1 / 26

Internet Voting in Estonia

Internet Voting in Estonia. Tarvi Martens Project Manager National Electoral Committee. E-stonia ?. Population: 1.35M Everyday Internet usage: 54% Internet banking: 86% Mobile penetration: 95% 1000+ Free Internet Access points PKI penetration: >65%

laura-bass
Download Presentation

Internet Voting in Estonia

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Votingin Estonia Tarvi MartensProject Manager National Electoral Committee

  2. E-stonia ? • Population: 1.35M • Everyday Internet usage: 54% • Internet banking: 86% • Mobile penetration: 95% • 1000+ Free Internet Access points • PKI penetration: >65% • Biggest national eID card roll-out in the Europe !

  3. Internet Voting? • In October 2005 Estonia had first-ever pan-national Internet Voting with binding results • ~80% of voters had a chance to vote via Internet due to the ID-card • ~2% of participated voters used that possibility

  4. ID-card Project • Started in 1997 • Law on personal identification documents: Feb, 1999 • Digital Signature Act: March, 2000 • Government accepted plan for launching ID-card: May, 2000 • First card issued: Jan 28, 2002 • Dec 2005: 880 000+ cards have been issued

  5. The Card • “Compulsory” for all residents • Contains: • Personal data file • Certificate for authentication (along with e-mail address Forename.Surname@eesti.ee) • Certificate for digital signature

  6. Usage of the ID-card • Major ID-document • Replacement of • (transportation) tickets • library cards • healt insurance card • driver documents • etc... • Authentication token for all major e-services • Digital signature tool

  7. Internet Voting ? • Not a nuclear physics • Just another application for ID-card ...with some special requirements & measures...

  8. What it takes ?

  9. Legal foundation 2002 1)voter can use internet for voting 2)voter is authenticated using ID-card 3) voter confirms his selection with digital signature 4)e-voting takes place during absentee voting i.e. days 6.-4. before the Election Day

  10. Big Fight in 2005 • Amendments to the electoral law to reflect the reality • Long discussions in the Parliament • The President rejected the amended law twice • National Court decided that the amendments are correspondant to the Constitutional Law • Issue: With Internet voting you can vote repeaditly

  11. I-voting Main Principles • All major principles of paper-voting are followed • I-voting is allowed during period before Voting Day • The user uses ID-card • System authenticates the user • Voter confirms his choice with digital signature • Repeated e-voting is allowed • Only last e-ballot is counted • Manual re-voting is allowed • If vote is casted in paper during the Election Day, e-vote(s) will be revoked

  12. Voter registration • Missing • All citizen (residents) should register their place of living in central population register • Only voters with registered addresses are eligible • Population register is used

  13. To vote via Internet voter needs: An Estonian ID card with valid certificates and PIN-codes Computer used for voting must have: A smart card reader A driver for ID card (free to download from page www.id.ee/installer) A Windows,Linux or MacOSX operating system

  14. I Website for voting www.valimised.ee www.valimised.ee

  15. II Authentication • Put your card into card reader • Insert PIN 1 for authentication ****

  16. III Ballot completion • Choose a candidate

  17. IV Authentication • Confirm your choice • Insert PIN 2 *****

  18. V Confirmation

  19. Encryptedvote Digital signature Envelope scheme E-voters E-votes Results Public key Private key

  20. Architecture Central System List ofVoters List ofCandidates Voterapplication VoteForwardingServer VoteStoringServer VoteCountingApplication log log log Key Management Audit Auditapplication

  21. Principles for selecting technology for I-voting • Involve all major influencers and “specialists” • Keep it as simple as possible • Build it on secure&stable platforms (Debian) • No: • Databases (engines) • 9GL envirmonments – use C & Python • 3rd party libraries too much

  22. Managing Procedures • All fully documented • Crash course for observers-politicians & auditors • All security-critical procedures: • Logged • Audited & observed • Videotaped • All major IS-specialists involved for network-monitoring 24/7 for dDOS or trojans

  23. Physical Security • Governmental security hosting • Two independant departement guarding the server room • Strict requirements for entering the server premises • Auditor(s), cam-man, operator, police officer • Sealing of hardware

  24. Some statistics

  25. Lessons learned • I-voting is not a killer-application. It is just another way for people to vote • People’s attitude and behavior change in decades and generations, not in seconds • I-voting will be as natural as Internet-banking but even more secure • Internet voting is there to stay

  26. More information http://www.vvk.ee/engindex.htmlval@riigikogu.ee tarvi@sk.ee

More Related