Switzerland: Swiss Post set to relaunch its e-voting system, purchases Scytl | Sonia Fenazzi/SwissInfo

The controversial issue of e-voting is back: Swiss Post, which had halted the development of a project in July 2019, has bought a Spanish-owned system and plans to propose a platform ready for testing by 2021. The purchase was reported on May 17 by the SonntagsBlick newspaper, who wrote that the deal between Swiss Post and Spanish firm Scytl had been settled for an unspecified amount. The deal follows the bankruptcy of the Spanish company, with whom Swiss Post had been working on a system until flaws discovered last year sparked a political debate, which ended in the government dropping e-voting plans for the time being. Swiss Post spokesperson Oliver Flüeler confirmed to swissinfo.ch that last summer, despite the opposition, his company decided to continue developing a system on its own, and “after several months of negotiations” it secured the rights to the source code from Scytl. The aim is now to propose an e-vote system by 2021 that “takes into account various federal particularities” and “responds even better to the high and specific requirements of a Swiss electronic voting system”, Flüeler said.

Switzerland: Swiss post rolls out more secure version of e-voting platform | SWI

The publicly-owned company Swiss Post, which had abandoned its electronic voting system in July over security concerns, has developed a new version. “We have already proposed a solution” to cantons, said general manager Roberto Cirillo in an interview published by the La Liberté newspaper on Friday. According to Cirillo, the company is in the process of defining the rules for testing the new system with cantons. He stressed that the new version will “contain universal verifiability”. At the beginning of July, Swiss Post abandoned its electronic voting system, which means it now cannot be used for the October federal parliamentary elections. The decision was made after subjecting the e-voting system to an intrusion test by thousands of hackers last spring. According to Swiss Post, they were unable to penetrate the electronic ballot box, but found serious errors in the source code, which had to be corrected. The cantons of Neuchâtel, Fribourg, Thurgau and Basel City had adopted this e-voting system, which only offered individual verifiability. Three of them already plan to demand compensation from Swiss Post for failure to deliver.

Switzerland: These are the arguments that sank e-voting in Switzerland – SWI swissinfo.ch

The idea of e-voting in Switzerland has been a bold dream, but the future of the entire project is now in doubt. Sceptics seem to have won the day, at least for the moment. So what issues do experts have with it? We talk to two of them. Let us first remember what has happened. The federal government put out a proposal to use an e-voting system but opponents, in this case computer scientists, were sceptical and critical. There followed an emotional debate among politicians, civil servants and the computer scientists, leading to an informed decision. It was decided that the danger of vote manipulation is too great, for it runs the risk of breaking Switzerland’s political backbone of direct democracy. Democracy also means, however, that no decision is ever cast in stone.

Switzerland: Cyber attack hits email users probing Russian intelligence | Sam Jones/Financial Times

One of the world’s most secure email services has been caught up in a sophisticated cyber attack aimed at investigative journalists and other experts who are probing Russian intelligence activities. Those targeted have used Swiss-based ProtonMailexternal link to share sensitive information related to their probes of Moscow’s military intelligence directorate, the GRU. Its agents have been accused of complicity in the downing of MH17 over Ukraine in 2014, and the attempted assassination of Sergei Skripal and his daughter last year in Britain. ProtonMail, which bills itself as the world’s most secure email platform, because of its cutting edge cryptography and protections against attack, became aware of the attempt to compromise its users on Wednesday. The company, founded in 2014 by a team of former scientists from the European particle research laboratory CERNexternal link, has been in touch with Swiss authorities to help shut down the web domains used to try to dupe its clients and has taken action to block phishing emails. Its own systems and servers have not been hit in any way, it emphasised.

Switzerland: Three cantons seek damages for failed e-voting system | SWI

Three Swiss cantons that were preparing to use a new e-voting system this year say they will seek financial compensation after it was unexpectedly withdrawn and put on ice. Fribourg, Neuchâtel and Thurgau will seek compensation after spending money on making the system ready to voters in the October elections. Fribourg told the Swiss News Agency Keystone-SDA that it had invested CHF150,000 ($151,000). A fourth canton, Basel City, said it was considering its options on suing Swiss Post, the state-owned postal service that had developed the system. The Swiss government recently suspended efforts to enshrine electronic voting in the law. Swiss Post followed this announcement by suspending its e-voting platform, to which the four cantons had already subscribed.

Switzerland: No e-vote option for the Swiss parliamentary election | SWI

Swiss Post has suspended its e-voting system effectively spelling the end of the online trials with the current technology for the October parliamentary elections. The state-owned company said it took the decision after the government announced last week  that it will drop plans to introduce e-voting as an official voting channel for the time being. However, Swiss Post pledged to develop a new, updated version with universal verifiability available from 2020, according to statementexternal link on Friday. The current system of Swiss Post has been in use in four cantons on a trial basis, notably the registered expat Swiss community living around the world. Last month, a rival system developed by canton Geneva and used by three other cantons, was also withdrawn with immediate effect. The moves come amid increasing opposition against e-voting for data security reasons.

Switzerland: Control-Alt-Delete? Swiss government puts the brakes on e-voting | James Walker/The Daily Swig

The Swiss Federal Council has suspended its plans to bring electronic voting (e-voting) into regular operation in Switzerland. Concerns surrounding the security and integrity of one online voting system were cited among the reasons for the U-turn. In December 2018, the Federal Council launched a consultation into proposed amendments to Switzerland’s Political Rights Act that would effectively make e-voting a third regular voting channel, alongside in-person and postal votes. This consultation is now over, and although a “clear majority” of the cantons and political parties were said to support the introduction of e-voting in principle, the Federal Council said it has decided to “provisionally forgo” the introduction into regular operation. “The political parties which support e-voting in principle consider that now is not the right time to take that step,” a statement reads. “The Federal Council has therefore decided not to proceed with the partial revision of the Political Rights Act at the present time.”

Switzerland: E-voting suffers another setback amid expat Swiss concerns | Urs Geiser/SWI

The government has decided to suspend efforts to enshrine electronic voting in Swiss law, but it plans to continue trials using improved systems. The expatriate Swiss community is alarmed by the announcement. A consultation among political parties and the 26 cantons, as well as a series of technical flaws in the current systems, has led the government to review its policy on e-voting, according to the Federal Chancellor Walter Thurnherr. “Opinions are clearly divided. The cantons have come out in favour, but the parties are against,” he told a news conference on Thursday. “This means there is not sufficient support at the moment for the introduction of e-voting on a legal basis.” Thurnherr added that the series of limited e-voting trials underway since 2004 will continue unless “citizens or politicians decide otherwise”, though he also acknowledged that public opposition has grown since the tide started turning against e-voting two years ago. Recently, a committee launched a people’s initiative for a five-year e-voting moratorium amid the controversial discovery of technical problems in the two e-voting systems currently in use.

Switzerland: Swiss Delay Plans for Nationwide e-Voting, Citing Flaws | Associated Press

Swiss officials are delaying plans to introduce electronic voting across the Alpine country, saying it’s “premature” because of problems testing the security and reliability of the system. The Federal Council said there is support for e-voting in addition to mail-in and in-person balloting. Some Swiss cantons, or regions, have already used e-voting systems, and the federal government has supported work on a nationwide system.

Switzerland: Most Swiss expats to lose e-voting access in parliament elections | SWI

Swiss citizens overseas registered for e-voting in the cantons of Geneva, Bern, Aargau and Lucerne will not be able to vote electronically in the national parliament elections in October. The canton of Geneva has decided to accelerate the phasing out of the voting platform used by these cantons until now.  Geneva had earlier announced that it was shelving its CHVote platform (developed in 2003) due to cost reasons. However, it said that it would keep the platform going until February 2020.  But it has now decided to deactivate CHVote earlier than originally anticipated, leaving some users unable to vote electronically in the parliamentary elections in October. This decision was taken in agreement with the cantons of Bern, Aargau and Lucerne, which have been using CHVote since 2010.

Switzerland: Trapdoor commitments in the SwissPost e-voting shuffle proof | Vanessa Teague

Verifiability is a critical part of the trustworthiness of e-voting systems. Universal verifiability means that a proof of proper election conduct should be verifiable by any member of the public. The SwissPost e-voting system, provided by Scytl, aims to offer a partial form of verifiability, called “complete verifiability”, which resembles universal verifiability but adds the assumption that at least one of the components on the server-side, i.e., the computers running the voting system, behaves correctly. (Universal verifiability offers guarantees even if all server-side components are malicious.) In the SwissPost system, encrypted electronic votes need to be shuffled to protect individual vote privacy. Each server who shuffles votes is supposed to prove that the set of input votes it received corresponds exactly to the differently-encrypted votes it output. This is intended to provide an electronic equivalent of the publicly observable use of a ballot box or glass urn. We show that the mixnet specification and code recently made available for analysis does not meet the assumptions of a sound shuffle proof and hence does not provide universal or complete verifiability. We give two examples of how an authority who implemented or administered a mix server could produce a perfectly-verifying transcript while actually – undetectably – manipulating votes.

Switzerland: Swiss Post’s e-voting system pulled for May votes | SWI

The e-voting system operated by Swiss Post will not be available for nationwide votes on May 19. This is the consequence of “critical errors” found during a public intrusion test, the Federal Chancellery and Swiss Post announced on Friday. The Federal Chancellery said in a statementexternal link it would review the licensing and certification procedures for e-voting systems. It added that it had no indication that these flaws had resulted in votes being manipulated in previous ballots. Swiss Post’s e-voting system had been in use in four cantons: Basel City, Fribourg, Neuchâtel and Thurgau. The Organisation of the Swiss Abroad said on Fridayexternal link it was deeply disappointed by the news, describing it as a blow against online voting “and thus a denial of the democratic rights of the Swiss Abroad”.

Switzerland: Additional flaw found in Swiss Post e-voting system | SWI

A second error in the Swiss Post planned e-voting system has been discovered as the public intrusion test phase comes to an end. The Federal Chancellery announced the need for action and confirmed a review of the e-voting certification and approval process. The same computer experts who discovered a critical error in the source code of Swiss Post’s new e-voting system earlier this month announced they discovered a further security gap. It was identified as part of the public intrusion test that has been running since February 25, during which the e-voting source code was released. The bug affects universal verifiability – the same area of the system as the first error. However, in this case the error would not make it possible for arbitrary manipulation of any possible votes to go unnoticed, according to the Federal Chancellery. That said, votes could be made invalid without being discovered by the mathematical evidence. René Lenzin, deputy head of communications at the Federal Chancellery, told the Swiss news agency Keystone-SDA that the error confirmed a “need for action”. The error discovered on March 12 had already shown that universal verifiability and thus the “heart of the system” had not worked. The system had to recognise if manipulation had taken place.

Switzerland: Second flaw found in Swiss election system could change ‘valid votes into nonsense,’ researchers say | CyberScoop

Researchers have uncovered a second security flaw in the electronic voting system employed by the Swiss government. The vulnerability involves a problem with the implementation of a cryptographic protocol used to generate decryption proofs, a weakness that could be leveraged “to change valid votes into nonsense that could not be counted,” researchers Sarah Jamie Lewis, Olivier Pereira and Vanessa Teague wrote in a paper published Monday. This disclosure comes weeks after the same team of researchers announced they had uncovered a flaw in the e-voting system that could allow hackers to replace legitimate votes with fraudulent ones. Swiss Post, the country’s national postal service, which developed the system along with Spanish technology maker Scytl, said earlier this month that first vulnerability had been resolved. Researchers said at the time that the vulnerability demonstrated what can go wrong when governments shift to electronic voting with no alternative plan. The security and integrity of electronic voting systems vary by country, and the vulnerabilities outlined in this research are specific to Switzerland, but other areas of the world increasingly are moving toward a voting infrastructure where it could soon be impossible to verify whether vote tampering has occurred. Christopher Krebs, head of the U.S. Cybersecurity and Infrastructure Agency told Congress last month election officials must have the ability to audit election results.

Switzerland: Experts Find Serious Problems With Switzerland’s Online Voting System | Motherboard

Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system’s design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what’s going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly. “Most of the system is split across hundreds of different files, each configured at various levels,” Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England’s GCHQ intelligence agency, told Motherboard. “I’m used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding.”

Switzerland: Left behind and locked out of Swiss democracy | SWI

Democracy bases its legitimacy on the promise to adequately and appropriately represent the population. However, a look at Switzerland’s system reveals some shortcomings: women, young people, foreigners and the low-qualified are often absent from political institutions. Democratic rights don’t fall from the sky. They are the achievement of brave people who demanded and fought for political rights for themselves and for their fellow citizens. Such efforts fighting for equality were also seen in Switzerland. Almost 100 years ago, the social and political situation in the country was explosive, and many were dissatisfied with living and working conditions; factory workers, in particular, felt politicians had abandoned them.

Switzerland: Government invites hackers to penetration-test its e-voting system | ZDNet

The Swiss government will make its future e-voting system available for a public intrusion test and is now inviting companies and security researchers to have a go at it. “Interested hackers from all over the world are welcome to attack the system,” the government said in a press release. “In doing so, they will contribute to improving the system’s security.” … A mock e-voting session is planned on the last day of the testing period, on March 24, but participants can attack the e-voting system before that, as well. To participate, companies and security researchers will have to sign up in advance of the PIT session’s official start. Signing up will give participants the legal permission to attack the system, will ensure the cash rewards will reach those who first report an issue, and it enforces a set of rules and restrictions on participants.

Switzerland: Government offers reward for hacking its electronic vote system | AFP

The Swiss government has issued a 150,000 Swiss franc (US$149,790) challenge to online hackers; break into our new generation electronic voting system and we’ll reward you. The federal chancellery announced a dummy run election will be held from February 25 to March 24 and invited anyone who wants to display their online piracy talents to sign up at https://onlinevote-pit.ch. They can then “try to manipulate the vote count, to read the votes cast, to violate voting secrecy or to bypass security systems,” it said in a statement. The amount of the reward paid out will depend upon the level of intrusion achieved by each hacker.

Switzerland: Swiss look into online manipulation ahead of federal polls | SWI

Several federal offices in Switzerland are investigating whether online manipulation could affect upcoming elections, says a newspaper report. The Federal Office of Communicationsexternal link (OFCOM) has set up a government working group to look into the effects of artificial intelligence on the media and public opinion, writes the NZZ am Sonntag paper. This group was set up last September and is headed by the education and research ministry, spokesman Francis Meier told the paper. Last October Swiss intelligence chief Jean-Philippe Gaudin also warned that foreign actors could try to influence the next federal elections through online artificial intelligence, saying he would propose appropriate measures to the government.

Switzerland: Opposition against e-voting project gathers pace | SWI

A committee of politicians and computer experts is launching a people’s initiative aimed at banning online voting for at least five years, putting an end on ongoing trials with e-voting in Switzerland. Representatives from right and leftwing parties on Friday said they were hoping to win pledges from 10,000 people to collect the necessary signatures for a nationwide vote on the issue. In total, the committee needs to gather at least 100,000 signatures over 18 months. They argued that the current e-voting systems were not secure, too expensive and easy to manipulate. Hacked systems could undermine trust in Switzerland’s system of direct democracy, Green Party parliamentarian Balthasar Glättli warned. People’s Party parliamentarian and Franz Grüter added the e-voting system in use could not guarantee the secure online transmission of a ballot. The move comes after parliament last September rejected attempts to block plans for the permanent introduction of electronic voting.

Switzerland: Zurich wants to ease political participation for non-Swiss | SWI

Switzerland’s main business hub is very well connected globally and attracts many expatriates. But Zurich does not grant its foreign residents any say in political matters – an apparent contradiction in a country proud of its direct democracy. The authorities in Switzerland’s most populous city are now considering ways to enhance the participation of this important group. The city of Zurich has about 425,000 residents – 32% of whom do not hold a Swiss passport. Many are expats working for international or Swiss companies. They are highly skilled, hold good jobs and earn high salaries.

Switzerland: E-voting system to undergo ‘hacker test’ | SWI

Next year, Swiss authorities will put one of the country’s two e-voting systems up for attack by hackers – with a prize on offer for those who break it. The Organisation of the Swiss Abroad (OSA), a strong backer of online voting, has welcomed the confidence test. The test, organised jointly by federal and regional authorities, will take place over four weeks sometime in spring 2019, the NZZ am Sonntag reports. According to the newspaper, the Federal Chancellery has a budget of some CHF250,000 ($247,500) to implement the contest and pay the hackers; a figure not confirmed by the authorities themselves. Contacted by swissinfo.ch, OSA Director Ariane Rustichelli said that it was “a good sign that the Federal Chancellery, which is leading the project, is reacting to and taking seriously the fears [around e-voting]. Because, for about a year and a half now, more and more critical voices are arising, including in parliament”. The OSA, which represents the interests of the 750,000 Swiss living abroad, is a heavily involved in debates around voting rights and the rolling out of online ballots. “If we manage to show that e-voting is safe, this could boost confidence in the system,” Rustichelli said.

Switzerland: Flaw reported in Switzerland’s biggest e-voting system | SWI

A hacker claims to have discovered an important weakness in canton Geneva’s e-voting system to attacks that could redirect online voters to malicious websites. The canton says it is aware of the issue and introduced countermeasures years ago.  Last week, Volker Birk of the Chaos Computer Club Switzerland said he had discovered that the Geneva online voting system – the biggest in Switzerland – uses an insecure procedure to protect its web address. Birk told Swiss public television, SRF, that it took only a few minutes to discover the system’s weakness to so-called DNS cache poisoning – an attack that exploits vulnerabilities in the domain name to divert internet traffic away from legitimate servers and towards fake ones. He added that the problem had been known for decades. In a public statement on Saturdayexternal link, canton Geneva said it had been informed by SRF about the fake site, which it admitted “did not allow people to vote electronically”. 

Switzerland: The security of e-voting in Geneva questioned | The Sivertelegram

The security of e-voting in Geneva is again in doubt. In march 2015, a journalist of the RTS had shown how he had been able to vote electronically on two occasions. This time, the alert is given by the swiss broadcasting corporation SRF. The latter has proven that a hacker could very easily access the votes of the citizens. The “Chaos computer club”, an organization of hackers, which brings together about 8000 members in Europe, has indeed shown how a simple manipulation diverts the user to the official website and directed to a similar site. This fake site allows you to see the vote of the user. According to the hacker Volkler Birk, quoted by the RTS, this fault shows that “the canton of Geneva has forgotten to protect against a computer attack that dates back more than twenty years.”

Switzerland: Opponents of e-voting suffer setback in parliament | Expatica Switzerland

Parliament has thrown out attempts to stall the permanent introduction of electronic voting – a decision welcomed by the Organisation of the Swiss Abroad (OSA). Two proposals by representatives of right and leftwing parties cited data security concerns, including cyberattacks, and were aimed at effectively blocking plans by the government to conclude more than 15 years of trials and enshrine e-voting in law as a third option – besides going to the polls and the postal vote. The House of Representatives earlier this week rejected the proposals by parliamentarians of the Swiss People’s Party and the Greens, thereby refusing to draft a bill for discussion.

Switzerland: Swiss City Zug To Trial Voting Through Blockchain Technology | ETHNews

Zug, Switzerland, is a hub of welcoming regulation, digital currency acceptance, and blockchain-related events and companies. The local government has consistently extended a friendly hand to crypto-related projects, and its Crypto Valley Association strives to promote the region as “a global center where emerging cryptographic, blockchain and other distributed ledger technologies and businesses can thrive in a safe, supportive, and vibrant environment.” … The results of the survey are nonbinding but will give the city council valuable information about public opinion. The poll will include questions about local matters and digital IDs. Residents will be asked if they would like to use their digital IDs to participate in other government services such as libraries, payment of parking fees, submission of electronic tax returns, and regular referendums.

Switzerland: Swiss set to vote on a radical ‘sovereign money’ plan | CNBC

An upcoming referendum in the wealthy Alpine nation of Switzerland could be set to dramatically transform the global banking industry. Swiss voters go to the polls Sunday to decide whether the country should switch to a so-called sovereign money system. The referendum is attracting international interest because of how it reflects debates held by economists and lawmakers in the aftermath of the 2008 global financial crash.

Switzerland: Will Facebook influence the 2019 Swiss elections? | SWI

Online social network Facebook is allegedly planning to deploy its controversial “I’m a voter” button in Switzerland ahead of parliamentary elections next year. The Swiss authorities have not been officially informed by the US company, according to Swiss media reports. Republikexternal link, a Swiss online news magazine, on Wednesday quoted a report in the Schweiz am Wochenendeexternal link newspaper last month that Anika Geisel, manager of Facebook’s politics and government outreach team in Berlin, had met 20 politicians from all parties in Zurich on April 11. “The topic of the meeting was how candidates could benefit from Facebook’s campaign tools. It was intended as a promotional event for the technology company,” Republik.ch wrote. “One participant asked a question that had nothing to do with the marketing tools. Would Facebook be deploying its well-known ‘I’m a voter’ button in Switzerland? Yes, Geisel answered, the company was working on it.” 

Switzerland: How risky are flawed e-voting systems for democracy? | SWI

A leading data protection expert has warned of future security breaches if the government’s plan to introduce e-voting at a nationwide level goes ahead. Bruno Baeriswyl, data protection commissioner in canton Zurich, urged the authorities to give up plans, announced last April, for online voting across Switzerland. Speaking on the occasion of this year’s European Data Privacy Day at the end of January, Baeriswylexternal link said that current technology could not guarantee that ballots remain secret in votes and elections. He and other cantonal data protection commissioners argued that digitalisation could undermine democratic principles even while online systems help to simplify procedures. “The current systems for e-voting override the secret ballot in votes and elections. But it is imperative that all transactions must always be verifiable in a secure system. As a result, either we have ballot secrecy or we don’t have a secure method,” Baeriswyl said. “And this is highly risky for our democracy.”

Switzerland: Does a minority rule Switzerland? | SWI

Switzerland is often regarded internationally as a model of functioning democracy. But a closer look shows that Swiss democracy is far from perfect. The “rule of all” turns out to be the “rule of some”. It is September 24, 2017, a “voting Sunday” as we say here in Switzerland. Voters have the final say on a crucial reform of the old age pension system. This is a topic that will concern everyone, sooner or later. Over the course of the day it becomes apparent that the proposed reform isn’t getting a majority of votes and is going down to defeat. But the real letdown begins to be felt late in the evening, when the last municipalities send in their tallies to the election authorities.