Press releases

Ballot box not hacked, errors in the source code – Swiss Post temporarily suspends its e-voting system

The public intrusion test ordered by the Confederation and the cantons on Swiss Post’s new e-voting system is complete. Although the electronic ballot box could not be hacked, feedback on the published source code reveals critical errors. Since the integrity of votes and elections is a top priority, Swiss Post is taking action. It will correct the source code and have it reviewed again by independent experts. It will therefore not provide its e-voting system to the cantons for the votes of 19 May.

Rich content section

Swiss Post conducted a public intrusion test (hacker test) on its new, universally verifiable e-voting system between 25 February and 24 March 2019. In addition to the intrusion test, it published the source code for its e-voting system on 7 February. Although the notarized ballot box could not be hacked, feedback on the published source code reveals critical errors (see press release and blog post). An error also affects the individually verifiable system used by the cantons of Thurgau, Neuchâtel, Friborg and Basel-Stadt since 2016. It can be ruled out that previous votes or elections have been manipulated. The error would cause invalid votes to be cast. This would systematically be detected on decrypting the ballot box.

Integrity is a top priority

The integrity of votes and elections is a top priority for Swiss Post. It is aware of the high level of responsibility it carries as the system provider of an e-voting system in Switzerland. It will therefore correct the source code and have it reviewed again by independent experts. Consequently, it will temporarily suspend operation of its system and will not provide it to the cantons for the votes of 19 May.

No manipulated votes

During the four-week endurance test, around 3,200 international IT experts inflicted targeted attacks on the new e-voting system. After the completion of the intrusion test, there were no manipulated votes in the electronic ballot box. The hackers did not manage to infiltrate the e-voting system. Attempts at overloading the system through DDoS attacks were unsuccessful. The hackers submitted a total of 173 findings. The Federal Chancellery, Cantons and Swiss Post confirmed 16 of them. They fall under the lowest classification level, “Best Practice”, and are thus considered non-critical. The entire assessment process for the findings was overseen by representatives of the Confederation and the cantons. Swiss Post will take account of the findings in the further development of the new e-voting system. That was the very point of the public intrusion test and source code disclosure. The source code will remain open to the public to allow researchers to continue the verification process and report their observations to Swiss Post.

Facts and figures on the public intrusion test on the e-voting system

System findings Number
Total submitted 173
Of which confirmed by the Federal Chancellery, Cantons and Swiss Post 16
Of which critical 0
Non-critical optimization proposals 16
Source code findings Number
Submitted so far 84
Of which accepted for revision 28
Of which optimization proposals 25
Critical findings 3
Participants in the intrusion test Number
Number of participants Around 3,200 people from 137 countries
By nationality (statistics) Swiss 27%, French 13%, American 7%, German 5%, Indian 4%, Polish 3%, Canadian 3%, British 3%, others 35%

More information

Information
Oliver Flüeler, 058 341 21 95, presse@swisspost.ch

Rich content section