Hackers uncover ‘significant’ flaw in Swiss Post e-voting
A major bug has been identified in the new Swiss Post’s e-voting system. Hackers reported the flaw to Swiss authorities as part of a public intrusion test. Swiss Post has resolved the issue.
In mid-February, the Swiss government launched a public intrusion test, challenging IT experts to reveal cracks in the country’s new e-voting system by March 24. On March 12, a flaw concerning universal verifiabilityExternal link was discovered in the Swiss Post’s e-voting system by studying the system’s source code, which was released as part of the test. Universal verifiability makes it possible to determine with mathematical evidence whether votes have been manipulated.
While the flaw uncovered by the hackers does not allow the system to be penetrated, the Federal Chancellery still deemed it a “significant flaw” as it means it is not possible to detect whether the votes have been tampered with.
In a statement, the chancellery explained that the flaw means that "the Swiss Post system does not meet the legal requirements," and it urged Swiss Post to review and improve its security processes to prevent such flaws.
The e-voting system currently being used in the cantons of Thurgau, Neuchâtel, Fribourg and Basel-City is not affected by this gap in the source code. It exclusively affects the system with universal verifiability provided for the intrusion test, which has never been used for a real vote.
In a statement on its websiteExternal link, Swiss Post acknowledged that the error in the source code had already been identified in 2017. However, the correction was not fully implemented by technology partner Scytl, which Swiss Post regrets. “Swiss Post regrets this and has asked Scytl to make the correction in full immediately, which they have done. The modified source code will be applied with the next regular release.”
The public intrusion test of the Swiss Post e-voting system ordered by the Swiss government and the cantons has been running for just over two weeks now. More than 3,000 hackers around the world are testing the system until 24 March.
Opponents of e-voting say the latest flaw has permanently undermined trust in online voting systems.
They announced that they will officially launch their people's initiative next Friday, calling for a five-year moratorium on e-voting and an end to ongoing trials with the digital technology.
The committee made up of politicians and computer experts has 18 months to collect at least 100,000 signatures for a nationwide vote on the issue.
In January, the group presented its plans which involve winning pledges from 10,000 people to help collect the necessary signatures.
The Swiss government wants to introduce e-voting as an additional option for citizens to participate actively in democracy.
The Organisation of the Swiss Abroad has called for online voting to be made available for all expatriates Swiss by 2021. It submitted a petition last November.
In compliance with the JTI standards
More: SWI swissinfo.ch certified by the Journalism Trust Initiative
Contributions under this article have been turned off. You can find an overview of ongoing debates with our journalists here. Please join us!
If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at firstname.lastname@example.org.