Skip to content

Independent audit: insights into the ongoing work at Swiss Post

At the beginning of 2021, Swiss Post launched an e-voting community programme that enabled experts from around the world to examine its new e-voting system. At the same time, several expert groups conducted a review of the system on behalf of the Federal Chancellery. The initial audit reports are now available together with the response reports from Swiss Post. Swiss Post has developed an action plan to resolve the reported findings and notified the Federal Chancellery and the relevant cantons accordingly. The ready-for-use system will not be made available until the work outlined in this plan is complete.

In several stages from the beginning of 2021, Swiss Post has published the key documents and components for the beta version of its future e-voting system with universal verifiability on the specialist platform GitLab. Experts from around the world have since taken part in the review and reported improvements to the system, which Swiss Post has implemented. The latest information on the findings is always available on this blog.

In July 2021, the Federal Chancellery also commissioned several expert groups to examine the system in the areas of cryptography, software, infrastructure and operations as well as to perform penetration testing. This independent examination is a requirement for the use of a system in accordance with the future legal basis. Swiss Post was in contact with the experts during the examination. Swiss Post analysed the audit reports in detail and provided response reports that outlined how the reported findings are to be resolved.

 

Status of the work and key areas of action

 

Work on resolving the reported findings is already under way. In the most recent system release, Swiss Post has already taken action to resolve some of the findings from the audit reports. The resolved findings are listed by system component on the specialist platform GitLab (source code system, cryptographic primitives, cryptographic protocol).

Other improvements are soon to be implemented. Swiss Post has developed an action plan for resolving the outstanding findings and communicated it to the Federal Chancellery and the cantons involved. This work is centred on aspects of the cryptographic protocol and its implementation in the software. Swiss Post is making clarifications, implementing targeted improvements and recoding, with particular regard to the cryptographic evidence and the findings relating to voting secrecy and individual verifiability.

Swiss Post will not make the ready-for-use system available to the cantons until the work outlined in the action plan is complete. The interested cantons should be able to introduce e-voting within the context of the legally determined trial operation during the course of 2023.

 

Swiss Post’s reports in response to the expert reports

 

The audit reports created by the experts are available on the Federal Chancellery website. The response reports from Swiss Post can be found below.

Expert group Examination scope(s) Antwortbericht/e
der Post (englisch)
Adamiste Stephane (SCRT) Operations and organization Response to SCRT Scope 3
Basin David (Contego Laboratories) Cryptographic protocol Response to Basin Scope 1
Dubuis Eric, Haenni Rolf, Koenig Reto and Locher Philipp (BFH) Cryptographic protocol; Software

Reponse to BFH
Scope 1
Reponse to BFH Scope 2

Essex Aleksander (Western University Canada) Cryptographic protocol Response to Essex
Scope 1
Ford Bryan (EPFL) Cryptographic protocol; Software; Operations and organization Response to Ford Scopes 1, 2 & 3
Fontes Antonio (SCRT) Operations and organization Response to SCRT Scope 2a
Haines Thomas (Australian National University), Pereira Olivier (Université catholique Louvain), Teague Vanessa (Thinking Cybersecurity) Cryptographic protocol; Software Response to Haines, Pereira, Teague Scopes 1 & 2T
Mowat Alain (SCRT) Penetration test Response to SCRT
Scope 4
Perrig Adrian (ETHZ) Penetration test Response to ETHZ Scope 4

 

Subscribe to the blog

Sign up for our E-government blog and you’ll receive regular updates on our latest blog articles, expert opinions and industry trends.