Internet Voting in Estonia

Electronic voting (I-voting) is one of the possibilities to vote in addition to other voting methods. I-voting means in this context voting via Internet, not voting by using a special voting device.

It was first introduced in the local elections of 2005, when more than 9 thousand voters cast their ballot via the Internet (this corresponded to about 2 per cent of all participating voters). Today, I-voting with binding results has been carried out five times in Estonia: in the local elections in October 2005, the parliamentary elections in March 2007, the European Parliament elections in June 2009, the local elections in October 2009 and the parliamentary elections in March 2011. Please see also statistics.  

One of the ways to vote is outside the polling division of the voter’s residence. This means that during the voting, the voter puts his or her vote into double envelope and the envelope is delivered to the voter’s polling division of residence. The general pattern of I-voting has been derived from the above-mentioned voting outside the polling division of residence. What is similar in these two voting methods is the way of checking that the vote has been cast only once and guaranteeing the anonymity of vote.
 
In order to understand the I-voting system better, the envelope voting method used in Estonia should be described shortly:
-          A voter presents an ID document to be identified.
-          The voter then receives the ballot and two envelopes.
-          The voter fills in ballot paper and puts it into the envelope, which has no marks about the person elected.
-          Then he encloses the envelope into outer envelope on which he writes his personal details.
-          The envelope is delivered to the voter’s polling division of residence, eligibility of the voter determined on the outer envelope, the outer envelope is opened and the inner (anonymous) envelope is put into the ballot box.
The system guarantees that the voter’s choice shall remain secret and recording the postal voting in the list of voters in the polling division of residence prevents voting more than once.
 
I-voting is carried out according to the same scheme. The application downloaded in the voter’s computer during I-voting encrypts the vote. The encrypted vote can be regarded as the inner, anonymous envelope. After that the voter gives a digital signature to confirm his or her choice. By digital signing, the voter’s personal data or outer envelope are added to the encrypted vote. 
 
I-voting is possible only during 7 days of advance polls - from 10th day until 4th day prior to Election Day. This is necessary in order to guarantee that in the end only one vote is counted for each voter.
 
To ensure that the voter is expressing their true will, they are allowed to change their electronic vote by voting again electronically during advance polls or by voting at the polling station during advance polls.
 
For example, if a voter who has voted electronically cancels his/her vote by going to the polling station to vote, it is guaranteed that only one vote is counted per voter. To that end, all polling stations are informed of the I-voters on their list of voters after the end of advance poll and before the Election Day on Sunday. If it is found at the polling division that the voter has voted both electronically and with paper ballot, the information is sent to the National Electoral Committee who cancels that voters’ e-vote.
 
Before the verification of voting results in the evening of the Election Day, the encrypted votes and the digital signatures with personal data or inner and outer envelopes are separated. Then anonymous I-votes are opened and counted. The system opens the votes only if they are not connected to personal data. 
 
For more detailed information read: Estonian I-Voting System: General Description.  
Time framework of I-voting: I-votes may be given during 7 days from 10th day until 4th day before the Election Day.
 
Possibility to recast I-vote: a voter has a possibility during I-voting period to recast his/her vote, the last cast vote counts.
 
Precedence of the ballot paper voting: if a voter goes to the polling station during advance polls and casts his/her vote using paper ballot (having I-voted prior to that), then I-vote is cancelled. A voter may not change his/her vote on the Election Day.
 
Similarity of I-voting to regular voting: I-voting follows the Election Act and election traditions and is just as secure as regular voting. Thus, it is uniform and secret, only eligible voters may vote, every person may cast only one vote, it should be impossible for voter to prove the way he/she voted. The collecting of votes is secure, reliable and verifiable.
 
The voter must be able to cast his/her vote freely and without disturbance. Incitement to e-voting by offering a computer for that purpose or influencing voters in any other way is prohibited, among other things, no collective I-voting events (opening of e-voting offices or service desks, etc.) shall be organised insofar as such activities may be considered violation of the freedom of voting.

An e-voter shall vote himself/herself. Using another person’s ID card (or mobile-ID) for voting and transfer its codes to another person is prohibited. With a view to avoiding the risks related to the security of the computer, a computer which belongs to the voter personally or to a reliable person shall be for e-voting, etc.
1.      I-voting by means of ID card
 
Needed:
-          ID card (both the old version as well as new ID card version) with PIN codes (if PIN codes lost, new ones may be requested from service points of Citizenship and Migration Bureau of the Prefecture or respective bank offices) and certificates (if certificates are invalid, they may be renewed by voter at sk.ee/id-kontroll/).
-          Computer with Internet connection
-          Smart card reader and ID card software (may be installed from installer.id.ee/).
 
For regular users new ID card version (in use from 1 January 2011) will not bring along great changes. ID card software should be renewed if necessary. (See also id.ee)
 
Stages of I-voting by means of ID card
-          Voter inserts ID card into the card reader
-          Opens I-voting page of the National Electoral Committee (www.valimised.ee)
-          Downloads and initiates voter application
-          Identifies himself/herself by entering PIN1 code
-          Consolidated list of candidates in the electoral district of the residence of the voter shall be displayed to the voter on the computer screen
-          Voter makes the choice
-          Confirms his/her choice by digital signature and entering PIN2 code
-          Receives a notice displayed on the computer screen that the vote has been accepted.
 
2.      I-voting by means of digital ID
 
Digital ID, i.e. digi-ID is a document, which allows identifying a person in the electronic environment and giving digital signature. Digi-ID looks like an ID card, but without a user’s photo, it is also not used to visually identify the person.
 
Stages of I-voting and means in using digi-ID are similar to the ones used with ID card.
 
3.      I-voting by means of mobile-ID
 
This method shall be used for the first time during 2011 elections to the Riigikogu.
 
Needed:
-          Mobile-ID SIM card with PIN codes and certificates
-          Computer with Internet connection
-          Mobile phone
 
There is no need to install a card reader on the computer and special software; the mobile phone with the respective SIM card performs the functions of the card and card reader simultaneously. Mobile-ID must be activated by ID card prior to use.
 
In order to I-vote, persons who have already joined the mobile-ID service through operators must re-register their mobile-ID from 1 February 2011 on the web of the Police and Border Guard Board (politsei.ee). Those applying for mobile-ID SIM card after 1 February, must activate their card on Police and Border Guard Board web.
 
Stages of I-voting if mobile-IDis used:
-          Voter opens with a browser I-voting page of the National Electoral Committee (www.valimised.ee)
-          Downloads and initiates voter application
-          Enters his/her mobile number into the computer
-          Identifies himself/herself by entering in the mobile phone mobile-ID PIN1 code (prior to that a control code is sent to you mobile phone by SMS)
-          Consolidated list of candidates in the electoral district of the residence of the voter shall be displayed to the voter on the computer screen
-          Voter makes his/her choice with the computer
-          Confirms his/her choice by digital signature, entering in the mobile phone mobile-ID PIN2 code (prior to that a control code is sent to you mobile phone by SMS)
-          Receives a notice displayed on the computer screen that the vote has been accepted.
 
It would not be possible to vote only by using a mobile phone during 2011 elections to the Riigikogu, a computer with Internet connection is also needed. Via Mobile-ID a person may be identified and a digital signature given. Thus, it is too early to talk about m-voting as such.
 
Although several smart phones allow with the help of mobile-ID access to the Internet banks, the I-voting in 2011 voter applications created for computer platforms must be used. The number of mobile telephone software platforms is extremely great. I-voting voter application must be secure, and it may be ensured only by using most widely spread platforms of laptops and desk computers.
 
In order for operations to run smoothly and timely, an I-voting may be tested for three days at www.valimised.ee. Test I-voting allows to check whether voters computers has the right settings, ID-card (or mobile-ID SIM card) certificates are valid and PIN codes exist If any problems occur, there is still enough time to solve them.

+ + +