Estonia's online voting system is horrifically insecure and can't be trusted

Jason Kitcat writes, "I'm currently in Tallinn, Estonia as part of a team of independent security and elections researchers sharing our findings that the Estonian online e-voting system has serious flaws. We monitored the e-voting system in live use as accredited observers during municipal elections in October 2013. Then, using the source code the Estonian National Election Committee publishes, a replica of the system was built at the University of Michigan."

This work enabled explanation of a number of attacks which a state-level adversary can use to steal and modify votes either on a voter's computer or at the server side. We've published text, photos and videos explaining these flaws -- local media in Estonia and neighbouring countries are showing extreme interest given that a state-level attacker like Russia seems very credible these days...

Independent Report on E-voting in Estonia (Thanks, Jason!)

Discuss

Continue the discussion at bbs.boingboing.net

7 replies