Previous post Next post

Additional flaw found in Swiss Post e-voting system

Additional flaw found in Swiss Post e-voting system

This is the second flaw in the Swiss Post future e-voting system discovered during the public intrusion test phase. (Keystone)

A second error in the Swiss Post planned e-voting system has been discovered as the public intrusion test phase comes to an end. The Federal Chancellery announced the need for action and confirmed a review of the e-voting certification and approval process.

The same computer experts who discovered a critical error in the source code of Swiss Post’s new e-voting system earlier this month announced they discovered a further security gap. It was identified as part of the public intrusion test that has been running since February 25, during which the e-voting source code was released.

The bug affects universal verifiability – the same area of the system as the first errorexternal link. However, in this case the error would not make it possible for arbitrary manipulation of any possible votes to go unnoticed, according to the Federal Chancellery. That said, votes could be made invalid without being discovered by the mathematical evidence.

René Lenzin, deputy head of communications at the Federal Chancellery, told the Swiss news agency Keystone-SDA that the error confirmed a “need for action”. The error discovered on March 12 had already shown that universal verifiability and thus the “heart of the system” had not worked. The system had to recognise if manipulation had taken place.

Swiss Post has been asked to review and adapt its security processes to prevent such weaknesses. Lenzin confirmed that Swiss Post did not meet the legal requirements with these vulnerabilities.

Swiss Post response

Swiss Post is currently in the process of clarifying the facts and is in contact with its Spanish technology partner Scytl.

According to Keystone-SDA, Swiss Post indicated that this error would have been discovered during decryption and counting because Swiss Post’s e-voting system does not allow invalid votes to be counted. This means that this error would not allow votes to be changed or elections to be manipulated unnoticed.

The Federal Chancellery is expected to draw conclusions on the public intrusion test, in which over 3,000 hackers around the world tested the Swiss Post e-voting system. It ran from February 25 to March 24.

Lenzin said the intrusion test had showed that the approach of publishing the source code and carrying out a public intrusion test was the right one.

Full story here
About Swissinfo
SWI – the international service of the Swiss Broadcasting Corporation (SBC). Since 1999, has fulfilled the federal government’s mandate to distribute information about Switzerland internationally, supplementing the online offerings of the radio and television stations of the SBC. Today, the international service is directed above all at an international audience interested in Switzerland, as well as at Swiss citizens living abroad.
Previous post See more for 3) Swiss Markets and News Next post
Tags: ,

Permanent link to this article:

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.