While activists in the US are wrangling over electronic voting machines and the security risks inherent in any computerized voting scheme, citizens in Estonia are voting online from the comfort of their homes. Estonia is the first country to carry out Internet voting nationwide in an actual election. The process involved using an electronic identity card (required of all Estonian citizens), a card reader, and electronic signatures.
Other countries, including the US have experimented with online voting, but no one's done it nationwide before. The US DoD abandoned an Internet voting project, called SERVE, last year in the fact of public criticism of the security risks. I'm sympathetic to the DoD's needs. They would like a convenient way for the hundreds of thousands of overseas DoD employees and dependents to cast votes in US elections. The group that recommended disbanding SERVE reached the following conclusion:
The real barrier to success is not a lack of vision, skill, resources, or dedication; it is the fact that, given the current Internet and PC security technology, and the goal of a secure, all-electronic remote voting system, the FVAP has taken on an essentially impossible task. There really is no good way to build such a voting system without a radical change in overall architecture of the Internet and the PC, or some unforeseen security breakthrough. The SERVE project is thus too far ahead of its time, and should wait until there is a much improved security infrastructure to build upon.
I don't think electronic ID cards and digital signatures are the kind of "improved security infrastructure" that they were talking about. The potential for viruses and other hacking to monitor how people vote or even modify the result is still there.There wasn't any indication of fraud or abuse in the Estonian election, but then you wouldn't expect it in an election where only 1% of the votes were cast online: there's not enough of a potential swing to make it worthwhile. This is an interesting data point, but it probably doesn't do much to assuage doubts about Internet voting among computer security experts.