Since 2004, the cantons have carried out e-voting trials based on federal law on voting in federal votes. Swiss Post has now developed a system that is fully verifiable. This makes e-voting available to a broader public, and ensures that systematic malfunction resulting from software errors, human error or attempted manipulation is detected. In accordance with the requirements of federal law, the system must be certified before first use and the source code must be disclosed.

In addition, the Confederation and the cantons have decided that fully verifiable e-voting systems must undergo an intrusion test before they are used for the first time. Intrusion tests (aka pen tests) stage attacks to verify a system’s security. An intrusion test is already being carried out by an accredited body as part of the certification process. The public intrusion test has the added benefit of including a large number of people to test the security of a system.

The Confederation and the cantons have adopted common requirements for the public intrusion test, requiring system providers to make their systems available for testing for a period of four weeks. The hacker community should try to manipulate votes, read votes cast and disable or circumvent the security measures that protect votes and security-related data. The system documentation and source code must be published before testing.

Swiss Post is making its system available for a public intrusion test from 25 February to 24 March. SCRT, a company specialising in intrusion tests, will register participants on behalf of the Confederation and the cantons, and will also evaluate feedback and comment on it as soon as possible.

The federal government and the cantons are contributing CHF 250,000 towards the public intrusion test via eGovernment Switzerland’s priority plan; CHF 150,000.- of this amount is earmarked as a contribution to Swiss Post’s total costs and CHF 100,000.- will be paid to SCRT for its services. People who provide particularly useful reports on security breaches will be paid. Swiss Post decides how much is paid.

Those interested can register at https://onlinevote-pit.ch and access further information on the test modalities.

Public intrusion test for e-voting to take place in February and March