An Assessment of the Security and Transparency Procedural Components of the Estonian Internet Voting System

  • Jason R. C. NurseEmail author
  • Ioannis Agrafiotis
  • Arnau Erola
  • Maria Bada
  • Taylor Roberts
  • Meredydd Williams
  • Michael Goldsmith
  • Sadie Creese
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10292)


The I-Voting system designed and implemented in Estonia is one of the first nationwide Internet voting systems. Since its creation, it has been met with praise but also with close scrutiny. Concerns regarding security breaches have focused on in-person election observations, code reviews and adversarial testing on system components. These concerns have led many to conclude that there are various ways in which insider threats and sophisticated external attacks may compromise the integrity of the system and thus the voting process. In this paper, we examine the procedural components of the I-Voting system, with an emphasis on the controls related to procedural security mechanisms, and on system-transparency measures. Through an approach grounded in primary and secondary data sources, including interviews with key Estonian election personnel, we conduct an initial investigation into the extent to which the present controls mitigate the real security risks faced by the system. The experience and insight we present in this paper will be useful both in the context of the I-Voting system, and potentially more broadly in other voting systems.


E-voting Cybersecurity Transparency Procedural controls Human factors Practical experiences 



This research has been funded by the European Social Fund and the Estonian Government. It has been conducted on behalf of the Cyber Studies Programme at the Department of Politics and International Relations, University of Oxford. A much earlier version of this paper is available on the Cyber Studies Programme working paper series website.


  1. 1.
    i Esteve, J.B., Goldsmith, B., Turner, J.: International experience with e-voting. International Foundation for Electoral Systems (2012)Google Scholar
  2. 2.
    Organisation for Security and Co-operation in Europe (OSCE): Estonia Parliamentary Elections, OSCE/ODIHR Election Expert Team Final Report (2015).
  3. 3.
    Springall, D., Finkenauer, T., Durumeric, Z., Kitcat, J., Hursti, H., MacAlpine, M., Halderman, J.A.: Security analysis of the Estonian internet voting system. In: ACM SIGSAC Conference on Computer and Communications Security, pp. 703–715. ACM (2014)Google Scholar
  4. 4.
    Halderman, J.A.: Practical attacks on real-world e-voting. In: Hao, F., Ryan, P.Y. (eds.) Real-World Electronic Voting: Design, Analysis and Deployment (2016)Google Scholar
  5. 5.
    Gritzalis, D.A.: Principles and requirements for a secure e-voting system. Comput. Secur. 21(6), 539–556 (2002)CrossRefGoogle Scholar
  6. 6.
    Estonian National Electoral Committee: Internet Voting in Estonia (n.d.).
  7. 7.
    Estonian National Electoral Committee (NEC): Statistics about Internet Voting in Estonia (2005).
  8. 8.
    Ansper, A., Buldas, A., Jrgenson, A., Oruaas, M., Priisalu, J., Raiend, K., Veldre, A., Willemson, J., Virunurm, K.: E-voting concept security: analysis and measures. Technical report EH-02-02, Estonian National Electoral Commitee (2010)Google Scholar
  9. 9.
    Heiberg, S., Parsovs, A., Willemson, J.: Log analysis of estonian internet voting 2013–2014. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 19–34. Springer, Cham (2015). doi: 10.1007/978-3-319-22270-7_2 CrossRefGoogle Scholar
  10. 10.
    Heiberg, S., Willemson, J.: Verifiable internet voting in Estonia. In: 6th International Conference on Electronic Voting (EVOTE), pp. 1–8. IEEE (2014)Google Scholar
  11. 11.
    Estonian National Electoral Committee: E-voting system: a general overview (2010).
  12. 12.
    Berg, B.: Qualitative Research Methods for the Social Sciences. Pearson, London (2004)Google Scholar
  13. 13.
    Yee, K.P.: Extending prerendered-interface voting software to support accessibility and other ballot features. EVT 7 (2007)Google Scholar
  14. 14.
    Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35–57 (2015)CrossRefGoogle Scholar
  15. 15.
    Schneier, B.: By November, Russian hackers could target voting machines (2016).
  16. 16.
    Appel, A.W.: Security seals on voting machines: a case study. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(2), 1–29 (2011)CrossRefGoogle Scholar
  17. 17.
    PCWorld: Malicious, large-scale Google ad campaign slams users with malware (2015).
  18. 18.
    ZDNet: Mirai botnet attack hits thousands of home routers, throwing users offline (2016).
  19. 19.
    TechRepublic: Pirated copies of Windows OS in China prone to security issues (2013).
  20. 20.
    Cuevas, R., Kryczka, M., González, R., Cuevas, A., Azcorra, A.: Torrentguard: stopping scam and malware distribution in the bittorrent ecosystem. Comput. Netw. 59, 77–90 (2014)CrossRefGoogle Scholar
  21. 21.
    Estonian National Electoral Committee (NEC): Elections and Internet voting (n.d.).
  22. 22.
    Hoepman, J.H., Jacobs, B.: Increased security through open source. Commun. ACM 50(1), 79–83 (2007)CrossRefGoogle Scholar
  23. 23.
    Bada, M., Sasse, A., Nurse, J.R.C.: Cyber security awareness campaigns: why do they fail to change behaviour? In: International Conference on Cyber Security for Sustainable Society, pp. 118–131 (2015)Google Scholar
  24. 24.
    Kritzinger, E., von Solms, S.H.: Cyber security for home users: a new way of protection through awareness enforcement. Comput. Secur. 29(8), 840–847 (2010)CrossRefGoogle Scholar
  25. 25.
    Sukwong, O., Kim, H., Hoe, J.: An empirical study of commercial antivirus software effectiveness. Computer 44(3), 63–70 (2010)CrossRefGoogle Scholar
  26. 26.
    Parliament of Estonia: The Riigikogu gave 16 and 17 year olds the right to vote at local elections (2015).
  27. 27.
  28. 28.
    Acemyan, C.Z., Kortum, P., Byrne, M.D., Wallach, D.S.: From error to error: why voters could not cast a ballot and verify their vote with helios, prêt à voter, and scantegrity II. USENIX J. Elect. Technol. Syst. (JETS), 1–25 (2015)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Jason R. C. Nurse
    • 1
    Email author
  • Ioannis Agrafiotis
    • 1
  • Arnau Erola
    • 1
  • Maria Bada
    • 1
    • 2
  • Taylor Roberts
    • 1
    • 2
  • Meredydd Williams
    • 1
  • Michael Goldsmith
    • 1
    • 2
  • Sadie Creese
    • 1
    • 2
  1. 1.Department of Computer ScienceUniversity of OxfordOxfordUK
  2. 2.Global Cyber Security Capacity CentreUniversity of OxfordOxfordUK

Personalised recommendations