Hackers put Swiss Post’s e-voting system to the test
Are there any security gaps? For Swiss Post, the external opinion of independent experts is key to developing a secure e-voting system. Since 2021, experts around the world have been testing and reviewing the software and documentation. In 2022, ethical hackers were given the opportunity to attack the system.
Almost 70,000 attacks from all over the world within four weeks: at the invitation of Swiss Post, 3,400 ethical hackers – computer experts who infiltrate external systems not with any criminal intent but rather to help improve them – attempted to break into Swiss Post’s e-voting system. The happy outcome: nobody succeeded.
During this public intrusion test, the hackers also had the opportunity to try out the vote casting process on the voting portal using sample voting cards. There were no security-relevant findings, but potential for streamlining the transfer of information was found. Swiss Post will make the appropriate improvements.
Examination by the Confederation
In 2021, Swiss Post opened up its systems to external experts and published the key components and documents for the beta version of its future, fully verifiable e-voting system. At the same time, the system was examined by independent specialists on behalf of the Confederation, who issued a good report for the Swiss Post system in April 2022, but also identified potential for optimization. Since implementation of the reported improvements, the system has again been independently examined.
The opinion of independent experts is key to developing a secure e-voting system.
Swiss Post plans to make the new e-voting system available for use in the first cantons in the course of 2023.
In e-voting, eligible voters receive voting or electoral materials by letter mail, as well as individual security codes for electronic voting. They can register on the e-voting platform for their canton and vote or cast a ballot online. All transferred information is anonymized and protected with end-to-end encryption. Only the cantonal electoral authorities can analyse the results. Individual voters cannot be identified at any point.