Registration is open for those who want to help reveal cracks in Switzerland’s future e-voting system – and maybe earn a cash bounty. Critics say the test is a farce.
In a public intrusion test, Swiss Post will allow hackers to legally attack its e-voting system from February 25 to March 24. The goal is to improve the system’s security.
As of Thursday, nearly 2,000 hackers had registered hereexternal link to participate in the test: with 26% in Switzerland, 15% in France, 7% in the United States and 5% in Germany.
Over the past 15 years several cantons have used e-voting on a trial basis with systems developed by Swiss Post or canton Geneva. Many Swiss voters – especially those living abroad – are eager to vote online.
Now Swiss Postexternal link and the Swiss government are harnessing the power of hackers to identify vulnerabilities in the new e-voting system before it’s used in real life. Over the course of a month, the international hacker community is encouraged to try to manipulate votes, read votes cast and disable or circumvent the security measures that protect votes and security-related data.
“This e-voting system is the first Swiss system that can be fully verified. Interested hackers from all over the world are welcome to attack it,” wrote the governmentexternal link in a statement directing computer specialists to register here to participateexternal link.
As part of eGovernment Switzerlandexternal link’s priority plan, the federal government and cantons are investing CHF250,000 ($248,000) in the public intrusion test, with CHF150,000 going towards Swiss Post’s total costs and CHF100,000 going to SCRT, a company specializing in intrusion tests.
The rewards will hardly impress criminal hackers, say critics of the four-week intrusion test.
“Much higher sums than those offered by the Swiss are taken to hands by criminals and strategic organizations to develop attacks. It is unlikely that these actors will ever disclose their cyber arsenal to the Swiss for CHF100-50,000,” say the people behind a popular initiative “For a secure and trustworthy democracy (e-voting moratorium)”external link.
The initiative committee cites the security problems with Geneva’s test system, flagged by the Chaos Computer Club Switzerland. Last November, a club member told Swiss public television, SRF, that it took only a few minutes to discover the system’s weakness to so-called DNS cache poisoning – which makes it possible to divert internet traffic from legitimate servers to fake ones.
“The idea of being able to exclude all relevant hacking methods is a well-intentioned illusion,” says Jean Christoph Schwaab, a leftwing Social Democrat and former parliamentarian for canton Vaud, who calls the public intrusion test a “farce costing CHF250,000”.