Language switcher

You are here

Analysis: Estonia Case Study of Scalable Ecosystem Fostering Secure I-voting

A newly published study catalogues risks related to use of technology in elections and recommendations for overcoming them. "All Elections are Hackable: Scalable Lessons from Secure I-Voting and Global Election Hacks" by Liisa Past, the Chief Research Officer of RIA’s Cyber Security Branch, was published in the European Cybersecurity Journal.

"Estonia is a case study of a realistic, scalable ecosystem of e-services that fosters I-voting and could support election technology. The ecosystem needs to include a wealth of digital services from government and private sector to build trust and form habits," points the article highlighting the differences between secure online voting and election technology, a wider all-encompassing term for use of digital solutions in elections.

The study emphasizes that no election technology is 100% secure 100% of the time. "Given modern threats, including hybrid attacks against elections, and the fundamentality of elections to citizens’ rights, election technology and I-voting benefit from a comprehensive and cross-government approach," writes Liisa Past.

Since introducing I-voting in 2005, Estonia has not seen a single significant technical or security incident influencing voting outcomes. Drawing on that experience, the article looks at best practice that can be scaled to secure election technology and introduce online voting. "I-voting in national elections is a monumental task and governments would be well advised to start small, either with non-binding polls, or with provincial elections," it suggests.

Liisa Past is also speaking on the subject at the European Cybersecurity Forum on October 10, 2017. “All Elections are Hackable: Scalable Lessons from Secure I-Voting and Global Election Hacks" from the European Cybersecurity Journal (2017, vol 3) can be downloaded from here (2.04 MB, PDF).

More news on the same subject


Trends and observations in the cyberspace Q4 2020

A successful cyber attack on public authorities showed that no one is fully protected in cyberspace



The last quarter of 2020 was distinguished by attacks against the IT infrastructure of Estonia

12.01.2021 – The main topic of the cyberspace review of the 4th quarter of 2020 by the Information System Authority (RIA) is successful cyber-attacks against state institutions, which showed that nobody is completely safe in the cyberspace.