08-08-2022

Since the beginning of 2021, Swiss Post’s future e-voting system has been put through its paces by independent experts from all over the world. Another testing opportunity is now available: in addition to the ongoing test options, ethical hackers can now attack the e-voting infrastructure for a period of four weeks. This means that, for the first time, they can accurately simulate and target the vote casting process on the voting portal using sample voting cards. The aim is to detect potential vulnerabilities and rectify them in good time. Swiss Post expects to make its new e-voting system available for use by interested cantons during the course of 2023.

Swiss Post wants to provide a secure and trustworthy e-voting system for Switzerland. Experts from around the world have been testing the beta version of Swiss Post’s e-voting system since the beginning of 2021. This enables Swiss Post to have all the key components of the e-voting system thoroughly examined by external specialists in order to detect any potential vulnerabilities and rectify them in good time. Around three months ago, the Swiss Confederation also presented the first audit reports on the e-voting system from independent experts. Swiss Post is now expanding the testing opportunities available. For the first time, a public intrusion test will enable ethical hackers from around the world to target the e-voting infrastructure in addition to other ongoing test options. This is the first time that the hackers will encounter the very same infrastructure that will actually be used when the system goes live in the cantons. Swiss Post will provide sample voting cards for the public intrusion test. These cards will enable hackers to simulate the vote casting process accurately on the voting portal and carry out a targeted attack on the system.

A further step towards launching the e-voting system
The intrusion test will be held in the four weeks from 8 August to 2 September 2022. Swiss Post will reward confirmed vulnerabilities identified as part of the intrusion test with up to 30,000 francs. The confirmed findings are published on an ongoing basis on the specialist platform GitLab.

Swiss Post’s goal for the intrusion test is to uncover and rectify potential vulnerabilities and to improve the e-voting infrastructure. The company wants to provide the cantons with the latest generation of a secure e-voting system. The public intrusion test also fulfils the Swiss Confederation’s requirement for e-voting trials and represents a further step towards a secure and reliable e-voting system. Swiss Post expects to be able to make its system available for use by the first interested cantons in the course of 2023.

Source: Swiss Post