Online voting and elections
Publications and source code
Swiss Post believes that only a transparent e-voting solution can be successful in the long term. Swiss Post is therefore relying on cooperation with independent e-voting experts and the continuous development and improvement of its system.
Gradual disclosure of the new e-voting system
Swiss Post is disclosing its new universally verifiable e-voting system in stages as part of a community programme, to allow it to be verified by independent experts. Swiss Post also runs a permanent public bug bounty programme for e-voting.
More information on the disclosure can be found on the e-voting community website.
Public intrusion test 2019
From 25 February to 24 March 2019, Swiss Post carried out a public intrusion test. IT specialists and hackers were invited to attack the system with the aim of finding vulnerabilities.
During the four-week endurance test, around 3,200 international IT experts inflicted targeted attacks on the new e-voting system. After the completion of the intrusion test, there were no manipulated votes in the electronic ballot box. The hackers did not manage to infiltrate the e-voting system. Attempts at overloading the system through DDoS attacks were unsuccessful. The hackers submitted a total of 173 findings. The Federal Chancellery, Cantons and Swiss Post confirmed 16 of them. They fall under the lowest classification level, “Best Practice”, and are thus considered non-critical. The entire assessment process for the findings was overseen by representatives of the Confederation and the cantons.
Swiss Post’s final report (PDF, 999 KB) summarizes the results and insights gained from the intrusion test for the Steering Committee, which consists of representatives from the Confederation and the Cantons.
The Confederation’s final report can be found here (German version).