300 e-voting trials were carried out in Switzerland between 2003 and 2019. In recent years, systems that ensure individual verifiability have come into use. This allowed voters to check that their vote was received correctly in the electronic ballot box.
Next-generation e-voting systems
We are now seeing the next step in the development of e-voting. For the first time, a system with complete verifiability will be deployed. Swiss Post’s e-voting team has developed verification software for this solution. The software enables cantonal electoral auditors to check any falsified or modified votes after the electronic ballot boxes have closed. This means the entire electronic ballot can be checked but each individual vote remains confidential. Swiss Post is providing the cantons with a next-generation system for the continuation of e-voting.
Open source for knowledge transfer
Swiss Post will publish the verification software under an expansive open-source licence. This will give third parties the opportunity to further develop the software, adapt it, and then also distribute it on a commercial basis. The tool’s architecture has a modular structure, which simplifies further development for third parties. The benefit of this is that, in future, cantons can purchase verification software or parts of it from other providers independently of Swiss Post.
All components disclosed, community programme continues
At the start of 2021, Swiss Post began to publish the components and relevant documentation from its e-voting system as part of a community programme. Following the publication of the verification software, all significant parts of the beta version of the Swiss Post e-voting system are now available.
The community programme is nevertheless continuing and also includes the bug bounty programme. The system is to undergo continual further development after being made available operationally and after approval by the Confederation for trial operation. Swiss Post will publish these modifications on an ongoing basis and specialists can verify them.
Swiss Post understands cyber security as a participatory process. It will continue to work closely with independent experts – on one hand with regard to findings. On the other, on knowledge transfer via specialist webinars or at meetings with leading experts, like the research team at the University of Lorraine. By adopting this approach, Swiss Post aims to work with leading international specialists to identify every vulnerability, rectify it and maintain the system at the highest possible security level.
News from the community programme
- Since January 2021, e-voting experts from Switzerland and abroad have submitted a total of 111 reports about the beta version of the e-voting system. The independent experts appointed by the Confederation are also checking the system and reporting improvements. The reports include 3 findings with the second highest severity level. A description of these findings can be found in the e-voting blog. Findings from the highest severity level, “critical”, are not entered.
- To date, Swiss Post has paid out 71 650 euros for the confirmed vulnerabilities identified through the bug bounty programme.
