On Sunday, when citizens of the tiny Baltic nation of Estonia go out to vote for their next parliament, many of their compatriots will have already voted — from the comfort of their own homes.
That’s because Estonia is the world leader in electronic voting. Since 2005, Estonians have been able to cast their ballots from a computer with an Internet connection anywhere in the world. The government says 30% of Estonia’s population of 1.3 million people use the system, and that its simplicity helps save the country a total of 11,000 working days each election year.
Things are different in the U.S., where voting machines in polling stations are common but voting online is not available. In recent years, U.S. elections have thrown up stories of voter machine meltdown, citizens unable to vote because of technical difficulties, and even the devices casting votes for the wrong candidate because of malfunction or malfeasance.
In the 2016 Presidential election, there were credible reports of voters being turned away after waiting in line for hours thanks to machines breaking down, and allegations that some machines had ‘flipped’ votes because of poor touchscreen calibration.
Estonia’s last parliamentary elections in 2015, by contrast, ran without a hitch. A record number of Estonians—176,491 to be exact—cast their votes online, and were able to change their minds as many times as they liked before polls closed, with only their last decision being counted. While identity authentication (with citizen ID numbers) was necessary to prevent fraud, the system removed identifying factors by the time the vote was logged, “thereby ensuring anonymity,” according to the Estonian government.
That’s all the more impressive given that the Baltic state, which was part of the Soviet Union until it collapsed, now shares a border with Russia. As Russia’s tactics of information and cyber warfare have become more established under President Vladimir Putin, Estonia has had to fend off the influence of its domineering neighbor. In 2007, widespread riots erupted in Estonia over the relocation of a statue commemorating a Soviet soldier. Amid the unrest, Estonia was hit by a series of distributed-denial-of-service (DDoS) attacks, which temporarily crippled the country’s online governance system. (The Estonian government says 99% of public services are available online.) The government blamed the attacks on the Kremlin; Russia denied involvement.
Despite those strained relations, Estonian elections have consistently been determined free and fair by observers, with no major allegations of interference. And as of Friday, Estonia’s election committee had not reported any attempts to meddle with the vote, with more electronic votes counted than ever before.
So, should the U.S. implement a similar electronic voting system to Estonia’s? Not so fast, says J. Alex Halderman, a cybersecurity expert at the University of Michigan. In 2014, he and a team of analysts visited Estonia to conduct a security analysis, which found a “series of alarming problems.”
“Operational security is lax and inconsistent, transparency measures are insufficient to prove an honest count, and the software design is highly vulnerable to attack from foreign powers,” the team said in a report.
“Estonia’s Internet voting system blindly trusts the election servers and the voters’ computers,” Halderman said in 2014. “Either of these would be an attractive target for state-level attackers, such as Russia.”
The Estonian election commission, which oversees the electronic voting system, dismissed those concerns, telling TIME: “Over a decade we have not had any incidents that would have impacted the confidentiality or integrity of the voting process.” The electronic voting system, they said, was regularly updated in response to criticism.
The Estonian government did not immediately respond to a TIME request for comment. “The election managers take the recommendations of international experts very seriously,” reads an online FAQ page. “The criticism of experts (e.g. Halderman) is often based on the issues that have already been solved in Estonia.”
Are U.S. voting machines any better? Halderman says not. “Our highly computerized election infrastructure is vulnerable to sabotage and even to cyber attacks that could change votes,” he told Congress in 2017. “I know America’s voting machines are vulnerable because my colleagues and I have hacked them.”
But the cybersecurity expert has one suggestion for how to keep an election secure. “Paper, plus audits,” he says. “All elections should be run this way.”