The publicly-owned company Swiss Post, which had abandoned its electronic voting system in July over security concerns, has developed a new version. “We have already proposed a solution” to cantons, said general manager Roberto Cirillo in an interview published by the La Liberté newspaper on Friday. According to Cirillo, the company is in the process of defining the rules for testing the new system with cantons. He stressed that the new version will “contain universal verifiability”. At the beginning of July, Swiss Post abandoned its electronic voting system, which means it now cannot be used for the October federal parliamentary elections. The decision was made after subjecting the e-voting system to an intrusion test by thousands of hackers last spring. According to Swiss Post, they were unable to penetrate the electronic ballot box, but found serious errors in the source code, which had to be corrected. The cantons of Neuchâtel, Fribourg, Thurgau and Basel City had adopted this e-voting system, which only offered individual verifiability. Three of them already plan to demand compensation from Swiss Post for failure to deliver.Full Article: Swiss post rolls out more secure version of e-voting platform - SWI swissinfo.ch.
Articles about voting issues in the Swiss Confederation.
The idea of e-voting in Switzerland has been a bold dream, but the future of the entire project is now in doubt. Sceptics seem to have won the day, at least for the moment. So what issues do experts have with it? We talk to two of them. Let us first remember what has happened. The federal government put out a proposal to use an e-voting system but opponents, in this case computer scientists, were sceptical and critical. There followed an emotional debate among politicians, civil servants and the computer scientists, leading to an informed decision. It was decided that the danger of vote manipulation is too great, for it runs the risk of breaking Switzerland’s political backbone of direct democracy. Democracy also means, however, that no decision is ever cast in stone.Full Article: These are the arguments that sank e-voting in Switzerland - SWI swissinfo.ch.
One of the world’s most secure email services has been caught up in a sophisticated cyber attack aimed at investigative journalists and other experts who are probing Russian intelligence activities. Those targeted have used Swiss-based ProtonMailexternal link to share sensitive information related to their probes of Moscow’s military intelligence directorate, the GRU. Its agents have been accused of complicity in the downing of MH17 over Ukraine in 2014, and the attempted assassination of Sergei Skripal and his daughter last year in Britain. ProtonMail, which bills itself as the world’s most secure email platform, because of its cutting edge cryptography and protections against attack, became aware of the attempt to compromise its users on Wednesday. The company, founded in 2014 by a team of former scientists from the European particle research laboratory CERNexternal link, has been in touch with Swiss authorities to help shut down the web domains used to try to dupe its clients and has taken action to block phishing emails. Its own systems and servers have not been hit in any way, it emphasised.Full Article: Cyber attack hits email users probing Russian intelligence - SWI swissinfo.ch.
Three Swiss cantons that were preparing to use a new e-voting system this year say they will seek financial compensation after it was unexpectedly withdrawn and put on ice. Fribourg, Neuchâtel and Thurgau will seek compensation after spending money on making the system ready to voters in the October elections. Fribourg told the Swiss News Agency Keystone-SDA that it had invested CHF150,000 ($151,000). A fourth canton, Basel City, said it was considering its options on suing Swiss Post, the state-owned postal service that had developed the system. The Swiss government recently suspended efforts to enshrine electronic voting in the law. Swiss Post followed this announcement by suspending its e-voting platform, to which the four cantons had already subscribed.Full Article: Three cantons seek damages for failed e-voting system - SWI swissinfo.ch.
Swiss Post has suspended its e-voting system effectively spelling the end of the online trials with the current technology for the October parliamentary elections. The state-owned company said it took the decision after the government announced last week that it will drop plans to introduce e-voting as an official voting channel for the time being. However, Swiss Post pledged to develop a new, updated version with universal verifiability available from 2020, according to statementexternal link on Friday. The current system of Swiss Post has been in use in four cantons on a trial basis, notably the registered expat Swiss community living around the world. Last month, a rival system developed by canton Geneva and used by three other cantons, was also withdrawn with immediate effect. The moves come amid increasing opposition against e-voting for data security reasons.Full Article: No e-vote option for the Swiss parliamentary election - SWI swissinfo.ch.
Switzerland: Control-Alt-Delete? Swiss government puts the brakes on e-voting | James Walker/The Daily Swig
The Swiss Federal Council has suspended its plans to bring electronic voting (e-voting) into regular operation in Switzerland. Concerns surrounding the security and integrity of one online voting system were cited among the reasons for the U-turn. In December 2018, the Federal Council launched a consultation into proposed amendments to Switzerland’s Political Rights Act that would effectively make e-voting a third regular voting channel, alongside in-person and postal votes. This consultation is now over, and although a “clear majority” of the cantons and political parties were said to support the introduction of e-voting in principle, the Federal Council said it has decided to “provisionally forgo” the introduction into regular operation. “The political parties which support e-voting in principle consider that now is not the right time to take that step,” a statement reads. “The Federal Council has therefore decided not to proceed with the partial revision of the Political Rights Act at the present time.”Full Article: Control-Alt-Delete? Swiss gov’t puts the brakes on e-voting | The Daily Swig.
The government has decided to suspend efforts to enshrine electronic voting in Swiss law, but it plans to continue trials using improved systems. The expatriate Swiss community is alarmed by the announcement. A consultation among political parties and the 26 cantons, as well as a series of technical flaws in the current systems, has led the government to review its policy on e-voting, according to the Federal Chancellor Walter Thurnherr. “Opinions are clearly divided. The cantons have come out in favour, but the parties are against,” he told a news conference on Thursday. “This means there is not sufficient support at the moment for the introduction of e-voting on a legal basis.” Thurnherr added that the series of limited e-voting trials underway since 2004 will continue unless “citizens or politicians decide otherwise”, though he also acknowledged that public opposition has grown since the tide started turning against e-voting two years ago. Recently, a committee launched a people’s initiative for a five-year e-voting moratorium amid the controversial discovery of technical problems in the two e-voting systems currently in use.Full Article: E-voting suffers another setback amid expat Swiss concerns - SWI swissinfo.ch.
Swiss officials are delaying plans to introduce electronic voting across the Alpine country, saying it’s “premature” because of problems testing the security and reliability of the system. The Federal Council said there is support for e-voting in addition to mail-in and in-person balloting. Some Swiss cantons, or regions, have already used e-voting systems, and the federal government has supported work on a nationwide system.Full Article: Swiss Delay Plans for Nationwide e-Voting, Citing Flaws - The New York Times.
Swiss citizens overseas registered for e-voting in the cantons of Geneva, Bern, Aargau and Lucerne will not be able to vote electronically in the national parliament elections in October. The canton of Geneva has decided to accelerate the phasing out of the voting platform used by these cantons until now. Geneva had earlier announced that it was shelving its CHVote platform (developed in 2003) due to cost reasons. However, it said that it would keep the platform going until February 2020. But it has now decided to deactivate CHVote earlier than originally anticipated, leaving some users unable to vote electronically in the parliamentary elections in October. This decision was taken in agreement with the cantons of Bern, Aargau and Lucerne, which have been using CHVote since 2010.Full Article: Most Swiss expats to lose e-voting access in parliament elections - SWI swissinfo.ch.
Verifiability is a critical part of the trustworthiness of e-voting systems. Universal verifiability means that a proof of proper election conduct should be verifiable by any member of the public. The SwissPost e-voting system, provided by Scytl, aims to offer a partial form of verifiability, called “complete verifiability”, which resembles universal verifiability but adds the assumption that at least one of the components on the server-side, i.e., the computers running the voting system, behaves correctly. (Universal verifiability offers guarantees even if all server-side components are malicious.) In the SwissPost system, encrypted electronic votes need to be shuffled to protect individual vote privacy. Each server who shuffles votes is supposed to prove that the set of input votes it received corresponds exactly to the differently-encrypted votes it output. This is intended to provide an electronic equivalent of the publicly observable use of a ballot box or glass urn. We show that the mixnet specification and code recently made available for analysis does not meet the assumptions of a sound shuffle proof and hence does not provide universal or complete verifiability. We give two examples of how an authority who implemented or administered a mix server could produce a perfectly-verifying transcript while actually – undetectably – manipulating votes.Full Article: Trapdoor commitments in the SwissPost e-voting shuffle proof.
The e-voting system operated by Swiss Post will not be available for nationwide votes on May 19. This is the consequence of “critical errors” found during a public intrusion test, the Federal Chancellery and Swiss Post announced on Friday. The Federal Chancellery said in a statementexternal link it would review the licensing and certification procedures for e-voting systems. It added that it had no indication that these flaws had resulted in votes being manipulated in previous ballots. Swiss Post’s e-voting system had been in use in four cantons: Basel City, Fribourg, Neuchâtel and Thurgau. The Organisation of the Swiss Abroad said on Fridayexternal link it was deeply disappointed by the news, describing it as a blow against online voting “and thus a denial of the democratic rights of the Swiss Abroad”.Full Article: Swiss Post’s e-voting system pulled for May votes - SWI swissinfo.ch.
A second error in the Swiss Post planned e-voting system has been discovered as the public intrusion test phase comes to an end. The Federal Chancellery announced the need for action and confirmed a review of the e-voting certification and approval process. The same computer experts who discovered a critical error in the source code of Swiss Post’s new e-voting system earlier this month announced they discovered a further security gap. It was identified as part of the public intrusion test that has been running since February 25, during which the e-voting source code was released. The bug affects universal verifiability – the same area of the system as the first error. However, in this case the error would not make it possible for arbitrary manipulation of any possible votes to go unnoticed, according to the Federal Chancellery. That said, votes could be made invalid without being discovered by the mathematical evidence. René Lenzin, deputy head of communications at the Federal Chancellery, told the Swiss news agency Keystone-SDA that the error confirmed a “need for action”. The error discovered on March 12 had already shown that universal verifiability and thus the “heart of the system” had not worked. The system had to recognise if manipulation had taken place.Full Article: Additional flaw found in Swiss Post e-voting system - SWI swissinfo.ch.
Switzerland: Second flaw found in Swiss election system could change ‘valid votes into nonsense,’ researchers say | CyberScoop
Researchers have uncovered a second security flaw in the electronic voting system employed by the Swiss government. The vulnerability involves a problem with the implementation of a cryptographic protocol used to generate decryption proofs, a weakness that could be leveraged “to change valid votes into nonsense that could not be counted,” researchers Sarah Jamie Lewis, Olivier Pereira and Vanessa Teague wrote in a paper published Monday. This disclosure comes weeks after the same team of researchers announced they had uncovered a flaw in the e-voting system that could allow hackers to replace legitimate votes with fraudulent ones. Swiss Post, the country’s national postal service, which developed the system along with Spanish technology maker Scytl, said earlier this month that first vulnerability had been resolved. Researchers said at the time that the vulnerability demonstrated what can go wrong when governments shift to electronic voting with no alternative plan. The security and integrity of electronic voting systems vary by country, and the vulnerabilities outlined in this research are specific to Switzerland, but other areas of the world increasingly are moving toward a voting infrastructure where it could soon be impossible to verify whether vote tampering has occurred. Christopher Krebs, head of the U.S. Cybersecurity and Infrastructure Agency told Congress last month election officials must have the ability to audit election results.Full Article: Second flaw found in Swiss election system could change 'valid votes into nonsense,' researchers say.
Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system’s design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what’s going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly. “Most of the system is split across hundreds of different files, each configured at various levels,” Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England’s GCHQ intelligence agency, told Motherboard. “I’m used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding.”Full Article: Experts Find Serious Problems With Switzerland's Online Voting System.
Swiss authorities are trumpeting the fact that more than 2,000 would-be hackers from around the world have taken up an invitation to try to find holes in Switzerland’s groundbreaking online voting system — and potentially earn tens of thousands of francs (dollars) if they succeed. The Federal Chancellery and Swiss regions, known as cantons, expressed satisfaction at the high response barely a week after launching a registration for IT experts to help crack a planned update to Switzerland’s 15-year-old e-voting system. Among countries in Europe, only Estonia has a similar online voting program, a Swiss official said. The effort amounts to a coming-of-age of Swiss e-voting, or online voting, systems: After over 200 trials and the rollout of e-voting already in 14 of Switzerland’s 26 cantons, authorities now believe they’ve developed “completely verifiable systems” that they hope to introduce for the first time this year.Full Article: Hackers flock to hunt for cracks in Swiss e-voting system - StarTribune.com.
Worries over election hacking have led officials in Europe and the U.S. to consider a return to hand-counting paper ballots. Switzerland, however, is moving in the opposite direction, toward absentee electronic voting. It’s a useful way of keeping turnouts from falling, and the systems can be made secure and reliable. Since the scare of 2016, when U.S. intelligence services asserted that malicious Russian actors came close to hacking electronic voting systems and even cracked some voter databases, at least one country – the Netherlands – went back to counting paper ballots by hand throughout the tabulation process, not just at local polling stations. Dozens of U.S. states used hand-counting either solely or for backup in the 2018 midterm elections, and the states that failed to do so were criticized for ignoring security. … Recent research shows that electronic voting doesn’t boost interest in elections by much. In Estonia, which introduced e-voting in 2005, more than 30 percent of the vote is now cast online but the total turnout has remained stable – and low. Yet studies have also shown that having e-voting as an option can arrest a decline in turnout: Easy absentee voting is habit-forming.Full Article: Election Hacking: Bucking the Trend, Swiss Rely on Online Voting - Bloomberg.
Democracy bases its legitimacy on the promise to adequately and appropriately represent the population. However, a look at Switzerland’s system reveals some shortcomings: women, young people, foreigners and the low-qualified are often absent from political institutions. Democratic rights don’t fall from the sky. They are the achievement of brave people who demanded and fought for political rights for themselves and for their fellow citizens. Such efforts fighting for equality were also seen in Switzerland. Almost 100 years ago, the social and political situation in the country was explosive, and many were dissatisfied with living and working conditions; factory workers, in particular, felt politicians had abandoned them.Full Article: Left behind and locked out of Swiss democracy - SWI swissinfo.ch.
The Swiss government will make its future e-voting system available for a public intrusion test and is now inviting companies and security researchers to have a go at it. “Interested hackers from all over the world are welcome to attack the system,” the government said in a press release. “In doing so, they will contribute to improving the system’s security.” … A mock e-voting session is planned on the last day of the testing period, on March 24, but participants can attack the e-voting system before that, as well. To participate, companies and security researchers will have to sign up in advance of the PIT session’s official start. Signing up will give participants the legal permission to attack the system, will ensure the cash rewards will reach those who first report an issue, and it enforces a set of rules and restrictions on participants.Full Article: Swiss government invites hackers to pen-test its e-voting system | ZDNet.
The Swiss government has issued a 150,000 Swiss franc (US$149,790) challenge to online hackers; break into our new generation electronic voting system and we’ll reward you. The federal chancellery announced a dummy run election will be held from February 25 to March 24 and invited anyone who wants to display their online piracy talents to sign up at https://onlinevote-pit.ch. They can then “try to manipulate the vote count, to read the votes cast, to violate voting secrecy or to bypass security systems,” it said in a statement. The amount of the reward paid out will depend upon the level of intrusion achieved by each hacker.
Several federal offices in Switzerland are investigating whether online manipulation could affect upcoming elections, says a newspaper report. The Federal Office of Communicationsexternal link (OFCOM) has set up a government working group to look into the effects of artificial intelligence on the media and public opinion, writes the NZZ am Sonntag paper. This group was set up last September and is headed by the education and research ministry, spokesman Francis Meier told the paper. Last October Swiss intelligence chief Jean-Philippe Gaudin also warned that foreign actors could try to influence the next federal elections through online artificial intelligence, saying he would propose appropriate measures to the government.Full Article: Swiss look into online manipulation ahead of federal polls - SWI swissinfo.ch.