
Security Analysis of the Estonian Internet Voting System [2014, pdf] - amexrap
https://jhalderm.com/pub/papers/ivoting-ccs14.pdf
======
amexrap
"ABSTRACT Estonia was the first country in the world to use Internet voting
nationally, and today more than 30% of its ballots are cast online. In this
paper, we analyze the security of the Estonian I-voting system based on a
combination of in-person election observation, code review, and adversarial
testing. Adopting a threat model that considers the advanced threats faced by
a national election system—including dishonest insiders and state-sponsored
attacks—we find that the I-voting system has serious architectural limitations
and procedural gaps that potentially jeopardize the integrity of elections. In
experimental attacks on a reproduction of the system, we demonstrate how such
attackers could target the election servers or voters’ clients to alter
election results or undermine the legitimacy of the system. Our findings
illustrate the practical obstacles to Internet voting in the modern world, and
they carry lessons for Estonia, for other countries considering adopting such
systems, and for the security research community."

Cf. E-Voting Refuses to Die Even Though It's Neither Secure nor Secret: More
than two dozen states offer some form of internet voting, but it often means
waiving the right to a secret ballot
[https://www.scientificamerican.com/article/e-voting-
refuses-...](https://www.scientificamerican.com/article/e-voting-refuses-to-
die-even-though-it-s-neither-secure-nor-secret/)

