Controversial online voting law put on the backburner – for now, at least
The Swiss Federal Council has suspended its plans to bring electronic voting (e-voting) into regular operation in Switzerland. Concerns surrounding the security and integrity of one online voting system were cited among the reasons for the U-turn.
In December 2018, the Federal Council launched a consultation into proposed amendments to Switzerland’s Political Rights Act that would effectively make e-voting a third regular voting channel, alongside in-person and postal votes.
This consultation is now over, and although a “clear majority” of the cantons and political parties were said to support the introduction of e-voting in principle, the Federal Council said it has decided to “provisionally forgo” the introduction into regular operation.
“The political parties which support e-voting in principle consider that now is not the right time to take that step,” a statement reads. “The Federal Council has therefore decided not to proceed with the partial revision of the Political Rights Act at the present time.”
E-voting in Switzerland was thrust into the spotlight back in February, when Swiss Post announced it would open up the source code and invite hackers to test its new online voting system for security vulnerabilities.
However, before the planned ‘public intrusion test’ had even started, the code came under the scrutiny of an international team of researchers – Sarah Jamie Lewis, Vanessa Teague, and Olivier Pereira – who discovered three critical flaws (PDF) that could lead to undetectable vote manipulation, among other shortcomings.
“Let us not downplay this,” Lewis said in Twitter thread on March 12. “This code is intended to secure national elections.
“Election security has a direct impact on the distribution of power within a democracy. The public has a right to know everything about the design and implementation of the system.”
In the wake of the researchers’ disclosure, Swiss Post suspended its e-voting system, which was designed by Barcelona-based Scytl.
Back to the ballot box
In addition to citing the Canton of Geneva’s decision to halt the development of its own e-voting system, the Federal Council’s latest announcement pays heed to the security research conducted by Lewis, Teague, and Pereira:
In February of this year Swiss Post published the source code for its fully verifiable system and conducted a public intrusion test. After test participants discovered serious flaws in the system’s source code, the Federal Chancellery announced a review at the end of March.
Despite this acknowledgement, however, Lewis still expressed concerns surrounding the future of e-voting in Switzerland.
“There is still a chance that Swiss Post will offer their e-voting solution during the October federal election,” she told The Daily Swig. “I think that would be foolish and ill-advised.”
Offering additional thoughts in a Twitter thread last week, Lewis said: “For many this move doesn’t go far enough, and I’d agree that if a Scytl system is allowed anywhere near a Swiss election in the near future it would be a failure of democratic accountability.
“If you are looking for a moral of this story, my favorite is this: A group of underfunded, sleep deprived researchers with limited resources can find multiple critical flaws in a ‘state-of-the-art’ e-voting system.”
Lewis will discuss her e-voting adventures at Swiss Cyber Storm later this year.
“The presentation in October is an opportunity to present my perspective on the entire [episode] directly to the Swiss cybersecurity community,” she said.
“This was a story that presented itself over several months, impacting several countries and was interlaced with misleading press releases by Scytl and media confusion, and so it will be nice to be able to present a fuller picture of what happened.”