Further development, intrusion test and preparation of the new e-voting system 27.01.2022
Since 2021 experts from all over the world have been taking part in the community programme by Swiss Post. They track the continual improvement of the future system with universal verifiability or actively contribute to it. Swiss Post is rewarding the discovery of confirmed weak points as part of its bug bounty programme. In 2022 Swiss Post will carry out a public intrusion test, implement necessary improvements in the system and prepare the system for use.
Swiss Post transports information and data confidentially and securely − in both the physical world and the virtual world. With its universally verifiable e-voting system, which it has developed at a Swiss Post IT location in Neuchâtel, the company aims to facilitate secure electronic vote-casting for elections and votes. Swiss Post is basing the development of the e-voting system on the Confederation’s future legal basis for e-voting trials.
Continual development and public intrusion test
Swiss Post is planning to have the e-voting system ready for use and available to the Cantons by the end of 2022. Before then, Swiss Post will be carrying out a public intrusion test, in which ethical hackers are permitted to attack the e-voting infrastructure. Moreover, the company is improving the system on the basis of reports from the specialist community and the review commissioned by the Confederation. Over the course of the year, Swiss Post will also continue to engage in dialogue with cryptographers and hackers to exchange knowledge and experience via specialist platforms and webinars.
The bug bounty programme works: new findings with the second highest level of severity
At the start of 2021, Swiss Post initiated a community programme on e-voting and published the essential components and documentation for the beta version of its future e-voting system. At the same time, the company is running an open-ended bug bounty programme, in which ethical hackers and cryptographers receive rewards for confirmed findings of weak points. This is to help Swiss Post uncover any weak points and fix them at an early stage.
Thanks to analysis and tests by experts from all over the world, Swiss Post has already managed to make several improvements to the system. A summary of security-relevant findings is published regularly in its e-voting blog. Currently, the list includes a new finding with the second highest level of severity which Swiss Post published in mid-January, along with the suggested solution. Further information on reports that have been submitted can also be found on the specialist GitLabTarget not accessible platform.
What success factors and challenges has Swiss Post experienced with regard to disclosing its e-voting system and collaborating with the community? Swiss Post presented its experiences at the International Conference for Electronic Voting E-Vote-ID 2021. Its report is available on GitLabTarget not accessible.