IV. Governance issues
The Estonian Parliament first allowed e-voting on 28 June 2005. E-voting is provided for in the Local Government Council Election Act (Â§ 50), the Riigikogu Election Act (Â§ 44), the European Parliament Election Act (Â§ 43), and the Referendum Act (Â§ 37). The infrastructure enabling secure electronic personal authentication and electronic ID cards (e-ID cards) was in place before the adoption of the Law on Personal Identity Documents. E-voting is secret and takes places four to six days before Election Day.1 The system uses asymmetric cryptography, and contains a system key pair to guarantee voting secrecy.2 A voter may change his vote either by voting electronically or by casting a paper ballot at a polling station. The last vote is the one that is counted.
The Estonian e-voting system, which uses the Estonian e-ID card to identify voters, was developed for the Estonian National Electoral Committee. In order to vote online, voters need first to access the election Web site, then identify themselves with their e-ID card. The Voter Forwarding Server (VFS) then checks the voter's personal identification code from the voter list database, verifies the voter's eligibility, then identifies the constituency. The VFS notifies the voter if he has already voted. The voter selects the candidate and is asked to confirm his selection. Then the vote is encrypted and signed using the voter's digital signature.
The Public Information Act was approved by the Parliament and entered into force on 1 January 2001. Supervision and enforcement of the Act will be conducted by the DPI. The law includes significant provisions on electronic access. Government departments and other holders of public information will have a duty to post information on the Web, and email requests must be treated as official requests for information.3 During the period from October 2005 to September 2006, the DPI received 99 complaints, requests for explanation or memoranda based on the Public Information Act. This resulted in eight misdemeanour proceedings.4 The majority of the complaints stemmed either from government Web sites violating provisions of the PIA or failure of the Web site owner to comply with requests for information.5
In 2006, the Centre of Registers of the Ministry of Justice was merged with the Ministry of Justice's IT division, becoming the Centre of Registers and Information Systems of the Ministry of Justice.6 The purpose of the agency is to develop and administer the registers and infosystems in the Ministry of Justice and to provide communication and IT services.7 The regulation enacts usable information systems and related security measures systems in the maintenance of state and local governments' databases. The security measures system consists of the regulation of specifying security requirements and the description of data's organisational, physical, and technical security measures. The regulation comprises the description of security classes and levels. Security classes are divided into four components: time criticality, severity of consequences of delay, integrity, and confidentiality. A new information policy action plan, taking into account the objectives and priorities of the EU information strategy, i2010, is currently under discussion in the Ministry of Economic Affairs and Communications.8
Non-government organisations' advocacy work
International obligations and International cooperation
Estonia is a member of the Council of Europe and has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.9 In November 2001, Estonia ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108) (Convention No. 108).10 Also in November, Estonia signed and ratified the CoE Convention on Cybercrime.11
On 1 December 2009, when the Treaty of Lisbon entered into force, the Charter of Fundamental Rights became binding upon the Republic of Estonia.
- 1. Estonian E-Voting System at http://www.vm.ee/estonia/kat_340/pea_172/7025.html.
- 2. Id.
- 3. Public Information Act, supra here.
- 4. Data Protection Inspectorate, supra at 11 here.
- 5. Id.
- 6. Ministry of Economic Affairs and Communications, "Information Technology in Public Administration of Estonia Yearbook 2005," 2006 at 78, available in English at http://www.riso.ee/en/pub/yearbook_2005.pdf.
- 7. Registrite ja infosÃ¼steemide keskus at http://www.eer.ee/index_eng.phtml.
- 8. Ministry of Economic Affairs and Communications, supra at 78, available at http://www.riso.ee/en/pub/yearbook_2005.pdf.
- 9. Signed 14 May 1993; ratified 16 April 1996; entered into force 16 April 1996.
- 10. Signed 24 January 2000; ratified 14 November 2001; entered into force 1st March 2002.
- 11. Signed 23 November 2001; ratified 5 December 2003; entry into force 1st July 2004.