When it comes to e-voting, Estonia has a relatively long history of getting citizens to cast their ballot over the internet.
Estonia started using e-voting (sometimes also called i-voting in the country) during the 2005 municipal elections. Since then, it's been an option for voters in six elections since: in the 2009 and 2013 municipal elections, the 2007 and 2011 parliamentary elections, and the 2009 elections for the European parliament.
The popularity of e-voting has grown rapidly: in 2005's municipal elections, only 10,000 people cast their votes electronically; in the parliamentary elections six years later, over 140,000 did so — which meant one in every four votes was cast electronically.
At the end of October, the country set another e-voting record with the municipal elections: 133,808 voters out of a total of 630,059 voters cast their ballot electronically — that's over 30,000 more e-votes than the previous municipal elections.
Following paper's trail
According to the Estonian National Electoral Committee (ENEC), e-voting in Estonia is based on the method used for traditional in-person voting.
With the latter, the voter has to present their ID documents to verify who they are. Then, they're given a ballot paper and two envelopes. After filling in the ballot paper, the voter puts it inside what's known as the "clean" envelope, which has no information about the voter on. That envelope is then placed inside the second envelope, which has the voter's details written on.
After the government polling staff have checked the information written on the outer envelope and confirmed the individual's eligibility to vote, the inner envelope is taken out and put into the ballot box.
According to the ENEC, this method is used in order to guarantee that the voter's choice is kept secret, while still recording which people in the polling district have voted in order to prevent anyone from voting more than once.
Like other online public services in the country, e-voting in Estonia is based on the country's compulsory ID card.
The Estonian ID card holds two separate public key infrastructure (PKI)-based digital certificates, one for confirming the holder's identity, and the other to allow them to sign documents with a digital signature.
The two certificates contain only the holder's name and their individual code. There are also two associated private keys on the card, which are each securely protected by a unique user PIN — the user can enter one when asked to verify their identity online, the other when they want to digitally sign something. Entering the second PIN is the equivalent of signing a document in person, and it's considered just as legally binding in Estonia.
E-voting in Estonia follows the same pattern as the double-envelope method. In order to vote, an individual downloads the government's e-voting application (there are Mac, Windows and Linux versions), which encrypts the vote — think of the encryption as the inner envelope.
Then the voter will give their digital signature to confirm their choice of election candidate. The digital signature acts effectively as the outer envelope, adding the voter's personal details to the encryption.
How to vote online
There are three different ways to vote online in Estonia.
First, a voter can use their ID card along with their two PIN codes. The voter inserts their card into a card reader (they're available from electronics shops across the country), then opens the government's e-voting website, and downloads and runs the voting application. They can confirm their identity with their first PIN, select their preferred candidate, and confirm the vote with their digital signature by entering the ID card's second PIN. After that, the person receives the confirmation that the vote has been registered on the system.
The second option to e-vote is to use the "digital ID card", similar to a standard ID card but without a photo of the holder on. It's not compulsory in Estonia, as the ID card is, and is just used for online convenience. The digital ID card can be used to confirm the holder's identity online, though not in person, and can also be used to give a digital signature. Using it to vote works in the same way as the traditional ID card.
The third — and the newest option — for e-voting in Estonia is to use both a PC and a mobile device together.
With mobile voting, there's no need for a card reader. Before casting their vote, an individual has to register a Mobile ID with the government using their mobile SIM along with their ID card. They're then sent two PINs in a text message, which they will need to use with the Mobile ID.
To cast their vote, the voter opens the e-voting website, downloads and runs the voting application, then enters their mobile number into the application and confirms their identity by entering their first Mobile ID PIN. The voter can then choose their preferred candidate on their PC, and then types their second PIN into their handset to confirm the choice.
Hopefully, in the near future, an all mobile voting option should be introduced, allowing voters to bypass the PC element altogether.
E-voting is only possible between 10 and four days prior to the actual election day, in order to ensure there's time to eliminate any double votes that come in.
One interesting dimension to the Estonian e-voting system is that the voter can change an earlier vote by casting a second vote online, or by voting 'manually' at any polling station during the advance polling period. This is the time when those voting aboard or by post cast their ballot, while there's at least one polling station open in every county centre in Estonia, for all individuals to vote regardless of which voting district they live in.
If the individual votes online first and then chooses to go to the polling station and vote there as well, the e-vote is cancelled and the envelope vote is considered their final ballot. All polling stations are given details of any individuals who have cast their votes electronically between the time the advance polls closes and official election day. If any double voting is found, the e-votes are simply cancelled.
To keep the voting as secure as possible, the encrypted votes and digital signatures identifying voters are digitally separated before the end of voting on election day. When the vote counting starts for in-person ballots, the anonymous e-votes are opened and counted too. It's worth mentioning that the system is built in the way that it only opens the votes when they are not connected to the voters' personal data, to keep the ballot secret.
E-voting has, unsurprisingly, raised questions about security. To aid transparency and encourage technical analysis of the system, the Estonian Electronic Voting Commission made the source code of the server side components of the system available for public review a few months before the October municipal elections. Details of the voter-side program remain secret, however, for obvious security reasons.
Because of allegations in recent years that it was possible to manipulate online voting using a virus that tells voters (erroneously) that they've already cast their vote even though it's never counted, in this year's municipal election Android smartphone users were asked to test out a new voting mechanism.
These users could scan a special QR code with their smartphone for a limited time after casting their vote. The code led the voter safely to a special page where his or her choice was shown for a short period of time. It was run as a pilot, and the functionality for double checking that a vote has been cast is likely to become available in 2015.