OSCE flag concerns with Estonian e-voting system

Emilis Dambauskas writes:

I have noticed that OSCE published final assessment report for Estonian Parliamentary Elections that happened on 6th March 2011:

Executive summary states:

Voters could cast their ballots via the Internet during the advance  voting period from 24 February to 2 March. Despite concerns raised by some interlocutors, the OSCE/ODIHR EAM in general found widespread trust in the conduct of the Internet voting by the National Electoral Committee (NEC). However, there is scope for further improvement of the legal framework, oversight and accountability, and some technical aspects of the Internet voting system.

However there are some details which make the situation smell strangely:

(page 11): During the counting, one vote was determined invalid by the vote counting application since it was cast for a candidate who was not on the list in the corresponding constituency. The project manager could not explain how this occurred – the investigation was still ongoing at the time of issuing the report.

A student demonstrated that the client-side voting application “was flawed and could make it possible for a virus to block a vote without the voter knowing that any interference had occurred”:

The report mentions various other questionable practices by the i-voting vendor (called “project manager”). I want to re-read the report, but it seems like Estonians may have privatized their elections…

Indeed privatisation is another reason to resist the introduction of e-voting, as it is much harder to scrutinise the processes and systems used. Another quote from the report rings alarm bells for me:

The vendor, Cybernetica AS, handed over the internet voting software to the NEC in December 2010. The OSCE/ODIHR [election monitoring mission] was informed that the [privately contracted] project manager was able to update the software of the Internet voting system until right before the elections started, and without a formal consent of the NEC. This was done without any formal procedure or documented acceptance of the software source code by the NEC, which limited the information on which version of the software was ultimately used.

More concerns:

As in previous elections, and despite the recommendation made by the OSCE/ODIHR in 2007, the time of casting a vote was recorded in a log file by the vote storage server along with the personal identification code of the voter. This could potentially allow checking whether the voter re-cast his/her Internet vote, thus circumventing the safeguards in place to protect the freedom of the vote.

The project manager accessed the servers for daily data maintenance and backup breaking the security seals and using a data storage medium employed also for other purposes. This practice could potentially have admitted the undetected intrusion of viruses and malicious software.

There were also weak disaster recovery processes in place and source code for the client application (only) could only be inspected after signing a non-disclosure agreement. In other words highly unsatisfactory and if anyone seriously challenged  the results it would be nigh on impossible for the Estonian election commission to prove that no tampering had occurred.

Read the full OSCE report [PDF]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.