Read on Twitter
Estonian National Electoral Commission (ENEC) has reviewed the suggestions from i-voting WG. The review is available at https://www.riigikogu.ee/download/8eb9f7ff-8838-4cc8-a52a-ee9f481dd89e">https://www.riigikogu.ee/download/... (in Estonian).
This will change the tech and management of online voting in Estonia. WG suggestions, ENEC decisions and comments follow:
This will change the tech and management of online voting in Estonia. WG suggestions, ENEC decisions and comments follow:
1. WG: Ensure funding for maintaining the tech stack; ENEC agrees and applies for budget // Key positions (IT and finance ministry) are under EKRE (main party opposing online voting) control, thus it will probably be difficult to get the budget
2. WG: improve the understandability of the system; ENEC agrees and requests documentation to be improved // This would be nice. However, English documentation must stay up-to-date and published source code should better support review
3. WG: Explain choices made during development of i-voting platform; ENEC agrees and directs ESEO (State Electoral Office) to work on it // Good and sought-for initiative
4. WG: Increase number of people involved with platform security; ENEC supports but notes that it requires additional funding // There should be clear list of needed positions and fill them based on needs. Increasing number of people should not be the only goal.
5. WG: Increase number of independent auditors; ENEC deems sufficient to have an independent security audit and not increase number of independent auditors // This is insufficient - in addition to IT procedure auditor there should also be independent cryptographic auditors.
6. WG: Increase number of capable observers; ENEC supports increasing number of observers through additional training. // If the observers do not have capability to perform cryptographic audits (verifying ZK proofs), then this is not enough. The processes should also be ..
.. recorded and live streamed. During last elections an observer who was recording the procedures was thrown out of the Electoral Office: https://www.youtube.com/watch?time_continue=750&v=uO_LgB6HyEE">https://www.youtube.com/watch...
7. WG: Increase cryptographic algorithm agility; ENEC agrees // Reasonable suggestion and decision. However, as the used cryptographic primitives are not standardized, then technically complicated.
8. WG: Use duplicated components for tallying votes; ENEC does not agree, should use alternative methods // Alternative methods were not defined and the auditor uses dependent software for verifying the result, thus it is not implementation-independent and is susceptible to bugs.
9. WG: Reduce threats due to computers and computer usage; ENEC supports increasing cyber hygiene // Lacks specific measures to be efficient measure.
10. WG: Support voting using mobile phones; ENEC does not support due to threat analysis published earlier this year // Agree. This is actually also impossible as Mobile-ID will become extinct, and Smart-ID won& #39;t be supported for 2021 elections.
11. WG: Provide methods for voters to assure that their ballots were tallied; ENEC disagrees as this is not possible by paper-voting and ensures secrecy of ballot // There are protocols which allow voters to verify that ballot was tallied and the explanation isn& #39;t sufficient
12. WG: Revise laws mandating i-voting; ENEC states that his is already being done // --
13. WG: Make ballot transfer process observable end-to-end; ENEC supports improving documentation on ballot transfer process // I am not sure if the WG suggestion was about documentation but rather about the observers ability to actually verify
14. WG: Define structure of electronic ballot in law; ENEC disagrees but agrees that the structure of electronic ballot should be defined more clearly // I agree that including technical description in law is excessive.
15. WG: Describe destruction of electronic ballot box more clearly; ENEC agrees // The current processes have been quite ad-hoc (drilling of smart cards, destroying backup CDs in shredder) and having a clear procedure improves transparency
16. WG: Create procedure for logging and log analysis; ENEC agrees and insists ESEO to create the manuals // Researchers are provided anonymized logs for analysis, but the anonymization methods are not well defined and not necessarily sufficient due to current best knowledge.
17. WG: Improve platform components verifiability post-elections; ENEC agrees // --
18. WG: Define compensation mechanisms for missing polling booths; ENEC agrees // Even though ENEC agrees, they give no further instructions. Who is going to do it?
19. WG: Increase the storage time for i-voting logs and other evidence; ENEC disagrees and says that the retention period must be same as for paper ballots // In general I agree that storing electronic ballots longer in unnecessary. However, there are logs which exist longer
20. WG: Require protocols for processing electronic ballots; ENEC agrees and insists ESEO to create a protocol // I would add that the logs should be published for transparency
21. WG: prevent re-voting and improve online voting time-frame; ENEC disagrees // As online voting is considered as early voting by law, then this would require change in law.
22. WG: Homogenize publication of online voting results with paper voting; ENEC: "Situation has changed" // It is unclear what is ENEC& #39;s position here. Currently, the electronic ballot box is being tallied before paper voting closes and thus prevents live-streaming.
23. WG: Decrease polarization of online voting; ENEC states that there are no methods specified // -
24: WG: Allow usage of Smart-ID; ENEC disagrees and revises the decision after next elections // There are further considerations for this, but as Mobile-ID is being put of use, this may affect participation rates in the future.
25. WG: Implement end-to-end verifiability; ENEC disagrees, it would be incompatible with paper voting // I strongly disagree - having paper voting as a benchmark in the setting where online voting is the primary voting channel is not sufficient.
