Article posted: Sep 22, 2016
By Marcus Hartwig, GM Americas
During this contentious and lively US presidential election cycle, a search on most frequently discussed topics surely would include the term, "Russian hackers."
With Russia's rich history of enterprising hackers since the earliest days of the Internet, it's not surprising there are so many fingers pointing at Russia as possibly tampering in our elections in a variety of ways. Most recently, the FBI warned election officials around the country to pay close attention to their security following attempted hacks of election data systems in at least two US states. Officials are still trying to determine whether and how much data was breached, and they suspect Russians might be behind the attempt. Clearly, the US has a long way to go in securing the sanctity of the voting process.
So, during this election season, US elections officials might consider taking a look at Estonia.
Yes, Estonia. The tiny Baltic nation with just 1.3 million people (roughly the same population as San Diego, California) has adopted a very sophisticated, and seemingly hacker-proof election system that relies on smart cards. They've fully embraced the notion that strong voter authentication cannot be optional.
The process they've put in place in Estonia is not complicated. In fact, its simplicity means it's a system that can be replicated nearly anywhere. First, they implemented a smart-card-based, mandatory national identification document known as the Estonian ID Card. Nearly every Estonian citizen has a card today. By using the Estonian state-supported PKI, users of the cards are securely identified and can create legally binding digital signatures for voting and virtually any and all other government activities.
To augment its smart card system, the country also allows for Internet voting in the days leading up to elections from any computer with a smart card reader. Voters using the Internet when casting their votes can change their choice an unlimited number of times until the electronic voting cutoff day is reached (making it difficult for someone to "force" another citizen to vote in a certain way). And if that same electronic voter visits a polling place and casts another vote, the system recognizes the double vote and the electronic vote is invalidated. With the smart card system, there's no question of "one voter, one vote."
To date, there's been little or no criticism of Estonia's smart card voter IDs. With more than 10 years of relying on the smart card system, the country is proud of its voting process. Estonia also uses the cards with its Internet voting system - which also has been in place for nearly a decade. The Internet voting is popular with voters. In fact, by the 2014 and 2015 European Parliamentary Elections in Estonia, more than 30 percent of the votes were cast over the Internet.
With their country's advanced voting processes, benefits for Estonian citizens include the ability to go online and view their votes - this ensures them their vote has made it into the official vote - while being fully protected via strong cryptography that keeps their identities private. The ability for all citizens to view the vote tallies helps ensure there is no voter fraud. The government benefits by having a fair election process, and also by having the ability to gather and analyze data by demographics and geographies.
Other nations, including The Netherlands and Japan, are now looking at Estonia's example and considering their own smart-card voting system that provides a more open, and more secure system than paper ballots. Perhaps it's time for the US to take a closer look as well.