TALLINN, Estonia -- In the plush seats of a fireplace-warmed hotel cafe here, over a steaming cup of green tea, Veljo Haamer opened up his laptop computer Wednesday and logged into this country's digital ballot box.
With his online vote for parliament, the entrepreneur helped make a bit of elections history. This small Baltic country is in the midst of its first -- and the world's first -- national election featuring internet balloting open to all voters, an idea that remains deeply controversial among computer scientists.
Election Day itself isn't until Sunday. But officials said on Thursday that the internet poll, which closed on Wednesday, had exceeded expectations with more than 30,000 people, or a bit more than 3.5 percent of registered voters, casting ballots online.
"The goal is to make things easier for people, to increase participation," said Arne Koitmäe, a member of the secretariat of Estonia's National Electoral Commission. "No one has managed to prove that e-voting actually raises participation, so that remains unanswered. But this gives people another possibility."
By allowing online voting this way, this small Baltic country is testing an idea that still worries bigger nations: that an internet-based balloting system can be reliable and secure enough to safeguard democracy's most fundamental processes.
A handful of other regions are experimenting with the idea. Trials or small-scale votes have been held in England, France and Holland, among other countries. Later this month, the state of Hawaii will offer internet voting in local elections.
But computer security experts, particularly in the United States, remain skeptical. Critics worry that voting systems using ordinary Windows PCs and the open internet could be hacked by unscrupulous outsiders, or subverted by insiders.
A high-profile United States Defense Department system called SERVE, or Secure Electronic Registration and Voting Experiment, aimed at allowing overseas military personnel to vote was canceled after a 2004 review by computer security experts said it presented an easy target for hackers. Those same concerns apply to Estonia's system, some security experts warn.
"None of the major risks we identified (including phishing, denial of service, spyware, viruses, Trojan horses and insider attack) have technological solutions these days, which is why so many computer scientists oppose the idea of internet voting in public elections," wrote Johns Hopkins University professor Avi Rubin, one of the authors of the 2004 report, in an e-mail interview. Rubin cautioned that he was not familiar with the technical details of the Estonian system.
Here in Tallinn, few of those concerns are immediately evident.
This is a country trying fervently to put its Soviet past behind it, in large part through high-tech modernization. Most government services are already on the web, wireless connections are almost universal in city cafes, bars, parks and even on commuter trains. Internet calling sensation Skype was developed by Estonians. Online banking is used by far more people here than are physical branches.
"You trust your money with the internet, and you won't trust your vote? I don't think so," said Tarvi Martens, project manager for the country's e-voting project.
The system, first tested in local elections in 2005, requires the use of a national ID card held by about 1 million of the country's 1.3 million residents, which includes an electronic chip identifying its owner. Card readers were available from retailers before the elections for about $8, or are given away free by banks for use with e-banking applications. Election officials don't know exactly how many people have the readers, but the number has grown sharply in recent months as prices have fallen, Koitmäe said.
Haamer walked me through the process on his computer. Voters are given two sets of PINs in order to authenticate themselves. Once the drivers license-like card is inserted in the reader, the voting application, viewed in Internet Explorer, ("You can't use Firefox, that's one big problem," he grumbled), presents a list of parties and candidates. To anyone who's used a typical e-commerce application, it's a self-explanatory point-and-click interface, far simpler than the complex paper ballots typically presented in American voting booths.
Once a vote is registered, it is encrypted and sent through a series of relay servers to an archive where it will sit until Sunday, when all digital ballots will be stripped of personally identifiable information and decoded. At each relay point, the digital vote is logged, setting up a trail that can be used by auditors if there are any post-election concerns.
Developers have taken extensive steps to make sure the system is secure and trusted. They've conducted extensive trials over the past several years, and offered a test run earlier this year, inviting citizens to vote for the "King of the Forest" in order to learn the process. The system was audited by KPMG beforehand, and representatives from each political party were invited to act as observers.
That trust is essential if internet voting is to succeed. Parties must trust the system in order to let elections pass without challenge. Voters must trust the system in order to use it. And at least at this early stage, that public confidence appears to be building, with digital turnout well beyond officials' expectations.
Indeed, while computer scientists such as Rubin remain deeply skeptical of internet voting systems, political scientists who study elections are less so, as long as that trust with voters can be established. University of Utah assistant professor Thad Hall, one of several U.S. researchers in Estonia this week to study how e-voting affects political campaigns, argued that paper voting systems too are riddled with potential problems.
Physical voting stations can be disrupted, he noted. Absentee ballots can be stolen, or fraudulently submitted. Long lines can produce the equivalent of denial of service attacks. Certainly the experience of the United States with confusing and mismarked paper ballots, contested recounts, and poorly designed voting machines have shown that non-internet systems are far from perfect, he said.
"All systems have risks," he said. "Most of the risks associated with internet-based voting have paper analogues. At least here in Estonia they've had pilots, and thought these things through."
Koitmäe said that review is still going on. There will be surveys after Sunday to see how people reacted. The system will continue to be scrutinized for signs of hacks, attacks and flaws. But for now, officials are confident that their vision of a digital voting future is on track.
"It's impossible to build a system that is 100 percent secure," Koitmäe said. "But it's as safe as it can be."
