Skip to main content

Collaborative paper analyses procedural security components of the Estonian internet voting system


Online voting is becoming an increasingly popular option in today’s heavily connected world. As a part of a collaboration with the Cyber Studies Programmme at the Department of Politics and International Relations, academics at the Department of Computer Science have engaged in an analysis of one of the most well-known electronic voting systems, in a working paper titled ‘An Independent Assessment of the Procedural Components of the Estonian Internet Voting System’. Computer Science academics involved in the project include Dr Jason R.C. Nurse, Dr Ioannis Agrafiotis, Dr Arnau Erola, Meredydd Williams, Professor Michael Goldsmith and Professor Sadie Creese. Further detail on the paper and a full text link can be found below.

The I-Voting system that was designed and implemented in Estonia in 2005 is the first Internet voting system to have been adopted anywhere in the world. Since its inception, it has been met with both praise and scrutiny. Concerns include in-person election observations, code reviews, and adversarial testing on system components. As a result of these concerns, some parties have concluded that there are various ways in which insider threats and sophisticated external attacks could compromise the system’s integrity and thus the voting process.

This paper examines the procedural components of the I-Voting system, with an emphasis on the controls related to procedural security mechanisms, high-level operational security aspects, and system transparency measures. The methodological approach is based on both primary and secondary data sources, including interviews with key Estonian election personnel, in order to determine the extent to which the present controls mitigate the security risks faced by the system.

This study makes three main arguments. First, we found procedural controls to be fundamentally important to the design of the I-Voting system. While these mechanisms go a long way toward preventing cyberattacks, problems in the system still exist. For instance, some security situations appear to be addressed in informal ways which rely heavily on the knowledge, experience, and professional relationships between officials. Second, in terms of operational controls, we were generally impressed by the state of the controls adopted, particularly the incident handling processes during elections, as well as checks and investigations during and after elections. Our main concern regarding resilience is the increasing potential for more highly sophisticated attacks. As time progresses, attackers will naturally become stronger, and the system will have to adapt in order to accommodate this evolution. Third, the system’s transparency measures have had a noteworthy impact on building confidence and trust in the I-Voting system, both locally and internationally. Challenges still exist, however, especially pertaining to the difficulty in running voter awareness campaigns, as well as increasing voter usage of transparency measures.

Read more here:


Sadie Creese
(World Economic Forum Cyber Security Centre, Strategic Advisory Board Member)