dimanche 14 juillet 2013

Estonia publishes its e-voting source code on GitHub

System architect says he welcomes "development and security of the e-elections."

All Estonians can vote online using their digital ID card.



European Parliament


Estonia, which created the world’s first nationwide Internet-based voting system, has finally released its source code to the public in an attempt to assuage a longstanding concern by critics.

"This is the next step toward a transparent system,” said Tarvi Martens, chairman of Estonia's Electronic Voting Committee, in an interview Friday with ERR, Estonia’s national broadcaster. “The idea, which was the result of joint discussion between numerous Estonian IT experts and the Electronic Voting Committee, was implemented today. We welcome the fact that experts representing civil society want to contribute to the development and security of the e-elections.”

Martens and his colleagues have now put the entire source code on GitHub—previously it was only made available after signing a confidentiality agreement.

As we reported last year, Estonia has had national voting via its Digital ID card since 2007. A Digital ID card is available to all Estonians and legal residents. The card uses open-source public key-private key encryption software (upgraded in 2011 to 2048-bit), which allows government agencies to perform various secure functions online connected with a citizen's identity. These include financial transactions, public transportation tickets, and student university admissions records, among others.

With that infrastructure in place, the Estonian government began testing Internet-based voting in local elections in 2005. Two years later, it was expanded to include national elections. In the 2009 elections for the European Parliament, 15 percent of all votes cast were submitted online. That number grew to almost 25 percent for the 2011 domestic parliamentary elections.

As a security precaution, Estonian voters can submit their ballot as many times as they like during the e-voting window open the week before election day.

"I-voting is possible only during seven days of advance polls—from the tenth day until the fourth day prior to Election Day," the Estonian National Electoral Committee states on its website. "This is necessary in order to guarantee that in the end only one vote is counted for each voter. To ensure that the voter is expressing their true will, they are allowed to change their electronic vote by voting again electronically during advance polls or by voting at the polling station during advance polls."

Domestically, courts have upheld the use of Internet voting. In 2011, the Estonian Supreme Court’s Constitutional Review Chamber rejected the petition of an Estonian student who alleged that the voting software could be maliciously tampered with so as not to count votes accurately.

Previously, e-voting critics such as Barbara Simons, the former president of the Association of Computer Machinery, told Ars that the lack of open source software was a strike against trusting Estonia’s system.

"We don’t know how the Estonian system is working," she told Ars in 2012. "We do know that the second largest party thinks that the voting was rigged in 2011. The reason they think it was rigged was that the ballot counts online were different than the paper version. There are possible explanations, but I couldn’t say that it was rigged—there’s no way that anyone can prove anything. [The Estonian government] won’t let independent security experts review it without signing a nondisclosure agreement."

Reached for comment on Friday, Simons said she was still skeptical.

"I think it's good that the source code has been released, but it doesn't prove that the released code is what is used during the election," she told Ars. "We know that last minute code changes can be made with no independent oversight."

UPDATE Saturday 10:22am: Tarvi Martens, the architect of Estonia's digital ID card project and its Internet-based voting application, e-mailed Ars to clarify that only the "server-side" source code had been released.

"We are not releasing the client-side because that would make creation of fake clients too easy," he said. "And we are implementing procedures to prove that released code is actually used in real election servers"

by Cyrus Farivar - July 13 2013, 3:00pm PM

Aucun commentaire:

Enregistrer un commentaire