Sven Heiberg

The application of i-voting for estonian parliamentary elections of 2011

Estonia has implemented internet voting as a method to participate in various types of elections since 2005. In Riigikogu (parliament) Elections of 2011, over 140,000 voters used the internet voting method. The share of votes cast over the internet among all votes was 24.3%. In light of this popularity it is questioned by various stakeholders whether internet voting can be implemented correctly and securely to support electoral principles such as uniformity. This paper gives an overview of the Estonian Internet Voting System and analyzes events that occurred during the Riigikogu Elections of 2011.

Verifiable internet voting in Estonia

This paper introduces an extension to the Estonian Internet voting scheme allowing the voters to check the cast-asintended and recorded-as-cast properties of their vote by using a mobile device. The scheme was used during the 2013 Estonian local municipal elections and the 2014 European Parliament elections. 3.43% and 4.04% of all Internet votes were verified, respectively. We will present the details of the protocol, discuss the security thereof and the results of implementation.

Security and Trust for the Norwegian E-Voting Pilot Project E-valg 2011

Early 2009, the Norwegian Ministry of Local Government and Regional Development (KRD) decided to start a procurement procedure for E-valg 2011 , an e-voting pilot project for the municipal and regional elections of 2011. The Norwegian companies Computas and Acando formed a consortium together with the Estonian company Cybernetica, the company behind the successfull electronic elections in Estonia in 2005, 2007 and 2009. The consortium proposed a solution based on an open source approach on the one side, and the knowledge and experience in the field of Cybernetica on the other side. This paper discusses the security and trust aspects of the proposal put forward to the KRD.

Personal security environment on Palm PDA

Digital signature schemes are based on the assumption that the signing key is kept in secret. Ensuring that this assumption holds is one of the most crucial problems for all current digital signature applications. This paper describes the solution developed and prototyped by the authors - using a mobile computing device with a smart-card reader for creating digital signatures. We give an overview of several common settings for digital signature applications and the problems they have, also describing several frameworks for mobile security applications. A discussion about the choice of devices, design issues, concrete solutions and their security concerns follows. We conclude that although nothing can prevent careless private key handling, careful management is easier and more convenient when using our solution.

Log Analysis of Estonian Internet Voting 2013---2014

In this report we describe our efforts in analysing log files produced by the Estonian i-voting system in the KOV2013, EP2014 and RK2015 elections in combination with other information available, so as to detect attacks against the i-voting system, detect system malfunctions and study voter behaviour.

Improving the Verifiability of the Estonian Internet Voting Scheme

We describe an update of the Estonian Internet Voting scheme targeted towards adding verification capabilities to the central system. We propose measures to ensure the auditability of the correctness of vote decryption and i-ballot box integrity. The latter will be improved to a level where it would be possible to outsource the vote collection process to an untrusted party and later fully verify the correctness of its operations.

Analyzing Pair-Programmer’s Satisfaction with the Method, the Result, and the Partner

This paper gives an overview of a programmer satisfaction survey in pair-programming experiment. The experiment took place at Institute of Computer Science, University of Tartu (UT), Estonia. The paper includes the problem statement, description of the questionnaire, and the survey results.

New Technologies for Democratic Elections

Estonia has implemented a specific form of electronic voting – internet voting – as a method to participate in various types of legally binding elections since 2005. The mitigation of security risks in the method has lead to changes in the voting procedures. Those changes might affect the way we think about traditional voting.

How Could Snowden Attack an Election

We discuss a new type of attack on voting systems that in contrast to attacks described in the literature does not disrupt the expected behavior of the voting system itself. Instead the attack abuses the normal functionality to link the tallying of the election to disclosing sensitive information assumed to be held by the adversary. Thus the attack forces election officials to choose between two undesirable options: Not to publish the election result or to play into the adversary’s hand and to publicize sensitive information. We stress that the attack is different from extortion and not restricted to electronic voting systems.