In order to ensure the security of online voting systems used in Switzerland, the government needs to issue a challenge to the worldwide hacker community, offering rewards to anyone who can “blow holes in the system”, says a computer scientist in parliament.This content was published on November 16, 2017 - 11:00
Since it began in 2000, Switzerland’s e-voting project has been a matter of controversy. While some have been calling for its introduction to be fast-tracked in all the country’s 26 cantons, others would like to see the project slowed. In parliament there has been a call for a moratorium on electronic voting in the whole country for four years, except for the Swiss abroad.
To put an end to all the concerns and convince the critics that security and secrecy of online voting can be guaranteed, Radical Party parliamentarian Marcel Dobler thinks there needs to be an unequivocal demonstration that systems used in Switzerland are proof against computer piracy. The best way to do this, he says, is to invite hackers to target them.
Prizes for hackers
In a parliamentary motion, Dobler – a computer scientist and successful entrepreneur in the computer field – is calling on the government to subject electronic voting systems to stress tests, in a structured process open to public view over two consecutive nationwide votes. Afterwards, he says, the results should be issued in a public report.
To ensure that “first-rank hackers or whole groups of hackers mount real attacks”, Dobler believes a monetary incentive will be indispensable. The government, he says, should offer a reward of CHF250,000 ($251,000) for every ballot successfully manipulated, up to a limit of CHF1 million.
If in the course of two popular votes no hackers succeed in manipulating a single ballot, this would convincingly demonstrate the security of the systems used in Switzerland.
“International companies like Google and Tesla rely on this approach to testing,” Dobler argues, adding that it would be “the most effective way to establish trust”.
Alternative to moratorium
Dobler’s idea appeals to fellow parliamentarian Franz Grüter, of the Swiss People’s Party, who had earlier put forward a proposal which – in view of the frequency of cyber attacks – calls for a moratorium on online voting. He maintained there should be a time-out to enable adequate evaluations to be done and to study experiences in other countries.
Grüter has been proposing that trials of electronic voting in this country should be authorised “only when the system for the Swiss abroad and similar systems in other countries are shown to be completely secure”. His parliamentary initiative says that the suspension should be for at least four years.
Yet in the meantime he seems to have been won over by the practicality of the new idea put forward by Dobler. Grüter is now supporting Dobler’s motion, in fact.
Could this be an indication that Dobler’s proposal will convince opponents of online voting?
It is too soon to say. But it is true that only a minority in the Swiss parliament has been actually hostile to e-voting.
The reactions from those most closely involved, the providers of the only two systems of electronic voting currently allowed by the government – canton Geneva and the Swiss Post – have been muted.
“Normally the Swiss Post does not comment on ideas put forward by politicians, but follows the political discussions with interest. The aim of the Swiss Post is to fulfil all the conditions laid down by the government,” says the company’s spokesman Oliver Flüeler.
Similarly non-committal is vice-chancellor of canton Geneva Christophe Genoud. The senior official emphasises that Dobler’s proposal is a federal matter, and if the motion were to pass, it would be up to the government to set the ground rules.
“The principle of a disruption test is already part of the national requirements for introducing e-voting as a normal option, that is, offering it to 100% of the electorate,” Genoud says.
He adds that canton Geneva already subjects its own system to tests of this kind. In his view, Geneva already “goes beyond what is suggested in this motion” – it is gradually publishing the code for the system of electronic voting as open source software, so that hackers can look at it if they want to.
“We are really already there. The disruption testing is done downstream from the design of the system, while regular open-source publication of the code is done upstream. So we are including the hackers right from the start.”
Invest in development
“To give hackers the chance to win up to a million francs for hacking a system that cost CHF 4.7 million to develop, as is the case with Geneva’s, seems a bit extravagant,” Genoud continues.
“If the federal authorities had this kind of money available, we would prefer to see it investing it in developing electronic voting systems, rather than giving it away to hackers. But of course that’s up to the federal authorities to decide.”
It will be a long road, either way. The first step will have to be taken by the government. That is, if parliament passes the Dobler motion.
Two systems, eight cantons
Currently in Switzerland two online voting systems are being used. “CHvote”, the system developed by Geneva, is also being used by the cantons City of Basel City, Bern, Lucerne, St Gallen and Aargau.
Neuchâtel and Fribourg, on the other hand, have adopted the Post’s system “Post E-Voting”.
All eight cantons are offering an electronic option to Swiss abroad, but only four have it as an option for their resident voters.
In the past, another system called “Vote Électronique”, run by a consortium of nine cantons, was in use. But in summer 2015 the government withdrew its authorisation from this system after security issues arose.
In compliance with the JTI standards