Introduction to i-voting

 

About i-voting

Electronic voting (i-voting) allows votes to be cast via the Internet. A computer with an Internet connection and an ID-card or mobile ID with valid certificates are needed for that. In elections, i-voting is open for the whole duration of the advance voting period.

Estonia was the first country in the world to implement i-voting in national elections. Electronic voting with binding results has been carried out in Estonia since 2005. I-voting is popular primarily because it is efficient and convenient. Today, about one third of votes are cast via the Internet. The i-voting system currently used was completed by local elections of 2017, and it has been developed according to the new electronic voting framework.

 

The i-voting procedure

I-voting is organised by the State Electoral Office in cooperation with the Information System Authority. Before the beginning of voting, the State Electoral Office prepares the i-voting system and discloses the voter application necessary for voting on the website “valimised.ee”.

Electronic voting is open twenty-four hours on all days of advance voting (from the tenth to the fourth day before election day).

The following are needed for i-voting:

  • a computer connected to the Internet;
  • an ID-card, mobile ID or digital identity document with valid certificates and PIN codes.

For i-voting, the voter application needs to be downloaded to the computer. The voter application automatically checks the voter’s eligibility to vote and displays a correct list of candidates to the voter. After a choice has been made, the voter application encrypts the voter’s vote. The voter confirms the voting with their digital signature, and the voter application forwards the vote to the vote collecting server. At the same time, the independent registration service provides every vote with a time stamp which allows to verify later that all votes have indeed been forwarded to the collector.

The voter can check if their vote has been forwarded and received correctly with a separate smart device application.

I-votes are encrypted, using a suitable and up-to-date crypto-algorithm. The precise specification of the algorithm is determined by the State Electoral Office every time before elections. A vote is encrypted with the help of two encryption keys. The voter application uses a public vote encryption key. The vote-opening key is needed to open a vote; only members of the National Electoral Committee have access to the key.

References

Checking of the vote by smartphone

 

Changing of an i-vote

I-voting does not take place in a controlled environment like a polling place. In order to ensure that the voter expresses their actual will, it is possible for them to change their vote cast electronically.

During i-voting, a voter can always vote again and change their vote as many times as they wish. Only the last i-vote cast is taken into account, and earlier votes are annulled.

A voter may also vote by ballot paper in a voting district during advance voting. A vote cast on a ballot paper in a voting district is final (it is impossible to retrieve it from the ballot box), and therefore in such a case all i-votes of the voter are annulled. Before election day, the voting district committee receives a list of voters who have voted electronically, and compares it against the list of voters of its district on paper. If there is a notation or signature in the list concerning voting by a voter, the voting district committee submits a notice to the State Electoral Office to annul the i-vote.

I-votes are annulled on Sunday immediately before the counting of votes cast electronically.

 

Counting of i-votes and verification of results

The State Electoral Office ascertains the results of i-voting in the evening of election day. The procedure is public, and observers and members of the National Electoral Committee are present.

In the counting of e-votes, the following acts are performed with the votes:

  1. all i-votes that have to be annulled due to changing of i-votes are annulled;
  2. the personal data (digital signatures) of voters are separated from electronic votes. Anonymous votes are subject to counting. An i-vote contains only the election identificator, and a candidate registration number;
  3. i-votes are opened, using the vote-opening key. Access to the key is distributed between the members of the National Electoral Committee;
  4. votes are counted and the number of votes cast for candidates is ascertained;
  5. the voting results are entered into the election information system.

The results of electronic voting are not published until the end of voting on election day (after 8 p.m. in Riigikogu election).

After the counting of i-votes (as a rule, on the following day), the integrity of i-votes is checked. Put simply, it can be described as the second recounting of i-votes. In order for the counting of votes to be publicly verifiable, electronic votes are mixed and rearranged. Mixing must be carried out in such a way that the decryption of both the input and the output would give the same result. In the course of data audit, the auditor also checks the integrity of the i-ballot box, and the correctness of the annulment of repeated votes and of the anonymisation of votes. On the same bases with the auditor, observers can also carry out similar checking procedures.

 

Ensuring free elections and secrecy of voting in i-voting

Section 60 of the Constitution provides that elections are free, general, uniform and direct, and that voting is secret. All manners of voting must be in compliance with these principles. In i-voting, too, it must be ensured that voting takes place freely and that i-votes remain secret.

Voters are not always in the same situation when using different manners of voting, and therefore the measures to ensure the secrecy of votes and free elections in i-voting are also different from those used in ordinary voting. Differently from the voting in a voting district in the environment controlled by the electoral committee, an i-voter votes independently, choosing the time and place convenient to them. An e-voter votes by himself or herself. Voting by using another person’s ID card or mobile ID, as well as transfer of the codes thereof to another person is not allowed. In order to avoid the risks related to the security of the computer, a computer which belongs to the voter or to a reliable person must be used in i-voting.

If a voter finds that they were influenced during the casting of i-vote, they do not trust the computer they are using, or they could not vote in secrecy, it is always possible for them to change their vote as many times as they wish during the advance voting period. The last vote cast is taken into account. Therefore, if anyone wishes a voter to vote in a certain manner, it is not possible for them to check it, because they cannot know the voter’s choice when casting the last i-vote.

Besides, it is possible for a voter to vote by paper ballot in a voting district during advance voting. In such a case, their i-vote is annulled, and the vote cast on a ballot paper is taken into account.

Encryption ensures the secrecy of i-votes in the forwarding of votes. Also, the i-voting system separates personal data from i-votes before the counting of votes, and the anonymised votes are counted.

 

Ensuring the uniformity of elections, and equal treatment of voters in i-voting

The principle of uniformity means that the vote of every voter must have the same weight in elections. In electronic voting, a voter is in a different situation compared to voting in a voting district, because it is possible for the voter to change their i-vote, but not the vote cast on a ballot paper. Therefore the question may arise whether a voter who votes electronically has an advantage over a voter who votes by ballot. The Supreme Court has also assessed that. In 2005, the Supreme Court found that, in i-voting, despite the repeated voting, a voter has no possibility to affect the election results to a greater degree than the voters who use other manners of voting. A vote cast by electronic means is counted as one vote, and in terms of election results, it does not have more influence than a vote cast by a voter using another manner of voting. The Supreme Court also found that the principle of equal treatment in the context of electing representative bodies does not mean that absolutely equal possibilities for performing the voting act in equal manner should be guaranteed to all persons with the right to vote.