The weak point of the Estonian e-voting system is verifiability, i.e. a mechanism that would allow observers to make sure in a reasonable way that the results have not been rigged. And this shortcoming cripples trust in it, writes opinion columnist and editor Martin Ehala.
Cybersecurity expert Carsten Schürmann from the IT University of Copenhagen has explained the layers of e-voting systems well: even a student could program a functioning e-voting system. It is more difficult to program a secure voting system, but it can be done. But the e-voting system must also be verifiable. The real difficulty starts at this level. At the top of the pyramid is trust, which is the hardest to achieve.
The main story of today's Focus, written by the e-voting observer Märt Põder, explains it well. The writer claims that the e-votes lacked proper digital signatures. According to the explanation provided by the election organizer, the certificate was temporarily separated from the digital signature during processing, because it was necessary. Therefore, the user was presented with an error message as if the signature was not valid. In fact, after processing the signatures and certificates were merged again to form a valid signature.
The process might have been necessary, but it doesn't increase trust. Imagine if you want to buy something from someone online and you need an advance payment. You enter into a digitally signed contract, but your signing app DigiDoc gives you an error message that the seller's signature is invalid. He sends you a screenshot to reassure you that his computer isn't showing an error message. Some buyers would probably be assured by this, but certainly not everybody.
Põder won't settle. He describes how e-election observers have been sidelined and silenced. And it's not his delusion. In the spring, when the Supreme Court made a decision regarding EKRE's (the Estonian populist conservative party) complaints about e-elections, Supreme Court Chairman Villu Kõve presented a competing position. Kõve agreed with the court's decision but pointed out that «the appeal procedure must be effective and ensure a real, not just a formal and superficial evaluation of the applicant's claims, inevitable due to time pressure and the limitation of the subject of the proceedings».
The official responses to Põder’s complaints show this well - some complaints have been left out of consideration under the pretext that he has no right to complain about e-elections at all, some due to exceeding the short appeal deadline. And the reasons themselves are in such complicated legal language that they hardly convince somebody who has doubts.
The shortcomings of the verifiablity and trust of e-voting are also highlighted in the final report of the OSCE expert group that monitored the 2023 parliamentary elections in Estonia, stating that the election organizer should take the problems raised by doubters seriously. Also, the election organiser «should remove deficiencies in individual verifiability and ensure that all critical steps of determining the results of internet voting are auditable».
These problems are not new, but have characterized Estonian e-elections since the beginning. But it has not been possible to eliminate them. Other countries have experienced the same.
Denmark is very digitized, they have a digital signature and an e-state. They planned to introduce e-elections in 2012. But according to Professor Schürmann, the technically complex explanations of the draft e-voting law did not arouse trust in society, and Denmark gave up.
And even ten years later, the Advisory Board for Information Security at Dansk IT believes that «confidence in the electoral process is far more important than a technological solution, and we therefore advocate for a continued analogue and transparent electoral process». Norway, France, Åland and some other countries have also considered e-voting but have also refrained from it for reasons of security, verifiability and trust.
In Estonia, it has been tried to maintain trust in e-elections mainly by silencing the doubters in public opinion, which is why there has been little substantive discussion. The chairman of the Supreme Court of Estonia also draws attention to this in his competing opinion: «According to the narrow approach to relevance, and due to legal nuances, it is essentially almost impossible to reach a comprehensive assessment of the constitutionality of the electronic voting regulation within the framework of a specific judical review.»
E-voting has been in use for almost 20 years in Estonia, but its constitutionality has not yet been fully assessed! How can such a chronic deficit rise confidence in e-voting?
But the situation is far more serious. The final report of the OSCE election expert team for the 2023 elections states that Estonia's e-election system is not even secure: «An insider with sufficient resources to alter the system, if able to do so undetected, could manage to control which votes are removed and therefore partially impact the results».
This does not mean that our political elite should be corrupt for this to happen. It is sufficient if there is just one ideologically committed person, a lone wolf, who manipulates the results to help the parties advocating his cause to come to power. He wouldn't do it for personal gain, he wouldn't have any ties to any political party, a security check wouldn't show anything suspicious about this person. And the society would probably even not suspect a fraud, but the results would still be rigged.
And it cannot be ruled out that a foreign agent (like the Russian spy Herman Simm who worked years as the chief of the Estonian Defence Ministry's security department) is working in the system. He might even have done anything so far but would wait for his moment to alter the results so obviously that everyone would see that they were rigged. Such failure would cast the integrity of all previous e-elections to shadow, as well. In the current already divided situation, such an attack could throw Estonia into political chaos.
This is not paranoia. OSCE election observers politely signal Estonia is skating on a really thin ice. It may not break, but being in such a situation cannot be tolerated.
Estonia was innovative when it started with e-voting in 2005. It is also understandable why it was necessary to keep trust high and silence the doubters – there was a great hope that other countries would follow Estonia’s example and e-voting would become an internationally accepted standard. Unfortunately, nothing like that has happened. Countries that have considered or tried e-voting have found it not worthwhile. Apart from Russia, where e-voting was made available on the 2024 presidential election to vote for Putin.
Bolt, Pipedrive, Wise and Veriff have become unicorns from Estonia, but e-voting did not succeed. Its problems are the same as in the beginning. These problems are intrinsic: they can be ignored, but they cannot be solved. And 20 years is long enough to say: «History has given its verdict on e-elections.» It would be wise for us to take this verdict into account.