Firstly, people here should understand that e-voting as in voting machines and internet voting are completely different and not really comparable.
One of the opposition parties of Estonia is strongly against internet voting, mainly because their voters are not using it a lot and they are able to mobilize their voters well to go voting on paper as opposed to most other parties. For various reasons they are in power at the capital city and the trip of the researchers to go and observe the current voting process was paid by the city, so already for that they can't claim that they are totally independent. And, of course, the fact that the whole thing came to light a few days before the elections of the European Parliament was just a coincidence. This far they have yet to actually publish the report, which, from what we know this far, doesn't have any new attack vectors, only the ones that were already considered more-or-less from the very beginning.
Estonia has a smardcard-based ID card that can be used for authentication and digital signatures (two different keys). The latter is legally as good as your handwritten one which means you can build all sorts of services on top of that, elections are just one of them. The vote is encrypted with the public key of the current election, signed with the ID card and sent to a central server. Later, the double votes are removed according to the list of people who voted on the election day (so if you were forced to vote for someone and your ID card taken away, you can just grab your passport and go vote again using the paper-based method), votes are separated from the signed container, moved to a physically different machine, decrypted and counted. Anyone can go and see how all the process is done, it is fully auditable and all the video recordings of the whole process are later uploaded to Youtube. By no means it is so that only some certain people are chosen to make the audit to get favourable results.
The biggest issue I had was java/driver/OS incompatibilities which mean that I can only use the card and card-reader on my g/f's x86_64 machine, not my POWER machine, nor my x86 laptop (all running linux). Anyone with delusions that java actually actually runs everywhere at this juncture should be taken outside and put out of my misery.
That was because the Java applet contained platform-specific code for some bits that couldn't be (or just weren't) done in Java. But we've overcome that for now, more or less.
The main benefit of all the IT stack is that it saves a lot of time: you don't have to run around with a bunch of papers between various government agencies who manage everything digitally anyway. The X-Road is a data exchange layer: it is a common service-oriented stack to connect various databases and IT systems together, it just provides a secure way of doing it, nothing else. Secure as in with strong cryptography, auditable, etc. Starting a company, doing taxes and other services are just some things that use it somehow (to query some databases, etc), those weren't part of the deal.
There is one thing that just about any Estonian abroad is really going to miss: getting things done quickly when it comes to government agencies and various paperwork. A common data exchange layer and a digital ID that you can use for signing documents are the basis of that.
The only ones with the "rampant suspicions of corruption" are the opposition parties spreading FUD, especially by comparing that to electronic voting elsewhere: voting machines - which is a totally different thing.
The scandal with some party's internal voting didn't even use the same infrastructure. FUD much?
Yes, the installation and configuration of the servers is also public.
Educating the citizens is somewhat a problem, yes, because of the FUD campaign of the opposition. They like to compare it to the electronic voting machines, which isn't even related to this.
Estonia has a smardcard-based ID card that can be used for authentication and digital signatures (two different keys). The latter is legally as good as your handwritten one which means you can build all sorts of services on top of that, elections are just one of them. The vote is encrypted with the public key of the current election, signed with the ID card and sent to a central server. Later, the double votes are removed according to the list of people who voted on the election day (so if you were forced to vote for someone and your ID card taken away, you can just grab your passport and go vote again using the "old" method), votes are separated from the signed container, moved to a physically different machine, decrypted and counted. Anyone can go and see how all the process is done.
You can always vote again. If your employer forces you to vote for him, you can go home and change your vote. If your employer takes away your ID card, you can take your passport and go vote on the election day.
Estonia has a smardcard-based ID card that can be used for authentication and digital signatures (two different keys). Technically the vote is encrypted with the public key of the current election, signed with the ID card and sent to a central server. Later, the double votes are removed according to the list of people who voted on the election day, votes are separated from the signed container, moved to a physically different machine, decrypted and counted.
Slashdot Mirror
Firstly, people here should understand that e-voting as in voting machines and internet voting are completely different and not really comparable.
One of the opposition parties of Estonia is strongly against internet voting, mainly because their voters are not using it a lot and they are able to mobilize their voters well to go voting on paper as opposed to most other parties. For various reasons they are in power at the capital city and the trip of the researchers to go and observe the current voting process was paid by the city, so already for that they can't claim that they are totally independent. And, of course, the fact that the whole thing came to light a few days before the elections of the European Parliament was just a coincidence. This far they have yet to actually publish the report, which, from what we know this far, doesn't have any new attack vectors, only the ones that were already considered more-or-less from the very beginning.
Estonia has a smardcard-based ID card that can be used for authentication and digital signatures (two different keys). The latter is legally as good as your handwritten one which means you can build all sorts of services on top of that, elections are just one of them. The vote is encrypted with the public key of the current election, signed with the ID card and sent to a central server. Later, the double votes are removed according to the list of people who voted on the election day (so if you were forced to vote for someone and your ID card taken away, you can just grab your passport and go vote again using the paper-based method), votes are separated from the signed container, moved to a physically different machine, decrypted and counted. Anyone can go and see how all the process is done, it is fully auditable and all the video recordings of the whole process are later uploaded to Youtube. By no means it is so that only some certain people are chosen to make the audit to get favourable results.
Additionally, you can also check that the vote made it into the system and was for the correct candidate with your smartphone without compromising secrecy, so even if your computer was infected with malware, you can still make sure everything goes correctly.
See the website of the elections committee for more.
The biggest issue I had was java/driver/OS incompatibilities which mean that I can only use the card and card-reader on my g/f's x86_64 machine, not my POWER machine, nor my x86 laptop (all running linux). Anyone with delusions that java actually actually runs everywhere at this juncture should be taken outside and put out of my misery.
That was because the Java applet contained platform-specific code for some bits that couldn't be (or just weren't) done in Java. But we've overcome that for now, more or less.
That is just bad management, nothing else.
The main benefit of all the IT stack is that it saves a lot of time: you don't have to run around with a bunch of papers between various government agencies who manage everything digitally anyway. The X-Road is a data exchange layer: it is a common service-oriented stack to connect various databases and IT systems together, it just provides a secure way of doing it, nothing else. Secure as in with strong cryptography, auditable, etc. Starting a company, doing taxes and other services are just some things that use it somehow (to query some databases, etc), those weren't part of the deal.
There is one thing that just about any Estonian abroad is really going to miss: getting things done quickly when it comes to government agencies and various paperwork. A common data exchange layer and a digital ID that you can use for signing documents are the basis of that.
The only ones with the "rampant suspicions of corruption" are the opposition parties spreading FUD, especially by comparing that to electronic voting elsewhere: voting machines - which is a totally different thing.
The scandal with some party's internal voting didn't even use the same infrastructure. FUD much?
Yes, the installation and configuration of the servers is also public.
Educating the citizens is somewhat a problem, yes, because of the FUD campaign of the opposition. They like to compare it to the electronic voting machines, which isn't even related to this.
Yes it can.
Estonia has a smardcard-based ID card that can be used for authentication and digital signatures (two different keys). The latter is legally as good as your handwritten one which means you can build all sorts of services on top of that, elections are just one of them. The vote is encrypted with the public key of the current election, signed with the ID card and sent to a central server. Later, the double votes are removed according to the list of people who voted on the election day (so if you were forced to vote for someone and your ID card taken away, you can just grab your passport and go vote again using the "old" method), votes are separated from the signed container, moved to a physically different machine, decrypted and counted. Anyone can go and see how all the process is done.
See http://www.vvk.ee/voting-methods-in-estonia/engindex/reports-about-internet-voting-in-estonia/ for details.
You can always vote again. If your employer forces you to vote for him, you can go home and change your vote. If your employer takes away your ID card, you can take your passport and go vote on the election day.
Estonia has a smardcard-based ID card that can be used for authentication and digital signatures (two different keys). Technically the vote is encrypted with the public key of the current election, signed with the ID card and sent to a central server. Later, the double votes are removed according to the list of people who voted on the election day, votes are separated from the signed container, moved to a physically different machine, decrypted and counted.
See http://www.vvk.ee/voting-methods-in-estonia/engindex/reports-about-internet-voting-in-estonia/ for details.