These are the arguments that sank e-voting in Switzerland

Voting at the click of a mouse is now history. Experts expect it to take a long time to come back, if at all. Keystone / Laurent Gillieron

The idea of e-voting in Switzerland has been a bold dream, but the future of the entire project is now in doubt. Sceptics seem to have won the day, at least for the moment. So what issues do experts have with it? We talk to two of them.

This content was published on August 2, 2019 - 11:36
Renat Kuenzi

Let us first remember what has happened. The Swiss government put out a proposal to use an e-voting system but opponents, in this case computer scientists, were sceptical and critical. There followed an emotional debate among politicians, civil servants and the computer scientists, leading to an informed decision.

It was decided that the danger of vote manipulation is too great, for it runs the risk of breaking Switzerland’s political backbone of direct democracy. Democracy also means, however, that no decision is ever cast in stone.

Sceptical experts

Hernâni Marques and Adrian Aulbach were among the sceptics. Marques is a computer linguist, sociologist, neuro-informatics researcher and member of the board of Chaos Computer Club Switzerland. He is from Zurich.

Aulbach is a software developer, and he will stand for the Green Party in the next general election. A native of the Bernese Oberland, he spoke here in his capacity as a software specialist.

Our democracy specialist Renat Künzi asked the two men about their doubts round this issue. What is at stake in the debate on e-voting? Data security, or trust in direct democracy?

Hernâni Marques: The main issue is trust. Given the present paper voting system, any lay person can understand the steps involved. And if there are suspicions about the vote, then a recount can be ordered and done in a transparent and open manner. This way, any doubts about the outcome of a vote can be dealt with. With the paper voting system, there can be cheating in particular cases – and it does happen. But cheating on a grand scale requires a great deal of effort and is likely to be noticed. In a computer, everything is permanently stored. So electronic votes can be recounted too, can’t they, if something seems to have gone wrong?

H. M.: In the current state of technology, e-voting doesn’t allow that, because the paper record is replaced by an anonymous sea of bits and bytes. So doubts about results can easily arise, because no-one can see where the numbers are coming from, due to the secrecy of the ballot. In case of doubt the only solution is to hold the vote again, which can really take its toll on public trust in the process. Will a minimum five-year moratorium on the introduction of e-voting in Switzerland be sufficient, as a recent people's initiative is proposing?

Adrian Aulbach: Hardly – five years is a very short time. But the initiative calling for this moratorium has a second, more important proposal: even after five years, the ban can only be lifted if the specified requirements are fulfilled regarding security and openness to checking by those without any particular technical expertise. Isn’t e-voting easier for voters than voting by conventional mail?

A.A.: No, not at all. Voting by post could hardly be simpler. But with Swiss e-voting you have to check long strings of numbers before you can be sure that you aren’t on a fake website where the vote won’t be counted properly. There’s none of this in voting by post. For the 170,000 Swiss abroad who are registered to vote, e-voting is an important issue. What alternative do they have if there’s no e-voting?

A.A.: One approach would be to send the voting materials electronically and then the voters can print them out. That’s what’s called e-distribution. It saves postage one way. There was a recent parliamentary motion on that idea from Claudio Zanetti [Swiss People’s Party, Zurich], which was adopted by the House of Representatives.

Another idea would be counting the votes at the local Swiss consulate. That way they wouldn’t have to be shipped half-way around the world. How come they have implemented e-voting in Estonia?

H.M.: E-voting is technically possible, it’s just not secure or trustworthy. E-voting there has been criticised both at home and internationally. An independent research group has published results on which reveal hair-raising possibilities for cheating. In Estonia only a third of voters use e-voting, although it’s open to all. Why does online banking work, but not e-voting?

A.A.: In e-banking, every action is recorded. So the bank knows what access point was used when, to do what transaction. If hackers get in – which has happened – the affected transactions can just be cancelled.

Due to the secrecy of the ballot, there can’t be this kind of tracking in the case of e-voting, and that means that hacking can’t be reliably detected or stopped.

E-voting – how it lost out

Switzerland has tried two e-voting systems: one developed by canton Geneva, and another by the Swiss Postal Service. Ten out of the 26 cantons have tried out one of these e-voting systems.

November 2018: Geneva pulled the plug on its system – it was costing too much.

February 2019: A multi-party committee launched a people’s initiative for a moratorium of at least five years on e-voting.

March 2019: A team led by IT specialist Sarah Jamie Lewis in Canada tested the Swiss Post system. They found majorExternal link problems. In particular, they broke down its individual as well as universal verification system. The "error message" coming from this group caused great dismay.

March 2019: Just in time before a nationwide vote on May 19, Swiss Post pulled the plug on its own system. The reason: security concerns.

June 2019: The federal government called off the plan to recognise e-voting as an official “third way” to vote in Switzerland.

July 2019: Swiss Post scrapped its e-voting system altogether. But it intends to develop a new system. This one will not be ready for testing until 2020.

Three cantons are now demanding compensation from Swiss Post, and a fourth is considering such a move.

End of insertion These days we seem to do everything by smartphone. Why would just e-voting have to be an exception?

A.A.: The problems already mentioned about the secrecy of the ballot are also an issue with smartphones.

Also, in the case of e-voting, you get the access codes by conventional mail. So you can’t just vote quickly from your smartphone, say, while commuting on the train. Now if you have to have the voting papers with you, you may just as well fill your vote in on paper and drop it in the nearest postbox. Canton Zug is using blockchain technology as a sure, verifiable solution for its e-voting. Have the people in Zug found the key to the future of direct democracy?

H.M.: Even blockchain has the same problem: it’s not just an issue of what votes there are to be counted, but who really cast them. The result may or may not correspond to the people’s will.

If suspicions arise, there can be no recount. Anyway, the blockchain in the system used by the city of Zug is not decentralised to the citizens’ phones; in fact, it resides in a corporate cloud. The decentralisation that was promised in the media doesn’t exist. Is there any such thing as a safe, hacker-proof source code?

A.A.: Theoretically, it is conceivable and it can be done on a small scale. The problem remains that in the case of large-scale programmes you can’t be sure the code is without errors or back-door access.

The source code for quite a few e-voting solutions is as much as 400,000 lines long. That makes it impossible to exclude every gap or error. And if the computers doing the work are hacked into, even a secure source code won’t help. Swiss Post has been promoting its own future system as universally verifiable. Why is that so important?

H.M.: Universal verifiability is supposed to give you mathematical proof that all votes cast are valid according to the overall e-voting system, so the digital ballot-box is above suspicion. But universal verifiability cannot determine whether only registered voters produced the result, or whether hackers inside or outside the system have perverted the code or the checking system in such a way that votes can be changed, added or deleted. 

E-voting means anonymous data: there is no human identity to it. You have to trust the algorithms.

In compliance with the JTI standards

In compliance with the JTI standards

More: SWI certified by the Journalism Trust Initiative

You can find an overview of ongoing debates with our journalists here. Please join us!

If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at

Sort by

Change your password

Do you really want to delete your profile?

Your subscription could not be saved. Please try again.
Almost finished... We need to confirm your email address. To complete the subscription process, please click the link in the email we just sent you.

Discover our weekly must-reads for free!

Sign up to get our top stories straight into your mailbox.

The SBC Privacy Policy provides additional information on how your data is processed.