Estonian elections 2004 - 2015: Technology
The i-voting system in use today was developed by the Estonian National Electoral Commission (VVK) and the Estonian R&D lab Cybernetica. It is highly intuitive, simple to use and accessible for voters with disabilities. The voting process follows these steps:
The voter must first download the official voting application from the VVK website. The application is digitally signed to prove its authenticity.
Once installed, the voter proceeds to validate his/her identity using their digital ID or a mobile ID. When authenticated, the voter is presented with an electronic ballot to select his options.
To protect the secrecy of the vote, the system implements an electronic ‘double-envelope’ scheme which mimics the traditional postal voting process. When the voter has cast his/her i-ballot, the vote is encrypted (inner envelope) using the election public key and is then digitally signed (outer envelope) with the digital identity of the voter. This signed and encrypted vote is sent to the vote server over a secure (encrypted transport layer) where it is safely stored in a fully encrypted state until the close of the election.
When the election has been closed, the electronic votes are cryptographically shuffled (mixed) to randomise the order of the votes, and the voter digital signatures are separated from the encrypted votes to maintain the anonymity of the vote.
The outer envelope (digital signature) is reviewed to validate the voter is a registered voter and to make sure that only one vote is counted per voter. Then, the encrypted votes are taken to an off-line (air-gapped) counting server, where they are encrypted with the election private key. The private key can only be created by the collaboration of members of the election board who each possess a secret share of the private key. The votes are then decrypted and tabulated to rapidly and accurately produce the election results.