In 2007 Estonia held its and the world's first national Internet election. Previously in 2005 Estonia had held (and successfully tested) the first local e-lection . This time  voting was allowed from February 26th to 28th and a staggering total of 30,275 citizens (3.4%) used Internet voting.

While the rest of the world (Germany at first place) is skeptical on adopting such technology to master the political elections, Estonia - in its usual rush for the implementation of the technology in every aspect of the social life - decided to go "full steam ahead".

In this view, Estonia is not new to such stunts which eventually resulted in putting the country in the frontline of all the possible technological experiments among which:

- possibility to pay the parking tickets by cellphones since July 1st, 2000

- extensive use of e-banking since late 90s - adoption of digital certificates, digital signature and digital ID cards (01-28-2002)

- full coverage of the national territory with wi-fi cells, seaside and beaches included

- first country to adopt e-ticketing platforms to supply a wide range of services to online customers

but also Internet related projects such Kazaa, Skype and last but not least, the same Zone-H.org.  Whether the practice of adopting the e-voting to hold elections might be questionable or not, we think it might be interesting for our readers to understand how the whole system works. Up to you then to derive your own point of view and cast your comments.

A good starting point is to have a view of Jaanus Kase's webblog. Jaanus, a former employee of a company involved in the Estonian ID card state project, is now working for Skype.

His blog is reporting the whole e-voting procedure from the client's point of view.
What about the server side? A little of copy and paste from various online sources gives us a quite good view:

"The secrecy of E-Voting is based on Public Key Cryptography. Before the election, a system key pair is generated in a physical security module. The public component is integrated into Voter Application and is used to encrypt the vote. The private component, which never leaves the module, is used later in the Vote Counting Application to decrypt votes. All data exchanged between various voting servers leave a verifiable audit trail, so any attempt to tamper or falsify voting information can be discovered."

Estonian digital ID cards are not only useful to cast e-votes but allow  citizens to enter a wide range of state-services for which the digital signature is needed. All the system is based on a national database infrastructure called X-road:

"X-road is a secure message exchange system based on XML-RPC protocol which is designed to enable secure communication between different parties for example connection between enterprise’s databases situated in different geographical locations or communication between company and its suppliers. The goal of X-road is to improve the availability of databases without endangering their confidentiality and integrity and with ensuring their accountability. X-Road is currently used for interconnecting Estonian governmental agencies and databases."

Key features and technical highlights:

    * All outgoing messages are signed – signing keys are registered with third party (X-Road central agency) that acts as a certification authority.
    * All incoming messages are logged – the message log is cryptographically protected (all log entries are linked together using cryptographic hash function). The intermediate hash values are periodically time-stamped by the X-Road central agency. This allows detecting the message log tampering attempts.
    * X-Road is a distributed system – only directory service (DNS-SEC) and time-stamping services are centralized. All servers can be doubled. Limited protection against DoS attacks.
    * X-road ensures confidentiality – SSL protocol is used as a defense mechanism against external attackers. Two level access rights control mechanism is used as a defense mechanism against internal attackers.
    * High scalability - Features highly scalable architecture to fit enterprise needs.

System overview:



X-Road consists of three main components:

    * Central server
    * CA
    * Security server

Central server acts as secure name server, auditing server and is responsible for security servers management, patching and backup.
X-Road Security Server is a self-contained stand-alone server that implements all the required security protocols. Security Server is essentially a specialized application level firewall. There may be hundreds of organizations connected together using X-Road. All of them must implement all the security protocols. The deployment and management of X-Road can be made easier and cheaper by using standard components.

X-road benefits:

    * Maximum scalability – X-road can easily scale up to any number of connected databases or services.
    * Customizable and extendable – X-road can be customized to support the corporate branding and tailored to meet your business challenges.
    * Platform Independency – connecting your service to X-road does not depend on enterprise’s operational system, database platform or web server.
    * Evidentiary value – all outgoing messages are signed and all incoming messages are logged. The message log is cryptographically protected.
    * Confidentiality – SSL protocol is used as a defense mechanism against external attackers. Two level access rights control mechanism is used as a defense mechanism against internal attackers."



On the client side, the whole e-voting procedure is based upon the usage of the personal digital ID card and a little reader that each voting person can attach to his/her personal laptop.

The Estonian Parliament took the decision to introduce an eID card in 2000, and the first cards were issued in January 2002. 130,000 were issued in the first year. The Identity Documents Act regulates the scheme and cards are mandatory.

The cards are issued in standard form and there are no optional features that holders can choose to have or not have. However, if citizens wish to suspend the electronic functions of their cards, they have the right to suspend the validity of their certificates. This also removes the holder’s data from the public certificate directory – unique personal ID numbers are public information in Estonia.

The front of the card contains:

    * Holder’s signature and photo
    * Holder’s name
    * Personal code (national ID code)
    * Date of birth
    * Gender
    * Citizenship status
    * Card number
    * Card validity expiry date

The reverse of the card contains:

    * Holder’s place of birth
    * Card issuing date
    * Residence permit details (if applicable)
    * Card and holder data in machine readable format (except for the photo and signature)

This information is not duplicated on the card chip, which contains two certificates and their associated private keys protected by PIN codes. The certificates contain only the holder’s name and personal (national ID) code. The certificates are designed for authentication and for signing documents.

An interesting feature of the Estonian eID is that the authentication certificate also contains a unique email address allocated to the holder. This takes the format This e-mail address is being protected from spam bots, you need JavaScript enabled to view it , where NNNN represents four random numbers. This address is intended as a lifetime address. It is not associated with a real email service but is rather a relay address forwarding mails to the holder’s ‘real’ address. The holder can update his or her ‘real’ address details whenever necessary.

The email address is intended for government communications but can also be used privately or for dealings with companies. The addresses are publicly available through Estonia’s National Registry of Certification Service Providers’ certificate directory.

At the heart of the system is AS Sertifi tseerimiskeskus (SK – ‘certificate centre’), which maintains the electronic infrastructure necessary for issuing and using the card. Two major Estonian banks, Hansapank and Eesti Ühispank, in partnership with telecom companies Eesti Telefon and EMT, established SK, and it is at branches of the two banks that citizens can collect their cards. However, when requesting a card, the citizen applies to the Estonian Citizenship and Migration Board, which administers the scheme.

The Estonian electronic signature strategy does not limit the use of digital authentication. It can be used in any sector without restrictions. In can also be used for accessing healthcare and thus no separate health card is required in Estonia – only the ID card is needed when visiting a medical institution.

The basic software components used for authentication are publicly available to all developers. Any organisation can therefore build applications and business processes based on the eID card as the central identification device. This approach has resulted in widespread adoption of the functionalities of the ID card: for example in banking authorisation and online transactions, contracts, tax declarations, WIFI authentication, accessing personal data held in government databases, and even control of physical access points (opening doors)."

Once again, welcome to Estonia!

Comments Index (Total Messages: 1)

I am Estonian Written by Guest on 2007-03-31 12:35:12

Powered by a Zone-H(ified) version of AkoComment 3.0!