A complaint was made to the Supreme Court by Märt Põder, board member of the NGO Fair Elections (Ausad Valimised) after the source code for the e-voting system was made public following a test run instead of before. The court upheld the complaint.

Tallinn University of Technology professor Tanel Tammet explained to Tuesday's "Aktuaalne kaamera" why this is significant.

"The point of publishing the source code is so that people can check and see whether there are any bugs, security vulnerabilities, or problems, and if there are, report them and say: fix this. And in fact, when e-voting was first introduced, the source code was not public. It was made public at some point due to public pressure, and as soon as it was, a number of issues were discovered. The fact that it has been public has made the whole system significantly more secure," he said.

The Supreme Court ruled the source code must be published before the first election procedures begin, not merely before the start of e-voting.

"Observers cannot — or rather, find it extremely difficult to — exercise their rights as observers if they do not know what requirements the test vote must meet. Those requirements are found in the source code and the relevant election-related documents," said Supreme Court Justice Nele Siitam.

Ingrid Kullerkann, chair of the Electoral Committee, said the decision will be taken into account. Before the next elections in 2027, the source code will be made available earlier.

"The law states that the code must be made public before the elections, and until now, the National Electoral Office and the National Electoral Committee interpreted that according to the literal wording of the law. Unfortunately, the legislator hasn't specified exactly when the elections begin," Kullerkann said.

Observers believe that, in addition to the source code, several other conditions remain unmet that would ensure the integrity of the e-voting results.

"The auditor should have verified that the same source code was in use in the computer system where the procedures were carried out. But it was clearly not done during those operations, and this issue has also been raised by the Cybersecurity Committee of the Estonian Academy of Sciences, which the Supreme Court also cites or refers to in its ruling," said Märt Põder said.

"And secondly, that the computers themselves meet the requirements — that they do not contain extraneous software that shouldn't be there and that could create an opportunity for manipulation," he added.

Kullerkann said more rules about e-voting have recently come into effect.

"Whether further clarifications should be made, either all at once or in some other way, is something to consider once the election complaint period is over and there's a bit more time to reflect," she said.

--

Follow ERR News on Facebook and Twitter and never miss an update!