Internet Voting in Estonia - PowerPoint PPT Presentation

1 / 42
About This Presentation
Title:

Internet Voting in Estonia

Description:

Customer gets the Mobile ID PIN1, PIN2 and PUK codes with the SIM card ... PIN1 (authentication) PIN2 (signing) PUK unblocking ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 43
Provided by: tarv155
Category:

less

Transcript and Presenter's Notes

Title: Internet Voting in Estonia


1
Internet Votingin Estonia
  • Tarvi MartensI-Voting Project Manager
  • National Electoral Committee

2
E-stonia ?
  • Population 1.35M
  • Everyday Internet usage 64
  • Internet banking 88
  • Mobile penetration gt100
  • 1000 Free Internet Access points
  • PKI penetration gt90 (age 15)
  • Biggest national eID card roll-out in the Europe !

3
Internet Voting?
  • In October 2005 Estonia had first-ever
    pan-national Internet Voting with binding
    results
  • 80 of voters had a chance to vote via Internet
    due to the ID-card
  • 2 of participated voters used that possibility
  • March 2007 Parliamentary elections with
    I-Voting option (6 of i-voters)

4
ID-card Project
  • Started in 1997
  • Law on personal identification documents Feb,
    1999
  • Digital Signature Act March, 2000
  • Government accepted plan for launching ID-card
    May, 2000
  • First card issued Jan 28, 2002
  • October 2006 1 000 000th ID-card was issued

5
The Card
  • Compulsory for all residents
  • Contains
  • Personal data file
  • Certificate for authentication (along with
    e-mail address Forename.Surname_at_eesti.ee)
  • Certificate for digital signature

6
Usage of the ID-card
  • Major ID-document
  • Replacement of
  • (transportation) tickets
  • library cards
  • health insurance card
  • driver documents
  • etc...
  • Authentication token for all major e-services
  • Digital signature tool

7
Internet Voting ?
  • Not a nuclear physics
  • Just another application for ID-card
  • ...with some special requirements measures...

8
Brief History
  • 2003
  • Project started project manager and steering
    committee
  • Initial concept developed
  • 2004
  • Security Analysis on concept
  • Refined concept
  • Use-case model developed
  • Public procurement winner - Cybernetica
  • Development of the 1st version
  • 2005
  • Pilot project in Tallinn in January
  • Municipal elections in October

9
What it takes ?
10
I-voting Main Principles
  • All major principles of paper-voting are followed
  • I-voting is allowed during period before Voting
    Day
  • The user uses ID-card
  • System authenticates the user
  • Voter confirms his choice with digital signature
  • Repeated e-voting is allowed
  • Only last e-ballot is counted
  • Manual re-voting is allowed
  • If vote is casted in paper during absentee voting
    days, i-vote(s) will be revoked

11
Voter registration
  • Missing
  • All citizen (residents) should register their
    place of living in central population register
  • Only voters with registered addresses are
    eligible
  • Population register is used

12
Envelope scheme
I-voters
I-votes
Results
Public key
Private key
13
Architecture
Central System
List ofCandidates
List ofVoters
VoteForwardingServer
Voterapplication
VoteStoringServer
VoteCountingApplication
log
log
log
Audit
Key Management
Auditapplication
14
  • To vote via Internet voter needs
  • an Estonian ID card with valid
    certificates and PIN codes
  • Computer used for voting must have
  • a smart card reader (6 EUR)
  • a driver for ID card (free to download)

15
I Website for voting
www.valimised.ee
www.valimised.ee
16
II Identification
  • Put your card into card reader
  • Insert PIN 1


17
III You are identified
18
IV Ballot completion
  • Choose a candidate

19
IV Confirmation
  • Confirm your choice with PIN2

20
V Vote recieved
21
Principle of Transparency
  • All system components shall be transparent for
    auditing purposes
  • No black boxes are allowed
  • No use of 3rd party-controlled authentication
    mechanisms or services
  • No components without source code

22
Technology Selection
  • Involve all major influencers and specialists
  • Keep it as simple as possible
  • Build it on secure stable platforms (Debian)
  • No
  • Databases (engines)
  • 9GL environments use C Python
  • 3rd party libraries too much

23
Managing Procedures
  • All fully documented
  • Crash course for observers-politicians
    auditors
  • All security-critical procedures
  • Logged
  • Audited observed
  • Videotaped
  • All major IS-specialists involved for
    network-monitoring 24/7 for dDOS or trojans

24
Physical Security
  • Governmental security hosting
  • Two independent departments guarding the server
    room
  • Strict requirements for entering the server
    premises
  • Auditor(s), cam-man, operator, police officer
  • Sealing of hardware

25
Results of 2007 (2005)
  • I-voters 30 275 (9 317)
  • I-votes 31 061(9 681)
  • First-time ID-card users 11 894 (5 774)
  • Percentage of i-voters amongst votes collected
    during absentee voting 18 (7)
  • Certificates renewed Mon-Wed 5994

26
Activity By Day
27
(No Transcript)
28
How old is The i-Voter ?
29
Subjective reasons for choosing i-voting
municipal elections 2005
30
Subjective reasons for choosing i-voting 2007
31
Subjective estimation of participation in the
absence of e-voting
32
Subjective reasons for not using e-voting among
traditional voters
33
Where Internet voters cast their ballots
34
Future developments of the e-voting project
  • m-voting

35
m-voting ?
  • The same old Internet voting...
  • ...but using Mobile-ID instead of ID-card for
    authentication and digital signing
  • The voter still needs an Internet-connected
    computer
  • M-voting is not about voting by using mobile
    phone only

36
Electronic ID-s very in form
  • ID card (smartcard)
  • Mandatory ID document
  • Enabler for authentication and digital signatures
  • Needs smart card reader software
  • Support for selected web browsers
  • Mobile ID (SIM card)
  • Enabler for authentication and digital signatures
  • No need for software installation
  • Doesnt need web browser support
  • No physical identification possible

37
Getting Mobile-ID
  • Mobile-ID is available from Q2 2007 for EMT
    subscribers (not pre-paid)
  • To use Mobile-ID, it is necessary to change the
    SIM card
  • Customer gets the Mobile ID PIN1, PIN2 and PUK
    codes with the SIM card
  • Customer activates his/her Mobile-ID by using
    ID-card

Interneti-pank
38
Mobile ID SIM - appearance
  • The following information must be communicated
    to the customer on standard SIM card
  • PIN, PIN2, PUK, PUK2
  • With Mobile ID you have to communicate also
    Mobile ID codes, for example
  • PIN1 (authentication)
  • PIN2 (signing)
  • PUK unblocking
  • The Mobile ID PIN and PUK codes are secret so
    these must be covered under scratch panel or
    security foil!

39
Using Mobile-ID for I-voting
  • Security analysis of the Mobile-ID has completed
  • Comparative analysis with ID-card
  • Different chip
  • Different issuance scheme
  • Different usage model
  • Results Almost as good as ID-card

40
Considerations
  • Dirrefent aspects shall be considered in decision
    whether to use Mobile-ID in i-voting
  • Security
  • Few things need to be tuned yet
  • Equal access
  • Just one operator is in the market right now
  • Penetration
  • Today 10 000 Mobile-ID owners with 4500
    activated
  • Desire for novelity
  • Perhaps we are too liberal already ?

41
Lessons learned
  • I-voting is not a killer-application. It is just
    another way for people to vote
  • Peoples attitude and behavior change in decades
    and generations, not in seconds
  • I-voting will be as natural as Internet-banking
    but even more secure
  • Internet voting is there to stay

42
More information
  • http//www.vvk.ee/engindex.htmlval_at_riigikogu.ee
  • tarvi_at_sk.ee
Write a Comment
User Comments (0)
About PowerShow.com