E-government blog | Swiss Post

Further development, intrusion test and preparation of the new e-voting system

Written by Die Schweizerische Post AG | Jan 27, 2022 1:35:00 PM

Swiss Post transports information and data confidentially and securely − in both the physical world and the virtual world. With its universally verifiable e-voting system, which it has developed at a Swiss Post IT location in Neuchâtel, the company aims to facilitate secure electronic vote-casting for elections and votes. Swiss Post is basing the development of the e-voting system on the Confederation’s future legal basis for e-voting trials.


Continual development and public intrusion test

Swiss Post is planning to have the e-voting system ready for use and available to the Cantons by the end of 2022. Before then, Swiss Post will be carrying out a public intrusion test, in which ethical hackers are permitted to attack the e-voting infrastructure. Moreover, the company is improving the system on the basis of reports from the specialist community and the review commissioned by the Confederation. Over the course of the year, Swiss Post will also continue to engage in dialogue with cryptographers and hackers to exchange knowledge and experience via specialist platforms and webinars.


The bug bounty programme works: new findings with the second highest level of severity

At the start of 2021, Swiss Post initiated a community programme on e-voting and published the essential components and documentation for the beta version of its future e-voting system. At the same time, the company is running an open-ended bug bounty programme, in which ethical hackers and cryptographers receive rewards for confirmed findings of weak points. This is to help Swiss Post uncover any weak points and fix them at an early stage.

Thanks to analysis and tests by experts from all over the world, Swiss Post has already managed to make several improvements to the system. A summary of security-relevant findings is published regularly in its e-voting blog. Currently, the list includes a new finding with the second highest level of severity which Swiss Post published in mid-January, along with the suggested solution. Further information on reports that have been submitted can also be found on the specialist GitLab platform.