Why e-voting could become a stress test for democracy

It’s been a 20-year tale of woeExternal link. Switzerland, which stages more votes than any other country in the world, has been frantically trying to introduce digital voting for two decades. 

Now, for the first time in a long time, e-voting has got the green light for a federal election. The cantons of Basel City, St Gallen and ThurgauExternal link are permitted to experiment with digital votingExternal link through to 2025. But enthusiasm is very subdued. The outgoing federal chancellor, Walter Thurnherr, has pushed for this for years, but he didn’t mention it once in a recent interviewExternal link. 

There are reasons for that – it has been a story of bankruptcies, bad luck and mishaps, and its happy ending is as provisional as it is deceptive. 

The story so far: in 2003 the federal chancellery, which is responsible for voting and elections, revised the Federal Act on Political RightsExternal link in order to make e-voting experiments possible. Swiss Abroad were a considerable force behind the drive for e-voting (they still are), but associations for people with disabilities also called for it. 

In 2005 canton Neuchâtel started tests with an e-voting system developed by the Swiss Post, whose software supplier was a controversial Spanish company, ScytlExternal link. A consortium of eight cantons, including Aargau and Graubünden, also experimented with e-voting, albeit with a different system, produced by UnisysExternal link. 

The first setback came in 2015: the federal chancellery scrappedExternal link the consortium’s system, saying it had deficiencies that made it impossible to guarantee voting secrecy. 

A monopoly with problems 

Thurnherr, who had become the driving force for e-voting, then tightened the reins on IT security, because he knew there was no other way to overcome the resistance of digital civil society and IT-savvy politicians. It is a fact that e-voting entails massive conceptual and technical risks. 

• The conceptual risks: Only a few people are capable of understanding the complex e-voting systems and detecting manipulations. Citizens must trust that their digital votes will not be manipulated, for example by an employee of the canton. 
• The technical risks: In digital voting, the vote is cast in a browser that is connected to the open internet and is therefore vulnerable. A hack of the e-voting system could affect not just one vote, but hundreds of thousands. The lack of paper means no recount of votes is possible. 

The Federal Chancellery therefore obliged the providers – in addition to disclosing the source code – to carry out so-called bug bounty programmes (programmes in which every report of software errors and security vulnerabilities is rewarded) and penetration tests (legal attempts to hack a system from the outside). 

More

Swiss Abroad Congress: ‘e-voting isn’t enough’

This content was published on Aug 18, 2023 The political involvement of the diaspora is taking central stage as the Congress of the Swiss Abroad 2023 kicks off in St Gallen.

Read more: Swiss Abroad Congress: ‘e-voting isn’t enough’

In 2019 another provider withdrew from the race for cost reasons: canton Geneva with its self-developed, open-source system. 

Only Swiss Post remained, with an e-voting monopoly from then on. But even its software was not secure, as research by Republik showedExternal link. The Australian state of New South Wales had used the same software as Swiss Post in 2015, and security researchers had discovered a serious gap in the system: the encryptions in the browser did not work correctly. 

Scytl, Swiss Post’s technology partner, also failed the reality check in Switzerland in 2019: Canadian security researcher Sarah Jamie Lewis and her team found two sensitive security vulnerabilities during the test phase.  

The post office subsequently withdrew its system. Politicians pressed the reset button. 

In 2020 parliament made a second attempt, drafting a new legal basis for another e-voting trialExternal link. Only independently tested and fully verifiable systems were to be permitted. 

This means that both voting citizens and the auditors appointed by the canton must be able to determine whether the vote cast on the internet arrives correctly in the digital ballot box. In addition, e-voting is only permitted for a maximum of 30% of eligible votersExternal link. The cantons are mainly targeting Swiss citizens living abroad. 

In the meantime, Swiss Post has done its homework. It bought the source code from Sctyl, its supplier, developed it and, so far, it has passed all the security tests. The post office now has a permanent bug bounty programme; last year 3,400 people took part in itExternal link.  

The federal chancellery was satisfied. “There was no penetration of the infrastructure or the electronic ballot box,” it said. In June 2023, 4,239 eligible voters in Basel City, St Gallen and Thurgau voted electronically. Swiss Post appears to have passed the government’s big test. 

So the current e-voting system is proving robust for the momentExternal link. Now 65,000 eligible voters (1.2% of the electorate)External link will be able to vote via the internet by 2025. So all’s well that ends well? Unfortunately, it’s not that simple. 

Responsibility shifted to citizens 

In the summer of 2023 the federal chancellery and the cantons presented comprehensive risk assessments that were barely noticed by the media. 

The tech journalism blog dnip.ch, however, analysed the reportsExternal link and came to the conclusion that despite all the technical progress, there are still a number of risks. They are simply either countered by measures taken by the federal government and the cantons (more transparency, more documentation) – or underplayed. 

One possible risk, for example, could be a situation in which the results of the paper votes deviate massively from those of the digital votes. This could reduce trust in the electronic voting channel. The cantons seem to consider this scenario unlikely – because so far it hasn’t happened. 

But just because something hasn’t happened yet, does that mean it won’t in the future? 

The federal chancellery shifts most of the responsibility for correct digital voting to citizens. Not only do they have to use the codes to check whether their vote was transmitted correctly, but they also have to have some IT skills: voters must use web server certificates to recognise whether they are connected to the correct e-voting server, they must have virus-free digital end devices, and they must load new software updates. 

And they must not fall for disinformation campaigns by foreign hackers, must never install suspicious browser extensions and certainly must not click on dubious links. If citizens notice any discrepancies, they must take action on their own initiative and report them to the relevant cantonal officeExternal link. 

Reading through all the requirements, one reaches the conclusion that the state would do best to require the Swiss electorate to complete a one-week cyber course. 

The best security measure is the previously mentioned binding requirement that only a limited part of the electorateExternal link may be granted access to e-voting. To put it bluntly: if something goes wrong at the Swiss Post, the lost votes won’t matter too much. 

But even that is too short-sighted: sometimes a few hundred votes can make the differenceExternal link. The blog dnip.ch mentions the following key questions, which, among others, could blow up into political scandals: how extensive does a manipulation of electronically cast ballots have to be for a vote to be repeated? And what do the authorities do if the losers doubt the results because of e-voting? 

Signs of fatigue among critical minds 

The reauthorisation of e-voting could become a stress test for democracy. The timing is bad. 

First, since the pandemic there is a loud, politically disenchanted and state-sceptical minority that has built a digital public sphere on messenger apps like Telegram. It could systematically doubt e-voting results and therefore – should a serious error ever be found – trigger a democratic crisis. 

Second, Switzerland is currently getting hit by one cyberattack after another. To be fair, many of the governmental IT disasters are legacies from the 2000s and early 2010s, such as the procurement scandal involving the company XplainExternal link or the electronic vaccination booklet Meineimpfungen.chExternal link, which has since been taken offline. Nevertheless, every negative headline diminishes trust in government digital projects. 

More

16,600 kilometres away – but still running for Swiss parliament

This content was published on Sep 28, 2023 From a writer in Berlin to a diplomat in Australia. 43 Swiss Abroad are running for the House of Representatives. An overview.

Read more: 16,600 kilometres away – but still running for Swiss parliament

Third, the failure of private systems also poses a risk to e-voting: for example, the postal addresses of 425,000 Swiss Abroad can be found on the darknet because a printing plant belonging to the media group CH Media was hackedExternal link by the ransomware group Play. It would be easy for hacker groups to download these addresses, write to them and lure them to a manipulated e-voting site in their canton. 

And fourth, vigilance is waning. After 20 years of debate, signs of fatigue can be observed in the local tech scene.  

A fundamental decision is needed 

But the long history of e-voting also has its good points. Over the years, a new political awareness has emerged around software developments in the public sector. Public security audits and source code transparency are becoming increasingly state-of-the-art at the federal level. They are also becoming a model for other projects such as the Swiss Covid app. 

The list of priorities for Swiss politicians in matters of digitalisation is difficult to comprehend for long-time observers. Why promote e-voting, of all things – the riskiest form of digitalisation, and one that renowned cybersecurity experts from all over the world repeatedly advise againstExternal link? 

It would be good if the Swiss electorate could soon make a fundamental decision on e-voting. So far, supporters have based the legitimacy of e-voting on polling data. In 2020 a broad alliance made an unsuccessful attempt to achieve a moratorium on e-voting with a popular initiative. A fresh attempt would nonetheless provide clarity on the will of the people.  

Transparency note: The author is co-editor of dnip.ch. 

This article first appeared on republik.chExternal link.