Domain: vvk.ee
Stories and comments across the archive that link to vvk.ee.
Comments · 29
-
It's been done, though
No one's mentioned Estonia yet, so here we go: http://www.vvk.ee/voting-metho...: secret ballot over the Internet, separation of voter and vote, vote verification, and last but not least, open-sourced voting software. Researchers have pointed out a few hypothetical attack vectors available to state-level entities (last from 2014) which have been closed ever since, but the bigger problem is actually handling the PR during the elections, in the sense that a malicious person or persons can claim their votes were "hacked", drum up the media coverage, and even though they'll be proved wrong, the integrity of the ongoing elections would still be compromised.
-
Re:The report is part of a political gambit
And since I cannot edit my own post, here is the rebuttal of the Estonian National Electoral Committee: http://www.vvk.ee/valimiste-ko...
-
FUD
Firstly, people here should understand that e-voting as in voting machines and internet voting are completely different and not really comparable.
One of the opposition parties of Estonia is strongly against internet voting, mainly because their voters are not using it a lot and they are able to mobilize their voters well to go voting on paper as opposed to most other parties. For various reasons they are in power at the capital city and the trip of the researchers to go and observe the current voting process was paid by the city, so already for that they can't claim that they are totally independent. And, of course, the fact that the whole thing came to light a few days before the elections of the European Parliament was just a coincidence. This far they have yet to actually publish the report, which, from what we know this far, doesn't have any new attack vectors, only the ones that were already considered more-or-less from the very beginning.
Estonia has a smardcard-based ID card that can be used for authentication and digital signatures (two different keys). The latter is legally as good as your handwritten one which means you can build all sorts of services on top of that, elections are just one of them. The vote is encrypted with the public key of the current election, signed with the ID card and sent to a central server. Later, the double votes are removed according to the list of people who voted on the election day (so if you were forced to vote for someone and your ID card taken away, you can just grab your passport and go vote again using the paper-based method), votes are separated from the signed container, moved to a physically different machine, decrypted and counted. Anyone can go and see how all the process is done, it is fully auditable and all the video recordings of the whole process are later uploaded to Youtube. By no means it is so that only some certain people are chosen to make the audit to get favourable results.
Additionally, you can also check that the vote made it into the system and was for the correct candidate with your smartphone without compromising secrecy, so even if your computer was infected with malware, you can still make sure everything goes correctly.
See the website of the elections committee for more.
-
FUD
Firstly, people here should understand that e-voting as in voting machines and internet voting are completely different and not really comparable.
One of the opposition parties of Estonia is strongly against internet voting, mainly because their voters are not using it a lot and they are able to mobilize their voters well to go voting on paper as opposed to most other parties. For various reasons they are in power at the capital city and the trip of the researchers to go and observe the current voting process was paid by the city, so already for that they can't claim that they are totally independent. And, of course, the fact that the whole thing came to light a few days before the elections of the European Parliament was just a coincidence. This far they have yet to actually publish the report, which, from what we know this far, doesn't have any new attack vectors, only the ones that were already considered more-or-less from the very beginning.
Estonia has a smardcard-based ID card that can be used for authentication and digital signatures (two different keys). The latter is legally as good as your handwritten one which means you can build all sorts of services on top of that, elections are just one of them. The vote is encrypted with the public key of the current election, signed with the ID card and sent to a central server. Later, the double votes are removed according to the list of people who voted on the election day (so if you were forced to vote for someone and your ID card taken away, you can just grab your passport and go vote again using the paper-based method), votes are separated from the signed container, moved to a physically different machine, decrypted and counted. Anyone can go and see how all the process is done, it is fully auditable and all the video recordings of the whole process are later uploaded to Youtube. By no means it is so that only some certain people are chosen to make the audit to get favourable results.
Additionally, you can also check that the vote made it into the system and was for the correct candidate with your smartphone without compromising secrecy, so even if your computer was infected with malware, you can still make sure everything goes correctly.
See the website of the elections committee for more.
-
Re:Designed Poorly
Yes it can.
Estonia has a smardcard-based ID card that can be used for authentication and digital signatures (two different keys). The latter is legally as good as your handwritten one which means you can build all sorts of services on top of that, elections are just one of them. The vote is encrypted with the public key of the current election, signed with the ID card and sent to a central server. Later, the double votes are removed according to the list of people who voted on the election day (so if you were forced to vote for someone and your ID card taken away, you can just grab your passport and go vote again using the "old" method), votes are separated from the signed container, moved to a physically different machine, decrypted and counted. Anyone can go and see how all the process is done.
See http://www.vvk.ee/voting-methods-in-estonia/engindex/reports-about-internet-voting-in-estonia/ for details.
-
Re:Estonia
Ah, fair point, but according to this pdf a poster posted in a comment in this thread, you can apparently re-vote:
http://www.vvk.ee/public/dok/Internet_Voting_in_Estonia.pdf
Relevant portion:
Voters' free expression cannot be wholly guaranteed in case of Internet voting, therefore, i-voter has the right to replace his/her i-vote with:
another i-vote -> only the last vote counts
a paper ballot -> i-vote is cancelledBasically it's a matter of correctly planned checks and balances (a matter, as a student of accountancy, I have been hammered with A LOT).
And frankly, the very fact this point is being brought up makes me very depressed about America. I mean, as a 3rd worlder, I understand that *my* rights are worth shit, but why are *you* guys so worried this might be abused?
I thought with you with your first world status, your rights would be iron-clad, is it so common to leave loop holes *this* obvious, that you are immediately worry about it being abused? Where is your confidence that things will be taken care of and properly planned? I can understand *us* being herded like chattel to the voting booth, but why is difficult for *you* to say to your employer, NO?
Frankly, if things are so bad, then you have bigger problems then just some fake votes.
-
Re:Estonia
You can always vote again. If your employer forces you to vote for him, you can go home and change your vote. If your employer takes away your ID card, you can take your passport and go vote on the election day.
Estonia has a smardcard-based ID card that can be used for authentication and digital signatures (two different keys). Technically the vote is encrypted with the public key of the current election, signed with the ID card and sent to a central server. Later, the double votes are removed according to the list of people who voted on the election day, votes are separated from the signed container, moved to a physically different machine, decrypted and counted.
See http://www.vvk.ee/voting-methods-in-estonia/engindex/reports-about-internet-voting-in-estonia/ for details.
-
Re:I didn't know
There is also an electronic voting system in Estonia that uses ID cards (a smart card) for secure authentication. There is also a short summary about the secrecy scheme of the voting process in the document referenced below.
http://www.vvk.ee/public/dok/Internet_Voting_in_Estonia.pdf -
Estonian e-voting system overview
Internet Voting in Estonia
Also a paper discussing the security of such approach (includes comparison with SERVE; PDF) -
Re:A secret ballot cannot be done from your PC
In Estonia people can change their vote after e-voting. If somebody made you vote for something they wanted, you can later re-vote electronically or physically. The latest vote counts.
For technical details, browse the Estonian National Electoral Committee's homepage. -
Re:Yes, yes, and...Estonia I can almost forgive, as they're relatively poor and didn't have much time to go from Soviet-era attitudes to something saner. They should still have done more.
Estonia is doing some interesting things online. They seem to have progressed from that Soviet era attitude you mention.
-
Re:no secret ballot = vote buying and coercion
For example, your boss can tell you to vote while he is watching. If you don't vote the way that he wants he will fire you.
...and in Estonia, this is solved by allowing you to change your vote as many times as you wish until the election day, and on that day you can still drop traditional ballot which overrides the e-vote.
http://www.vvk.ee/elektr/docs/Yldkirjeldus-eng.pdf has description of their system. Considering the confidentiality aspects, read especially pages 9 and 13. -
Estonian E-Voting System
If you want to know how proper Internet Voting System works, then read Estonian E-Voting System - General Description
The only prerequisite for a country to use the system is that it has to deploy PKI at first... -
estonian e-voting
-
Re:Bad idea for this reason
The Estonian e-voting system preserves the voters anonymity thus preserving secret voting.
"Public key cryptography is used. The E-voter (application) encrypts his/her choice (number of candidate) with the system's public key and signs the result digitally. The votes are collected, sorted, voter's eligibility is verified and invalid votes are removed (double votes, votes of ineligible voters). Next the outer envelopes (digital signatures) are separated from inner envelopes (encrypted votes). Voter lists are compiled from outer envelopes. Inner envelopes (which are not associated with the identity of the voter any more) are forwarded to the vote-counter who has the private key of the system. The vote-counter (application) outputs the summed results of e-voting."
Extract from "E-Voting System, Overview" @ http://www.vvk.ee/elektr/docs/Yldkirjeldus-eng.pdf -
Re:Paper trail? Independent audits?
See http://www.vvk.ee/elektr/docs/Yldkirjeldus-eng.pd
f for an overview of the system - which includes an auditing facility. -
Organisational and Technical overview
An overview of the technical and organisational aspects of the Estonian e-voting system can be found at http://www.vvk.ee/elektr/docs/Yldkirjeldus-eng.pd
f -
Description of Estonian e-voting system
I think a lot of questions asked in the posts are answered in this document: http://www.vvk.ee/elektr/docs/Yldkirjeldus-eng.pd
f .
There are some other presentations also in English on the Estonian National Electoral Committee's webpage http://www.vvk.ee/engindex.html. -
Description of Estonian e-voting system
I think a lot of questions asked in the posts are answered in this document: http://www.vvk.ee/elektr/docs/Yldkirjeldus-eng.pd
f .
There are some other presentations also in English on the Estonian National Electoral Committee's webpage http://www.vvk.ee/engindex.html. -
More informationDescription of the voting system can be found here: http://www.vvk.ee/elektr/docs/Yldkirjeldus-eng.pd
f As such, the system is decent. What remains a problem is that the specification is not legally binding. All the law says is "there can be electronic voting" in a few hundred words, but despite the process having been designed with security in mind, the law doesn't enforce how the electronic voting should take place exactly. For all intents and purposes, the government could just say, "hey let's just streamline the voting a bit and cut of those security checks there and here" and yield a 200% turnout or whatever, because the law doesn't specify how the voting should work.
-
How it worksSee http://www.vvk.ee/elektr/docs/Yldkirjeldus-eng.pd
f for a detailed description.Voting interface is web-based. The voter's choice is encrypted with the public key of the voting system and then digiatally signed by the voter's ID card. It's an envelope within an envelope system: the vote is kept in the internal envelope, whereas the external envelope is the voter's digital signature of the internal envelope.
The internal envelope with the vote has no link with the identity of the voter. The envelope can only be "opened" using the voting system's private key -- only by the poll organizers. The external envelope has two functions: (1) links the internal envelope with the vote to a voter, (2) verifies whether the internal envelope hasn't been tampered wth (provided that the voter trusts that the internal encrypted envelope, which the voter can't open, does actually contain the right vote when being signed).
Once the vote has been received the digital signature is verified and then the vote is decrypted. The digital signatures and the votes are then kept separately. The encrypted version of the vote is kept as well for audit purposes. This way it is possible to verify whether the unencrypted votes match the cast votes (encrypted votes), and whether encrypted votes in turn link one-to-one with real voters.
-
Re:They have no idea if the system worked or not.
clearly you dont have a clue how thing really work here so, why dont you read through this document http://www.vvk.ee/elektr/docs/Yldkirjeldus-eng.pd
f Also consider that there are people who would like to tear down this system and reveal all the bad thing about it so they could promote their own campaign. -
Re:info?
Estonia has an electronic ID card. You can read about it here(in english) http://www.id.ee/pages.php/0303 and about Estonian Internet voting from here http://www.vvk.ee/elektr/docs/Yldkirjeldus-eng.pd
f -
For those who want to know more
Estonian E-Voting System - General Description, http://www.vvk.ee/elektr/docs/Yldkirjeldus-eng.pd
f
Estonian National Electoral Committee, http://www.vvk.ee/engindex.html -
For those who want to know more
Estonian E-Voting System - General Description, http://www.vvk.ee/elektr/docs/Yldkirjeldus-eng.pd
f
Estonian National Electoral Committee, http://www.vvk.ee/engindex.html -
Re:Privacy?
Find out it at http://www.vvk.ee/
Its the official Vabariigi valimiskomision (National Electoral Commitee) page.
There is even an english section. -
Re:Privacy?
As an Estonian e-voter I have some things to add
;) There is a general document on the process that also covers the storage of votes and identity management. Basically, the (anonymous) vote is encrypted and stored in an envelope bearing the voter's ID. So you can later change your vote and your vote can be discarded if you decide to do it the old way. However, the keys used to encrypt the votes are generated by a hardware crypto-server. To access the private keys needed to decrypt the votes, 4 of 6 smartcard-equipped representatives must be present. I'm not a cryptographics guru but I believe in the 'mathematical' soundness of all this. However, main concerns of serious opponents rely elsewhere. The voting process is not as transparent as it is in the case of ordinary paper-and-pen mechanism. You can basically buy the ID card from some poor homeless dude (or even help him acquire it and pay for it + some extra for booze) and nobody can later invalidate the vote(s) you gave. There are some other related ways of possible abuse, such as using botnets/malware to render e-voting infrastructure useless etc, but they have been generally taken care of as e-voting can only be used during so-called pre-voting period (not sure what might be the correct terminology), before the actual election day. So if you couldn't e-vote, you can always go and resort to the good old way. -
More details and overview document in English
Here's Estonian E-Voting System - General Description (PDF) in English. Other documents are available in Estonian here.
-
More details and overview document in English
Here's Estonian E-Voting System - General Description (PDF) in English. Other documents are available in Estonian here.