Vote early, vote often: Inside Norway's pioneering open source e-voting trials

Norway has undertaken its second test of electronic voting. While security concerns have been raised, all the source code for the system underpinning the trial is being shared with the public.
Written by Stig Øyvann, Contributor

With Norway holding parliamentary elections this week, the country has taken the opportunity to hold its second e-voting pilot.

The pilot follows an earlier trial which took place during the local government elections in 2011. According to statistics released by the Ministry of Local Government and Regional Development, the ministry responsible for running elections in Norway, the e-voting participation increased significantly compared to 2011.

12 percent increase

The trial was carried out in 12 municipalities, chosen for geographical and demographical diversity, which play home to 250,000 of Norway's 3.6 million voters.

While election day itself was held on Monday, and citizens could vote in advance between 12 August and 6 September. During the advance period, Norwegians could cast their vote using either the traditional ballot or, as part of the pilot, electronically.

The count shows that in this year's election, 28 percent of all voters in the trial municipalities voted via the internet — an increase of 12 percentage points from the e-voting participation, which reached 16 percent in the 2011 pilot.

In total, 37 percent of all voters in the trial municipalities voted in advance, either with ballots or over the internet. In the country overall, 23 percent of the voters did the same.

Important security

It goes without saying that voting over the internet needs to be very secure. The system underpinning it must be locked down enough to keep voters' choice of candidate secret, to ensure that the vote is delivered and registered, to keep the vote tamperproof, to ensure each ballot is counted only once, and so on.

Consequently, the use of e-voting remains controversial in Norway, and government testing of the system has proceeded in a slow and careful fashion.

In order to push both the trustworthiness and transparency of the procedure, the source code for this year's e-voting system was put into the public domain, and anyone can now download and study the source code used from the e-voting project webpage.

The basic principle for the e-voting trial was that the voters could vote as many times they liked; only the most recent vote from each person would be counted. If an e-voter decided to go to the polling station on election day to cast their ballot instead, then that vote would be counted as their final one. The mechanism was put in place to ensure that no votes would be given under coercion.

Public/private key encryption

The electronic ballot used a public key mechanism for delivery. First, the vote itself was encrypted in such a manner it couldn't be tied to the voter's identity. Next, the vote was digitally signed with the voter's public key, to keep it tamperproof.

Around this, each voter was given their own unique set of random codes for the different candidates in the election. These codes were used as return codes from the voting system, to signifying for the voter that the vote was registered.

Once a vote was cast, the code was texted back to the voter, allowing them to compare the code sent to their phone with the printed code on their voting card — a sheet containing information such as the location of the nearest polling station — in order to ensure the voting preference that was registered was the same as the vote they had cast.

And each time an e-vote was cast, it generated a hash code — if an individual voted several times, each transaction would produce its own hash code. As a result, voters that wanted to double check that their vote was still in the system  could download the hash signature and check it was included on a public web page which showed all hash codes for every voter.

Some criticism

Even though the e-voting system with security front and centre, it still has attracted some criticism from security professionals.

The first and most discussed issue were concerns raised over the encryption used in the pilot. The encryption software on the voters' computers was thought to not have a good enough random number seed for the algorithm and, according to the security company Computas which was engaged by the government to control the system, the seed value was "very predictable".

Other security professionals also pointed out that if the voter used a smartphone or a tablet with mobile network for voting, the system could be much less secure, opening up the possibility of a hijacked web browser to communicate with the software controlling the SMSes on the phone, and then intercept the SMS receipt after casting a second vote, without the user being aware anything has gone awry.

These elements, and probably several more, are bound to be put under the microscope when the ministry begins to evaluate the performance of the e-voting trials. It's already been decided that the entire code for the voting system will be rewritten if the parliament decides to continue the project to next poll, the local government election in 2015.

Further reading

Editorial standards