Public intrusion test to start later this month
The Swiss government is inviting hackers to test its electronic voting (e-voting) system for vulnerabilities, in a move aimed at improving the security and integrity of the country’s electoral process.
The initiative was unveiled last week by Swiss Post, Switzerland’s national postal service and the organization tasked with deploying and managing the country’s e-voting platform.
Ahead of the system’s planned nationwide rollout, a public intrusion test will take place between February 25 and March 24. A range of cash prizes are on offer for successful pen testers.
Overseen by Lausanne-based IT company SCRT SA, the intrusion test will simulate a real federal vote, during which time participants can download their encrypted ballot cards and test the system’s open source code for flaws.
The government is offering a tiered compensation structure that will be familiar to bug bounty hunters.
Payouts range from CHF100 ($100) for “uncritical optimization possibilities” to CHF50,000 ($50,000) or more for those who are able to manipulate votes without being detected.
Switzerland has long been ranked among the e-voting pioneers. Several cantons have been experimenting with electronic voting (PDF) since the early 2000s, and Swiss Post is aiming for all residents to be able to vote online in elections and referendums “in the near future”.
The results of the intrusion test will be incorporated into the development of the country’s e-voting system.
“Swiss Post believes that only a transparent e-voting solution can be successful in the long term,” the organization said.
“By opening it up to an intrusion test, it is exposing its system to the intelligence and skill of sophisticated hackers to identify whether, when, and how its e-voting system can be compromised.”
The e-voting intrusion test is open for anyone to enter, barring Swiss Post employees.
Successful participants should submit their findings by midnight on Monday, March 25, after which time the electronic ballot box will be decrypted and opened by the fictional electoral commission.