Electronic Voting Committee's response to our Open Letter on Freedom and Internet Voting

The following text is our translation of the Committee's response, originally received in Estonian. The original, untranslated response is available here.

Mr. Heiki Ojasild
Fellowship Representative, FSFE

We thank you for your 26.07.2013 letter on Internet voting. The issues raised are important and public debate necessary. Our positions on some of the issues raised follow according to the structure of your letter:

1) On the publication of the software source code

The source code of the server-side e-voting software was released under the CC-BY-NC-ND licence on consideration – the purpose was to demonstrate the kind of code running on Estonia's e-voting servers. In no way does the licence restrict feedback or offering code patches – a facility for doing that exists on GitHub ("Issues"). However, we do not intend open or public development in its classic sense – the code must clearly be under uniform control and the responsibility lies with our development partner.

It is true that in addition to the server-side code, the servers also run an operating system. Its (audited and observed) installation takes place according to a fixed directive, which we intend to publish in the foreseeable future. The servers do not have any other components.

We do not support publishing source code to the client-side software – it would make the creation of a fake application unacceptably easy. While there is one set of servers and we can keep them under central control, we do not have any control over the voters' computers. However, to alleviate the problem, during the next elections, we intend to make use of a control mechanism designed to make it possible to use an Android device to verify that the client-side voting application running on a voter's computer operated correctly and has deposited the voter's choice with the server.

2) Dependence on the integrity of the organisers

Although the use of all kinds of mechanisms designed to ensure the integrity of the system is always welcome, we do not see any serious shortcomings in this area at the moment. All procedures the e-voting organisers engage in are documented to the maximum extent, and adherence to these procedures is ensured by the watchful eyes of auditors, trained observers and cameras. Storage media are stored in security bags between processes. To summarise, e-voting organisers cannot physically make any "unfair" changes without the knowledge of the others.

3) On the verification of the acceptance of an e-vote

Introduction of the necessary control mechanism was discussed above.


Tarvi Martens
Electronic Voting Committee