Universal verifiability Hackers uncover ‘significant’ flaw in Swiss Post e-voting

A major bug has been identified in the new Swiss Post’s e-voting system. Hackers reported the flaw to Swiss authorities as part of a public intrusion test. Swiss Post has resolved the issue.

In mid-February, the Swiss government launched a public intrusion test, challenging IT experts to reveal cracks in the country’s new e-voting system by March 24. On March 12, a flaw concerning universal verifiabilityexternal link was discovered in the Swiss Post’s e-voting system by studying the system’s source code, which was released as part of the test. Universal verifiability makes it possible to determine with mathematical evidence whether votes have been manipulated.

While the flaw uncovered by the hackers does not allow the system to be penetrated, the Federal Chancellery still deemed it a “significant flaw” as it means it is not possible to detect whether the votes have been tampered with.

In a statement, the chancellery explained that the flaw means that "the Swiss Post system does not meet the legal requirements," and it urged Swiss Post to review and improve its security processes to prevent such flaws.

The e-voting system currently being used in the cantons of Thurgau, Neuchâtel, Fribourg and Basel-City is not affected by this gap in the source code. It exclusively affects the system with universal verifiability provided for the intrusion test, which has never been used for a real vote.

In a statement on its websiteexternal link, Swiss Post acknowledged that the error in the source code had already been identified in 2017. However, the correction was not fully implemented by technology partner Scytl, which Swiss Post regrets. “Swiss Post regrets this and has asked Scytl to make the correction in full immediately, which they have done. The modified source code will be applied with the next regular release.”

The public intrusion test of the Swiss Post e-voting system ordered by the Swiss government and the cantons has been running for just over two weeks now. More than 3,000 hackers around the world are testing the system until 24 March.

People's initiative

Opponents of e-voting say the latest flaw has permanently undermined trust in online voting systems.

They announced that they will officially launch their people's initiative next Friday, calling for a five-year moratorium on e-voting and an end to ongoing trials with the digital technology.

The committee made up of politicians and computer experts has 18 months to collect at least 100,000 signatures for a nationwide vote on the issue.

In January, the group presented its plans which involve winning pledges from 10,000 people to help collect the necessary signatures.

The Swiss government wants to introduce e-voting as an additional option for citizens to participate actively in democracy.

The Organisation of the Swiss Abroad has called for online voting to be made available for all expatriates Swiss by 2021. It submitted a petition last November.

Online democracy Opposition against e-voting project gathers pace

A committee of politicians and IT experts launches an initiative aimed at banning online voting for at least five years in Switzerland.

swissinfo.ch/jdp, urs

Tags

Sign up for our free newsletters and get the top stories delivered to your inbox.

Copyright

All rights reserved. The content of the website by swissinfo.ch is copyrighted. It is intended for private use only. Any other use of the website content beyond the use stipulated above, particularly the distribution, modification, transmission, storage and copying requires prior written consent of swissinfo.ch. Should you be interested in any such use of the website content, please contact us via contact@swissinfo.ch.

As regards the use for private purposes, it is only permitted to use a hyperlink to specific content, and to place it on your own website or a website of third parties. The swissinfo.ch website content may only be embedded in an ad-free environment without any modifications. Specifically applying to all software, folders, data and their content provided for download by the swissinfo.ch website, a basic, non-exclusive and non-transferable license is granted that is restricted to the one-time downloading and saving of said data on private devices. All other rights remain the property of swissinfo.ch. In particular, any sale or commercial use of these data is prohibited.

Hackers uncover ‘significant’ flaw in Swiss Post e-voting

Mar 12, 2019 - 14:03

A major bug has been identified in the new Swiss Post’s e-voting system. Hackers reported the flaw to Swiss authorities as part of a public intrusion test. Swiss Post has resolved the issue.

In mid-February, the Swiss government launched a public intrusion test, challenging IT experts to reveal cracks in the country’s new e-voting system by March 24. On March 12, a flaw concerning universal verifiability was discovered in the Swiss Post’s e-voting system by studying the system’s source code, which was released as part of the test. Universal verifiability makes it possible to determine with mathematical evidence whether votes have been manipulated.

In a statement on its website, Swiss Post acknowledged that the error in the source code had already been identified in 2017. However, the correction was not fully implemented by technology partner Scytl, which Swiss Post regrets. “Swiss Post regrets this and has asked Scytl to make the correction in full immediately, which they have done. The modified source code will be applied with the next regular release.”

People's initiative

Opponents of e-voting say the latest flaw has permanently undermined trust in online voting systems.

They announced that they will officially launch their people's initiative next Friday, calling for a five-year moratorium on e-voting and an end to ongoing trials with the digital technology.

The committee made up of politicians and computer experts has 18 months to collect at least 100,000 signatures for a nationwide vote on the issue.

In January, the group presented its plans which involve winning pledges from 10,000 people to help collect the necessary signatures.

The Swiss government wants to introduce e-voting as an additional option for citizens to participate actively in democracy.

The Organisation of the Swiss Abroad has called for online voting to be made available for all expatriates Swiss by 2021. It submitted a petition last November.

E-governance Study reveals huge demand for e-voting in Switzerland

Over two-thirds of Swiss people believe all citizens should be able to vote online, a national survey has revealed.

Online voting Flaw reported in Switzerland’s biggest e-voting system

A hacker claims to have discovered a weakness in canton Geneva’s e-voting system to attacks that could redirect online voters to malicious websites.

Navigation

Skiplink Navigation

Main Features

Search function

Universal verifiability Hackers uncover ‘significant’ flaw in Swiss Post e-voting

People's initiative

Online democracy Opposition against e-voting project gathers pace

Tags

Neuer Inhalt

SWI swissinfo.ch on Instagram

subscription form

Copyright

Function	Example	Search result
Search for exact term	"money-laundering", "Roger Federer"	Results include exact spellings of "money-laundering" and "Roger Federer"
Search for all terms	Roger Federer	Results include "Roger" and "Federer"
Either-or search	money-laundering	Results include "money" or "laundering"
Search for one term and not the other	money -laundering	Results include "money" but NOT "laundering"
Search for word stem	sun*	Results include words with the same base like "sun", "suns", "sunshine", "sunny"
Search with placeholder for letter	wom*n	Results include all possible words: "woman", "women"