What Estonia’s record number of i-voters teaches us about election trust

DISCLAIMER: All opinions in this column reflect the views of the author(s), not of EURACTIV Media network.

The candidate of the Centre Party, the current Prime Minister of Estonia. Juri Ratas is seen on a pre-election poster in Tallinn on 22 January 2019. [EPA-EFE/Valda Kalnina]

Estonia is in the midst of a parliamentary election. With election day this Sunday, almost 40% of voters have already cast their preference during the early voting period. Most of them i-Voted, submitting their ballot online, writes Liisa Past.

Liisa Past is a Next Generation Leader at the McCain Institute for International Leadership at the Arizona State University (ASU) and former Chief Research Officer at the Cyber Security Branch of the Estonian Information System Authority (RIA), where she designed, led and carried out analysis related to cyber security, including risk, threat and impact assessments.

Given the disinformation campaigns and cyber attacks against elections around the world, these two domains have been closely watched. Thus far, it is business as usual.

In the digital sphere, a background of attempts to break into systems, or impact them otherwise, is to be expected but there is presently no evidence of successful campaigns against the cyber security of election technology. Seems that the government-backed secure digital identity and online voting application, that facilitate i-Voting, are in good health.

Similarly, a level of adversity is expected in political campaigning, particularly with several new players seeking seats in the Parliament. The political discussion has been shaped by the competitors in the race.

Interference: nothing new under the Sun

Despite the cyber security scares of recent years, interference in elections is not a new problem. Rather, throughout the history of modern elections, governments, parapolitical and government-backed organizations as well as activists and political forces have sought to influence the electoral process and impact the outcome using all and any tools available to them.

Election meddling and information operations are right out of a Cold War statecraft playbook. What the world has seen recently is a rose by any other name that smells as sweet.

The digital sphere is nothing but another domain for malicious players who have not shied away from information campaigns and ballot-box stuffing in the past. Attacks against elections and their participants, most notably the theft and leaking of Hillary Clinton’s e-mails, have been attributed to entities connected to the Russian Federation and its intelligence services.

Election security is not a technical issue

Therefore, protecting democratic institutions through securing elections is not a technical or technocratic question. In a rule-of-law based society, the legitimacy of elections is a constitutional issue.

The voters need to have confidence that their political preference is recorded and tallied as intended, and that the elections are open, free and fair, based on a secret ballot. The exact way this is reflected in legislation might differ, but the principles are clear.

In Estonia, for example, paragraph 60 of the Constitution states that the elections to Riigikogu, the Parliament are “general, uniform and direct. Voting is secret.” Regardless of the role of technology, elections have to fulfill these criteria. All tools or methods used in elections have to be measured up against this.

For example, the ballot boxes have to be sealed properly, safeguards need to be in place against a person casting more than one vote, or in case of errors in tallying votes. Digital services, as well as the use of pen and paper, a form of analogue technology, have to be assessed by the same standards.

The 21st-century politically-motivated attacker is agile and resourceful, opportunistically using any tool that most easily fulfils the strategic goal of sowing doubt. Therefore they are expert at combining cyber-enabled attacks with information warfare, lawfare, intelligence gathering and so on.

The last few years have demonstrated the ease with which adversarial activity moves from one sphere to another, from phishing access credentials, to memes ridiculing political players, to attempting to sow discord in societies through misinformation and synthetic social media entities.

Very much like the attacks against elections and their integrity through the history, the perpetrator is seeking to delegitimise the process and the results.

No 100% security

Thus, election security starts with the recognition that there is no 100% security guarantee 100% of the time. Rather, governments, election management bodies and cyber security agencies have to recognize the possible attacks and build ways to deter, detect and mitigate them.

The inevitable possibility of attacks has to be the basis for risk assessment, management and mitigation. In other words: those protecting elections have to assume there is a constant assault on them.

Therefore, election security, regardless of the technology, is a question of comprehensive risk management. While the most important assets – such as central databases and systems to communicate election results – need to be best protected, the hybrid threats and attacks against auxiliary systems need to also be accounted for.

The risks inherent in digital technologies are not bigger than on paper but they are different. Electronic solutions, if introduced prudently, allow for safeguards such as logging and monitoring, encryption and backups.

To ensure the voter’s privacy in early and postal voting, for example, a double envelope is often used. The vote has to be in a sealed anonymous envelope, that then is placed into a second, sealed identifiable envelope.

Similarly, the Estonian i-Voting system uses an electronic double envelope system where the outer envelope is digitally signed. All digital signatures of all the voters are removed at the same time on Election Day, making it impossible to trace a vote to a voter.

Build resilience

The essential objective of risk management is to harden systems and change the adversarial calculation. No system is unbreakable, but if yours is expensive and complicated to break, the opportunistic adversary will move to another target or sector.

This is true for technology, where security testing, audit and constant monitoring are essential. This is also true for information warfare, where teaching critical thinking, increasing media literacy and fostering good old fact-checked journalism means disinformation will be dead in the water and not fly.

All of the above is a policy decision. Estonia has taken steps that have allowed i-Voting to grow and not become a true comparable alternative to voting on a paper ballot on Election Day.  In 2005, the proportion of i-Voters was under 2%. Trust has grown hand-in-hand with security ever since.

While electoral systems are varied and their dependence on digital technology can differ, risk assessment and management is the only way to ensure free and fair elections in which citizens know they can believe.

Subscribe to our newsletters