eGovernment systems
Internet voting
Internet-voting (i-voting)
Estonian public key infrastructure (PKI) based electronic identification card - ID-card - was introduced in 2002. Since then, governmental institutions and private companies have introduced numerous applications for the card: internet banking, online tax declaration, paying for public transport, and giving legally binding digital signatures to electronic documents.
In 2003, the i-voting project was initiated by the Estonian government. Top cryptographers and computer security experts from around the country were engaged to thoroughly analyze the possibilities, risks, and threats involved. These activities concluded in 2004 with public procurement of the i-voting system. Cybernetica won the contract and was given one year to develop a solution that would ultimately increase voter participation, strengthen democratic values and make good use of almost 850,000 ID-cards (covering most of the eligible voters) issued at the time. While some legal aspects of i-voting have caused public controversy and Parliamentary debates, the solution itself was deemed suitable and soon put to use at the 2005 local government council elections. i-voting took place during advance polls and allowed voters to recast their vote as many times as they wished; only the vote given last was taken into account. On voting day, voters could cast their final ballot in a polling station if they wished to override previous i-votes. Almost 10,000 ballots were cast over the Internet, and since no technical or legal faults occurred, i-voting was universally hailed a success.
The security of i-voting is based on public key cryptography. Before the election, a system key pair is generated in a hardware security module. The private component, that is used later in the tabulation process to decrypt ballots, never leaves the securely stored module. The public component used to encrypt the ballot is integrated into client application distributed to voters. All data exchanged between various voting servers leave a verifiable audit trail, so any attempt to tamper or falsify voting information can be discovered.
Additional information: Internet voting solutions (.pdf)
