Lessons from Estonia on E-Voting

Count on the country that helped invent Skype to lead the way when it comes to digital government. The nation of just 1.5 million, also known for having been the first to break away from the Soviet Union, has made a name for itself as a pioneer in utilizing technology to improve civic engagement. As Forbes reports:

Modern-day Estonia has become synonymous with the notion of reimagining how citizens interact with their government, making nearly every governmental service available from home or on the go via a mouse click. Since 2005 the country has allowed its citizens to cast their votes in pan-national elections via a secure online portal system, growing to over 30% of votes cast in the last several elections, according to Tarvi Martens, Chairman of the Estonian Electronic Voting Committee.

Citizens can vote as many times as they like up to election day, with only the final vote counting. Those who do not have access to a computer or who prefer old fashioned paper ballots can still vote by paper – evoting is an option rather than a mandate.

Interestingly, nearly a quarter of evotes in recent elections have been cast by people over the age of 55, with another 20% of evotes from the 45-54 age range. This suggests evoting enjoys broad support not just among young digital native millennials, but across the societal spectrum, especially among those who, at least in the US, are not typically viewed as early adopters of digital services.

To vote in Estonia, one simply visits the national election website and downloads and installs the voting application. Then you insert your national identity card into your computer’s card reader, fill out your digital ballot, confirm your choices and digitally sign and submit your eballot. You can do all of this from the comfort of your own home in the seven days leading up to election day.

Pretty amazing stuff, especially for a country that still largely relies on woefully outdated tech to cast its votes. 

Granted, with cybersecurity being one of the penultimate concerns of 21st century technology, lots of skeptics would be right to question whether something like voting is yet another activity that should be put in the realm of potential hackers. But Estonia seems to have addressed this issue, too.

Of course, one of the most common concerns regarding internet voting is the potential that one’s vote could be changed either by a virus on your computer or as your ballot transits the internet on its way to the central government servers. To address this, Estonia’s evoting system adds a novel twist: the ability to use your mobile phone to separately connect to the electoral servers via a different set of tools and services to see how your vote was recorded and verify that it is correct.

After casting your vote using your desktop computer you can thus pull out your smartphone and verify the results that were actually received by the central electoral servers. The results are encrypted so that no government official can see how you individually voted, only you can see your individual voting choices, even as they are aggregated into the national totals.

By physically separating vote casting and vote checking to two different devices (votes are cast via a desktop computer, while checking your vote must be performed on your phone), it makes it highly unlikely that even the most motivated attacker could compromise both devices in such a way that your vote could be changed without your knowledge. And of course, even after voting online, you can always show up at a polling station on election day and vote via paper ballot if you want.

The ability to verify through a physically separate channel that the data received by the government is what you sent goes a long way towards addressing many of the most common concerns about electronic voting

I think this is perfectly doable in the U.S., at least on a technical level; constitutionally, every state handles voting its own way, so whether we can implement a nationwide standard of e-voting remains to be seen. But if even a handful of states give it a try, it might set a good example and get the ball rolling.

What are your thoughts?