Jason Kitcat writes, “I’m currently in Tallinn, Estonia as part of a team of independent security and elections researchers sharing our findings that the Estonian online e-voting system has serious flaws. We monitored the e-voting system in live use as accredited observers during municipal elections in October 2013. Then, using the source code the Estonian National Election Committee publishes, a replica of the system was built at the University of Michigan.”
This work enabled explanation of a number of attacks which a state-level adversary can use to steal and modify votes either on a voter’s computer or at the server side. We’ve published text, photos and videos explaining these flaws — local media in Estonia and neighbouring countries are showing extreme interest given that a state-level attacker like Russia seems very credible these days…
Independent Report on E-voting in Estonia
(Thanks, Jason!)