Online voting and elections

Anchor Navigation

Publications and source code

As part of its cybersecurity strategy, Swiss Post focuses on the public review of applications and services. This is why it runs bug bounty programmes to reward hackers and cryptographers financially for their work of scrutinizing the system and uncovering any confirmed vulnerabilities. In 2021, Swiss Post published all the core, security-relevant components of its e-voting system, and launched its bug bounty programme for an indefinite period. This allows specialists from all over the world to analyse, scrutinize and test the system. Swiss Post continues to work on its e-voting system to ensure it is always protected against cyberattacks.

Complete disclosure of the new e-voting system

In 2021, Swiss Post published its new, fully verifiable e-voting system in multiple stages as part of a community programme so that independent experts could test it. Swiss Post also launched a public bug bounty programme for e-voting for an indefinite period of time.

More information on the disclosure can be found on the e-voting community website.

On 3 March 2023, the Federal Council granted the cantons of Basel-Stadt, St. Gallen and Thurgau initial authorization for the use of Swiss Post’s e-voting system. The e-voting system developed by Swiss Post can be used for votes in these cantons until May 2025. Swiss Post will further develop the system and continue to draw on the expertise of professionals from around the world.

Public intrusion test 2022

Over four weeks from 8 August to 2 September 2022, Swiss Post conducted a public intrusion test, during which ethical hackers attempted to access the e-voting infrastructure. Around 3,400 people from around the world took part. For the first time, the ethical hackers were able to try out and target the vote casting process on the voting portal using sample voting cards. The participants were not able to “crack” the e-voting infrastructure and infiltrate it. The intrusion test is a recurring measure as part of the e-voting system checks as well as a legal requirement of the Swiss Confederation.

Swiss Post’s final report can be found here

Public intrusion test 2019

From 25 February to 24 March 2019, Swiss Post carried out a public intrusion test. IT specialists and hackers were invited to attack the system with the aim of finding and fixing vulnerabilities.

During the four-week stress test, around 3,200 international IT experts inflicted targeted attacks on the new e-voting system. After the completion of the intrusion test, there were no manipulated votes in the electronic ballot box. The hackers did not manage to infiltrate the e-voting system. Attempts at overloading the system through DDoS attacks were unsuccessful. The hackers submitted a total of 173 findings. The Federal Chancellery, cantons and Swiss Post confirmed 16 of them. They all come under the lowest classification level of “Best Practices”.

Swiss Post’s final report summarizes the results and findings of the intrusion test.

Swiss Post’s final report can be found here.Target not accessible

The Confederation’s final report can be found here.

Go to the previous system from 2019

Contact us
We would be happy to advise you about e-voting.

Write to us

Send us your query directly online.

Swiss Post on LinkedIn

Visit us on LinkedIn

Our address

Post CH Communication Ltd
Wankdorfallee 4
3030 Berne