that it had found "major risks" in the security of Estonia's Internet voting system. "Estonia's Internet voting system has such serious security vulnerabilities that... it should be immediately discontinued," the researchers baldly stated.

The research team members had been accredited to observe the Estonian e-voting system during the October 2013 municipal elections. Their observations – and subsequent security analysis and laboratory testing – revealed "a series of alarming problems," the researchers claimed. "Operational security is lax and inconsistent, transparency measures are insufficient to prove an honest count, and the software design is highly vulnerable to attack from foreign powers."

Such criticism has particular force in Estonia, which has pioneered the use of e-voting since 2005 and remains the only country in the world where a significant portion of votes are cast online. In the 2011 parliamentary elections, around one in four Estonian voters cast their ballots via electronic means and Estonia makes a great play of showcasing its e-voting solutions to other states as part of its "E-stonia" publicity machine. "Estonia's Internet voting system blindly trusts the election servers and the voters' computers," Halderman said. "Either of these would be an attractive target for state-level attackers."

Meanwhile another member of the team, Finnish researcher Harri Hursti, pointed out the role that human error could also play in potential security breaches. "We didn't see a polished, fully documented procedural approach of maintaining the back-end systems for these online elections," said Hursti.

Videos published by election officials showed them downloading essential software over unsecured internet connections, typing secret passwords and PINs in full view of the camera, and preparing the election software for distribution on insecure personal computers, Hursti claimed. "These computers could have easily been compromised by criminals or foreign hackers, undermining the security of the whole system," he said. "With today's security technology, no country in the world is able to provide a secure Internet voting system. I would recommend that Estonia return to a paper ballot only system."

Defence of the e-realm

Predictably, the Estonian authorities leapt to the defence of their flagship system, pointing out that it "has been used in six elections without a single incident which has influenced the outcome" and questioning the methods used by the research team. "The researchers met with officials from the electoral committee in October 2013, and could have contacted us at any point in the last six months to share the initial findings of their research. In reality, the only advance information we received was notification, on Saturday evening {May 10], of a press conference on Monday. The researchers' website went up on Monday morning," the Committee said in a statement.

Kristi Kirsberg, a spokeswoman for the National Electoral Committee tells bne: "It was strange that these proposals were distributed first to the media, only four days before the beginning of online balloting, when it would have been appropriate to address these allegations directly to the National Electoral Committee. Also, the detailed analysis was released a week later, during the elections."

"The work released by the researchers has not identified of any novel attack vectors that are not already accounted for in the overall design of the system. Practical implementation of these potential attacks is either impossible or highly complicated. To date, no attacks have been identified. We have numerous tools, methods and safeguards to identify attacks," Kirsberg says.

With Estonian media picking up on the story and e-voting returning to the fore during the election period, each side has been posting commentaries on their websites debunking the others' claims. And as with "Marathon Man", the plot of this particular thriller gets more intriguing by the minute,

Centre of the controversy

Estonia's Twitter-addicted president, Toomas Hendrik Ilves, (whose tweets have even inspired an opera) was soon drawn into the action, tweeting on May 16: "This alas is NOT an independent report but rather orchestrated and funded by one political party. Real reports are not done as PR."

"Take party money for talk 'Satan votes on the internet', do PR show, provide no findings, ignore the responsible agency, claim independence," he tweeted later.

In the opinion of Anto Veldre of the Computer Emergency Response Team for Estonia (CERT-EE), the national agency responsible for the management of security incidents in .ee computer networks, "it looks more like an attempt to rig the elections by scaremongering than a piece of research or responsible disclosure of an actual security hole."

As Veldre points out, it's not as if Estonians – or for that matter anyone in Eastern Europe - have particular reverence for paper voting. "The Communist Party always received 97-99% of votes in all polling stations. How? Well, the memories of that voting process could be rather traumatic for "the voters," featuring free vodka, bribery, broken fingers, swollen testicles or even some cold years in Siberia. "Point being, we have very real memories of the practices used to falsify the 'paper voting'. That's opposed to the fact that it's rather difficult to bribe a computer," Veldre says.

Jason Kitcat is the public face of the research team behind the "Independent Report on E-voting in Estonia". The leader of Brighton and Hove city council in the UK, representing the Green Party, Kitcat has been a long-time and prominent opponent of e-voting – a reputation that has earned him invitations to visit and speak from Tallinn's controversial mayor and Centre Party major domo Edgar Savisaar on two occasions, and which formed the basis of Ilves' blistering attack.

Kitcat's friend and fellow e-voting critic Barbara Simons has also enjoyed Savisaar's hospitality. Both insist they do not get involved in Estonian domestic politics, though Kitcat tells bne, "the issue of online voting has been politicised by parties and mixed in with issues about whether certain ethnic groups in Estonia are entitled to vote."

Savisaar's Centre Party draws most of its support from Estonia's ethnic Russians, thousands of whom remain classed as "non-citizens" through their refusal to undergo naturalisation tests. And Harri Hursti, one of the report's researchers, has twice taken part in seminars sponsored by Tallinn City Council titled "Satan Votes Online" (cited by Ilves), hosted by none other than Edgar Savisaar.

The researchers' website says their material is "based upon work supported by the U.S. National Science Foundation... and by the National Science Foundation Graduate Research Fellowship", but admits its October 2013 election observing visit was paid for by Tallinn City Council, run by Mayor Savisaar. "We were very clear on all visits, that we were attending in a non-political way... I understand that [you] may be trying to spin that into something more significant, but if you look at our personal histories and the diversity of our team, then it is clear we cannot be bought by Estonian interests," Kitcat tells bne.

"We strongly felt that professional ethics bound us to inform people of our findings before another election was run using the system. I don't think it would have been acceptable for us to sit on those findings," Kitcat insists. "Online voting is part of Estonia's global marketing as 'E-stonia', a country that leads in all things digital. Any analysis which finds flaws is seen by some as an attack on that global reputation."

At the end of "Marathon Man", the bad guy winds up impaled on his own dagger as he lunges for priceless diamonds. Whether a similar fate awaits either the reputation of the research team or Estonia's online voting system remains to be seen, but for now the best response to the question "Is it safe?" is probably Dustin Hoffman's first answer: "I don't know what you mean. I can't tell you something's safe or not, unless I know specifically what you're talking about."

 

Related Articles

Latvia’s Citadele Bank pulls IPO

bne IntelliNews - Latvia's Citadele Bank has postponed its initial public offering (IPO), citing “ongoing unfavourable market conditions”, the bank announced on November 11. The postponement ... more

BOOK REVIEW: “Europe’s Orphan” – how the euro became a scapegoat for policy ills

Kit Gillet in Bucharest - The euro, conceived as part of a grand and unifying vision for Europe, has, over the last few years, become tainted and often even blamed for the calamities that have ... more

Mystery Latvian linked to Scottish shell companies denies role in $1bn Moldova bank fraud

Graham Stack in Berlin - A Latvian financier linked to the mass production of Scottish shell companies has denied to bne IntelliNews any involvement in the $1bn Moldovan bank fraud that has caused ... more

Dismiss