Estonia is the only country in the world that relies on Internet voting in a significant way for legally-binding national elections — up to 25% of voters cast their ballots online. This makes the security of Estonia’s system of interest to technologists and voters the world over. As international experts on e-voting security, we decided to perform an independent evaluation of the system, based on election observation, code review, and laboratory testing.

What we found alarmed us. There were staggering gaps in procedural and operational security, and the architecture of the system leaves it open to cyberattacks from foreign powers, such as Russia. These attacks could alter votes or leave election outcomes in dispute. We have confirmed these attacks in our lab — they are real threats. We urgently recommend that Estonia discontinue use of the system.