

Taavi Kotka: Reimagining Estonia's IT System - dirtyaura
http://www.ozy.com/rising-stars-and-provocateurs/taavi-kotka-reimagining-estonias-it-system/32101.article

======
throwaway9995
>That said, not everybody is enthusiastic about uploading their country’s
secrets onto the cloud. The opposition party, the leftist Central Party, is
against it, just as it opposes electronic voting — insisting both initiatives
pose too many potential security risks.

>But Kotka says all the data will be encrypted and impossible to access or
erase without authorization. “You would have to bring the whole Internet
down,” he explains, describing it as “untouchable.”

Whenever valid privacy and security concerns are raised with government IT
systems (e-voting, centralised health care records, etc), this seems to be the
kneejerk reaction: "No, it's all encrypted, you don't need to worry about it."

As a result, it's seems to be completely impossible to have a real discussion
of the problems. In this case, this statement does nothing to answer the
concerns, and yet it seems it placated the reporter.

------
breitling
Estonia is very impressive of how they have kept pace with technology. I think
it helps that they have a 34 year old prime minister. Even his predecessors
made it a priority to bring tech into government services and the citizens'
everyday lives. We can see the benefits of those policies now.

~~~
CmonDev
Yes, they are doing quite well for a nazi country.

[http://en.wikipedia.org/wiki/Estonian_alien's_passport](http://en.wikipedia.org/wiki/Estonian_alien's_passport)

------
nawitus
By the way, the e-voting system has multiple security problems:

[http://www.theguardian.com/technology/2014/may/12/estonian-e...](http://www.theguardian.com/technology/2014/may/12/estonian-
e-voting-security-warning-european-elections-research)

~~~
jnsaff2
The same analysts claim having broken it every time, yet the publication of
their results is coincidentally always a few weeks before elections.

It is common knowledge in Estonia that this is the work of one political party
whose electorate is less computer savvy and therefore they are afraid that
more people who would not vote for them would have the chance to vote.

Not to mention that in case of offline voting the actual risks of fraud are
much worse.

You can read the official statement about these accusations here:
[http://www.vvk.ee/valimiste-korraldamine/vvk-
uudised/vabarii...](http://www.vvk.ee/valimiste-korraldamine/vvk-
uudised/vabariigi-valimiskomisjoni-vastulause-the-guardianis-ilmunud-
artiklile/)

~~~
throwaway9995
How do you verify that the vote placed on the computer is actually counted for
the correct party?

If you can verify that, how do you protect the secrecy of the ballot?

~~~
relix
Here you go: [http://www.vvk.ee/public/Verification_of_I-
Votes.pdf](http://www.vvk.ee/public/Verification_of_I-Votes.pdf)

More info: [http://www.vvk.ee/voting-methods-in-
estonia/engindex/](http://www.vvk.ee/voting-methods-in-estonia/engindex/)

~~~
throwaway9995
Based on the first link, it looks like the system does not solve the second
concern (privacy of the ballot) at all.

If the user can verify how his vote was counted (in the example, using a
smartphone app), then someone applying pressure on the voter can force him to
verify that he voted the "right" way.

This is my problem with all these e-voting systems. They throw away hundreds
of years of development in ballot security, assuming all those problems that
have historically followed elections no longer apply.

~~~
relix
Using regular paper ballot, you can force the voter to take a picture of his
vote before he puts it in the box. It's that simple to put pressure on someone
voting by paper. Oh, you can get a new voting form after you mark and
photographed the first one? The criminal can stand outside the voting booth to
make sure you don't go out and in again.

If you think papervoting is 100% secure you're naive. That's why e-voting
doesn't need to be 100% secure, it just needs to be as secure as papervoting
is now. The advantage with e-voting is that you can surpass the safety of
papervoting.

Using e-voting it's actually much harder to put pressure on any voting. If you
had read how it actually works, you'd have noticed that you're able to verify
your vote only for up to 30 minutes after placing it. You're also able to
change your vote by re-voting - the last vote counts. There still is a
paperbased voting a week after e-voting ends, and if you go and vote by paper,
that one overrides any electronic vote you might have made.

It shows a lack of respect that you try to put down a system you obviously
haven't looked into and know nothing about. You hear "voting on the internet"
and have a knee-jerk reaction that it's bad. Please in the future before you
take a standpoint on any side of a discussion, research both sides, instead of
throwing around opinions without merit. If everyone would have an informed
opinion instead of just an opinion, society would be light-years ahead of
where we are now.

------
boobsbr
I don't think this is a good idea. Forcefully rewriting working systems is a
recipe for disaster.

Yes, stagnated systems are also a huge problem, but I don't think setting a
hard limit on a system's age is the solution.

~~~
tomswartz07
I went back and forth as I read the article.

I work in the public sector (K12 Education) and I find that many of the
problems I deal with are the same impetus for the policy they've used.

You're right, however- I think it should be on a case-by-case basis. It's
obvious that heavily used end-user desktops/laptops/etc need to be upgraded at
least once every 13 years, but some server hardware might last a bit longer
than 15 or so.

I guess it all boils down to cost/reward.

~~~
jjoonathan
The whole problem is that if cost/benefit is evaluated with an artificially
reduced benefit horizon (e.g. the period an administrator will spend in a
position able to take credit for the improvement) then benefit will be
systematically underestimated and outdated system will be irrationally
favored. The 13-year policy recognizes this and serves as a stop-loss against
the worst of these irrational judgements.

------
lesingerouge
Mandatory: I want to franchise this country!
([http://everything2.com/title/Franchulate](http://everything2.com/title/Franchulate))

