Democracy is being entrusted to a private company – and other misunderstandings 04.02.2019
Swiss Post welcomes the more in-depth reporting and public debate on e-voting, and wishes to share its perspective by addressing some recurring misunderstandings.
Freedom of expression is given high priority in political debate. But at the same time, discussions should be fact based. Ever since the Canton of Geneva decided to relinquish its e-voting services, the focus of the criticism from politics, traditional media and social media has been on the Swiss Post system and its Spanish technology partner, Scytl.
Swiss Post has been aware of its responsibility to be a transparent provider from the outset, which is why it is pleased with the public interest in its e-voting system and the opportunity this provides to express its views on the topic of e-voting, as well as to demonstrate its credibility and competence as a partner in the discussion. Swiss Post is taking this initiative to clarify a few misapprehensions often heard in debates.
Swiss Post’s e-voting system means entrusting democracy to a private company
Swiss Post is 100% owned by the Swiss Confederation. This combination of democratic control and commercial independence is an advantage – especially when it comes to developing the digital services for public authorities.
The federal requirements for e-voting systems are devised in such a way that ultimate control lies in the hands of the canton deploying the system. Measures of transparency are embedded across all layers. The Swiss Post system safeguards cantonal sovereignty. All the steps in the process (preparation of the ballot box, decryption, counting of votes, etc.) are performed by the respective canton. Swiss Post only transports the votes without the possibility of reading or decrypting them.
Swiss Post works in conjunction with Scytl, a spin-off of Barcelona University, for the cryptographic core components. This partnership with Scytl was initiated after careful market analysis. Scytl has been supplying the technological fundamentals for the e-voting system in the Canton of Neuchâtel since 2005, which is before collaboration with Swiss Post began. Scytl is a world leader in secure online voting and has around 20 years of experience in this field.
In Australia, the encryption of the e-voting technology also used by Swiss Post was hacked.
It is correct that a weak point was uncovered in an e-voting system in Australia in 2015 by two researchers. The system deployed in New South Wales also made use of Scytl technology. However, this weak point had nothing to do with Scytl’s cryptography or encryption, instead it related to other components (Piwik software; an open-source web analysis platform). Swiss Post’s e-voting system does not use these components.
A description of the case can be found in this article. It was a type of non-scalable, man-in-the-middle scenario. The case is known worldwide and was presented at the international e-voting conference, E-Vote ID 2015, by representatives from New South Wales, who explained the underlying issue and the solution. Following a call for tenders in 2018, New South Wales again decided to commission the technology supplier, Scytl (link).
The case shows that the security of e-voting cannot simply be reduced to the (partial) technology used. What is truly decisive is the overall system with all its technological, organizational, operational and human factors.
Swiss Post is not transparent and does not disclose the source code
Federal directives demand a very high level of transparency. Even now, this is being fulfilled through complete source code analysis as part of certification by independent experts. There is already a high level of transparency with respect to the Confederation and cantons.
And with regard to the public, countless transparency measures have already been implemented and a range of additional measures are envisaged: Swiss Post has been publishing various documents pertaining to the system at www.swisspost.ch/evoting since 2017 (under “Transparency and publications”).
Swiss Post is currently preparing to release the source code and other transparency-related documents. This is taking place in accordance with the requirements set by the Confederation and will enable IT experts to test the system for weak points. They will also subject their system to a public intrusion test.
Scytl, too, is fully behind this transparency strategy. Disclosure of the source code, however, does not mean that this is open-source software; even non-open-source software may publish source code.
E-voting was a debacle in Norway
Norway tested e-voting in 2011 and 2013. After a change in government, Norway decided in 2014 not to continue with e-voting. The reason, however, was not the quality or security of the cryptography. It that it is important for citizens to vote in a secure location at the polling station and not from home. In Switzerland, a change in voting culture took place decades ago with the introduction of postal voting. Overall, Norway drew a positive conclusion from its e-voting trials.
The Norwegian system was also based on Scytl technology. The source code was published. It is correct that the Berne University of Applied Sciences analysed the Norwegian source code and found a weak point in the cryptography, but this was rectified promptly by Scytl. Norway and Scytl communicated this transparently.
The Norwegian system cannot simply be duplicated in Switzerland. The weak point related to the system’s feature allowing one voter to cast his vote several times with only the last one counting. Norway decided on this principle to combat the risk of voters being compelled to vote for a certain party in a private setting. In Switzerland, it was decided that the first vote cast should be final, with no option for overwriting it.
As in Norway, experts will be able to analyse the source code and check it for any potential vulnerabilities. Swiss Post is soon to release the source code.
IT experts are against e-voting
There many scientists around the world who have been researching technologies and cryptography for 30 years to safeguard online voting against manipulation. In Switzerland, too, there are institutions working intensively on this topic: ETH, EPFL and Berne University of Applied Sciences. A conference for electronic voting and elections is held every year (https://www.e-vote-id.org/).
There are various electronic systems for votes and elections featuring different functions and security levels. There are voting computers in polling stations, systems to analyse individual ballots, to record and transmit traditional ballots, as well as advanced systems for fully digitized voting via the Internet.
The generic term “e-voting” is used for all such systems. Bear in mind that some experts making statements about e-voting may be referring to systems that are in no way comparable to the e-voting used in Switzerland.
The criticism levelled at online voting often relates to the situation in the USA. The state of affairs in Switzerland with official election registers, an established system of voting by post, and direct democracy is entirely different with respect to the security and potential of e-voting.
Experts are generally curious, open to new insights and persuasive, factual argumentation, and do not retreat into positions of faith.
E-voting is being introduced in a centralist and undemocratic way.
That is incorrect. In the Swiss federal system, the ultimate authority for holding votes and elections lies at cantonal level. The cantons are the ones to decide whether to introduce e-voting, with the decision generally being made by the cantonal parliament and subject to an optional referendum. There are also cantons which have decided through democratic means to refrain from introducing e-voting. The Confederation sets the security requirements for e-voting systems and approves their use, but the cantons must submit a request for this.