Faulty e-voting system
Swiss Post's e-voting system will not be available for the vote on 19 May 2019. Once the intrusion test has been completed, the Federal Chancellery will review the approval and certification processes for e-voting systems.
A group of researchers and Swiss Post have informed the Federal Chancellery of another flaw in its new e-voting system. The shortcoming concerns individual verifiability: this allows voters to check whether the system has correctly registered their vote. Individual verifiability is a key component of Swiss Post's previous e-voting system, which is already in use in four cantons (BS, FR, NE, TG). From the point of view of the Federal Chancellery, the decision of Swiss Post is therefore logical not to use its system on the occasion of the ballot on 19 May 2019. This shortcoming does not affect the e-voting system of the canton of Geneva, for which six cantons (AG, BE, GE, LU, SG, VD) have received approval for the ballot of 19 May 2019.
According to the Federal Chancellery, there are no indications that the aforementioned deficiency has led to the falsification of votes in previous votes.
Federal Chancellery takes stock of the situation
Swiss Post's new e-voting system, which is designed to guarantee complete verifiability in addition to individual verifiability, was subject to a public intrusion test from February 25 to March 24, 2019. Prior to this, Swiss Post made the source code of this system accessible. From the point of view of the Federal Chancellery, these measures resulted in important findings being obtained and vulnerabilities being uncovered. As already communicated on March 12, 2019, the Federal Chancellery will conduct a site assessment. This will take into account the results of the test as well as the deficiencies that researchers have identified on the basis of the documentation and the source text.
As part of the intrusion test, a total of 16 responses were classified as violations of best practices. They do not substantiate any significant risks. The results of the intrusion test can be found on the website of the external provider who organized the test on behalf of the federal government and the cantons.
Source: Federal Chancellery
More articles on the topic of e-voting here
