18 March 2015

Estonia's Democracy Goes Digital

March 17, 2015 

This small Baltic country may have surpassed America.

In 1995, the futurists Alvin and Heidi Toffler wrote in Creating a New Civilization that the societies that most quickly and smoothly embraced the Information Age would be the most successful. One example was how voting over the Internet might unlock a truer, more direct democracy closer to the one the U.S. Founding Fathers experienced.

Twenty years later, other than having our say of who gets voted off of the island or is the best celebrity dancer, those of us in the United States are hardly any closer to that goal. In Estonia, however, they are already ten years along.

Estonia just had a national election, the eighth since 2005 to allow Internet voting. A record 30 percent of the total votes cast were e-votes. There are risks to entrusting such an integral part of democracy to something as fundamentally untrustworthy as the Internet, but Estonia’s experience proves that the right technology, properly implemented, can indeed succeed.

The Estonian online election system works largely because it is tied to a national smart identity card, used with ubiquitous smart-card readers. As discussed in a recent Atlantic Council report with Intel Security, citizens vote by inserting their nationally issued smart cards into a card reader connected to “any personal computer with the voting application installed.”

The system depends on two-factor authentication, requiring not just the voter’s smartcard, but also the “PIN code in order to cast an encrypted and signed digital ballot. To preserve anonymity during vote collection and processing, the outer layer of encryption that stores and protects the user’s identity is removed before the ‘inner’ encrypted vote reaches the election commission” to be counted.

This system achieves what seems impossible, being trustworthy enough on the whole, even while relying on the largely untrustworthy public Internet. This is a far more difficult task than electronic voting using dedicated and certified electronic voting machines or voting from a dedicated government-secured location.

But the system would not work if it simply depended on a "voting smart card." As the tech-savvy Estonian president Toomas Ilves explained to me in an email last year, the Estonian system is "not an election-specific technology but embedded as an additional service among a plethora of services”. Indeed, "e-voting is just one of some 500 services and one of the least used. Estonians have given almost 200 million digital signatures; they do their banking with this same system."

This is an entire constellation of online commercial and government services, all enabled by a trusted smart-card infrastructure. It is used every day for countless transactions, giving a high degree of familiarity, trust and commitment to resilience and security.

Of course, there are risks and the technology is not perfect. A recent studyfound numerous potential vulnerabilities capable of disrupting the Estonian voting process. And for true hard-core computer-security experts, any system that can be successfully attacked—and they all can—should never be trusted with highly important tasks, such as voting or banking.

Moreover, the system has apparently never faced a concerted attack from a truly hostile and capable cyber superpower, such as Estonia's troublesome neighbor Russia. Such an attack could shake nearly any system.

But worrying about these absolutely real possibilities obscures the more important truth that the system has worked for a decade—and not just for voting in elections, but for paying bills and taxes, claiming health-insurance benefits, signing official documents and even traveling abroad within the European Union.

So yes, we must be concerned about computer security and continue to improve the confidentiality, integrity and availability of these networked systems on which our lives and societies increasingly rely. But ultimately, the central issue is risk management, and the Estonian government and electorate (who can hardly be considered naive after their 2007 online battle with Russian thugs) have put their trust in a system that has time and time again delivered secure and reliable election results.

This is a true example of the Tofflers’ Information Age society, a success that brings together technology, implementation, government and citizenry. The Estonian success depends, perhaps more than on any technology, on one last key ingredient: a bond of trust between citizens and their government.

Lacking that trust, America isn't ready for a national smart card, and without such a card, it may be difficult if not impossible to build a true digital democracy.

Jason Healey is the Director of the Cyber Statecraft Initiative of the Atlantic Council and editor of the first history of cyber conflict, A Fierce Domain: Cyber Conflict, 1986 to 2012. You can follow his thoughts and analysis on cyber issues at @Jason_Healey.

No comments: