sign in sign up
<<
Home , University of Bern, Voting in Switzerland

The Adventurous Tale of Online in

Christian Folini / @ChrFolini

OWASP BE - 2021-03-18

Photo: Gian Ehrensberger Process Around Swiss Mail-in

Killer / Stiller : The Swiss Process and its System and Security Analysis Typical Swiss Typical Swiss Election Ballot

Bonus points for spotting the content manager from Butt-ville. "We simply can’t build an Internet voting system that is secure against hacking because of the requirement for a secret ballot."

Bruce Schneier, Online Voting Won’t Save , The Atlantic, May 2017 Arguments in Favor of Internet Voting The Swiss Perspective Arguments in Favor of Internet Voting The Swiss Perspective

- Citizens living abroad Arguments in Favor of Internet Voting The Swiss Perspective

- Citizens living abroad

- Visually impaired and quadriplegic voters Arguments in Favor of Internet Voting The Swiss Perspective

- Citizens living abroad

- Visually impaired and quadriplegic voters

- Formally invalid ballots Arguments in Favor of Internet Voting The Swiss Perspective

- Citizens living abroad

- Visually impaired and quadriplegic voters

- Formally invalid ballots

- Security issues of physical voting The

Graphic: Wikipedia Timeline

Swiss expats are allowed Federal administration 1st Swiss internet voting to vote via Scytl internet and cantons establish a pro-ject is launched with voting system in canton joint steering com- three pilot cantons. Neuchâtel. mittee. 1st project Entering Scytl Steering Board 2000 2004 2008 2009 2011 1st trial Consortium Canton Geneva runs the Eight Swiss cantons form first Swiss internet a consortium and com- voting trial. mission Unisys with the creation of an internet voting system. Timeline

Federal administration and cantons establish a Spanish Scytl and Swiss joint steering com- Post form joint venture mittee. and go into production. Steering Board Scytl/ join 2011 2015 2016 2017 Consortium dies Mainstreaming attempt The eight consortium The federal chancellor cantons throw towel calls for 2/3 of the after federal admini- cantons to offer internet stration barrs system voting for national from use in national in 2019. elections. Geneva Quits

2018: Development stopped 2019: System terminated

Source: Twitter: @GE_chancellerie (1141332323025195009) Timeline

Political quarrels lead to Geneva stopping all Spanish Scytl and Swiss further development. A Post form joint venture year later, the system is and go into production. terminated. Scytl/Swiss Post join Geneva quits 2016 2017 2018 2019 Mainstreaming attempt Source Code Publication The federal chancellor Bug Bounty calls for 2/3 of the Scytl / Swiss Post publish cantons to offer internet the source code of their voting for national system and run a 4 week elections in 2019. bug bounty Swiss Post Bug Bounty: We got this! Swiss Post / Scytl Source Code: Not so good

to be continued ... Timeline

The steering board Political quarrels lead to establishes a dialog with Geneva stopping all 25 scientists to assess Spanish Scytl and Swiss further development. A viability of internet Post form joint venture year later, the system is voting and support with and go into production. terminated. writing new regulation. Scytl/Swiss Post join Geneva quits Rebooting 2016 2017 2018 2019 2020 Mainstreaming attempt Source Code Publication The federal chancellor Scytl / Swiss Post publish calls on 2/3 of the the source code of their cantons to offer internet system. Researchers voting for national identify three critical elections in 2019. vulnerabilities within weeks. The system is put on hold. Expert Dialogue – Participating Scientists

CRYPTOGRAPHERS AND ONLINE VOTING EXPERTS COMPUTER SCIENTISTS David Basin, ETH David-Olivier Jaquet-Chiffelle, of Lausanne Srdjan Capkun, ETH Zurich Oscar Nierstrasz, University of Eric Dubuis, BFH Bern Adrian Perrig, ETH Zurich Bryan Ford, EPF Lausanne Carsten Schürmann, Reto Koenig, BFH Bern Matthias Stürmer, University of Bern Philipp Locher, BFH Bern Ulrich Ultes-Nitsche, Olivier Pereira, University of Leuven, Vanessa Teague, Australia POLITICAL SCIENTISTS Bogdan Warinschi, Bristol, UK Florian Egloff, ETH Zurich Rolf Haenni, BFH Bern Fabrizio Gilardi, Uwe Serdült, Center for Democracy, Aarau SECURITY INDUSTRY Stéphane Adamiste, SCRT MODERATOR Sergio Alves Domingues, SCRT Christian Folini, netnea.com Tobias Ellenberger, One Consult

Source: https://www.bk.admin.ch/bk/de/home/politische-rechte/e-voting.html Expert Dialogue – Participating Scientists

CRYPTOGRAPHERS AND ONLINE VOTING EXPERTS COMPUTER SCIENTISTS David Basin, ETH Zurich David-Olivier Jaquet-Chiffelle, Srdjan Capkun, ETH Zurich Oscar Nierstrasz, University of Bern Eric Dubuis, BFH Bern Adrian Perrig, ETH Zurich Bryan Ford, EPF Lausanne Carsten Schürmann, Denmark Reto Koenig, BFH Bern Matthias Stürmer, University of Bern Philipp Locher, BFH Bern Ulrich Ultes-Nitsche, University of Fribourg Olivier Pereira, University of Leuven, Belgium Vanessa Teague, Australia POLITICAL SCIENTISTS Bogdan Warinschi, Bristol, UK Florian Egloff, ETH Zurich Rolf Haenni, BFH Bern Fabrizio Gilardi, University of Zurich Uwe Serdült, Center for Democracy, Aarau SECURITY INDUSTRY Stéphane Adamiste, SCRT MODERATOR Sergio Alves Domingues, SCRT Christian Folini, netnea.com Tobias Ellenberger, One Consult

Source: https://www.bk.admin.ch/bk/de/home/politische-rechte/e-voting.html Expert Dialogue – Participating Scientists

CRYPTOGRAPHERS AND ONLINE VOTING EXPERTS COMPUTER SCIENTISTS David Basin, ETH Zurich David-Olivier Jaquet-Chiffelle, University of Lausanne Srdjan Capkun, ETH Zurich Oscar Nierstrasz, University of Bern Eric Dubuis, BFH Bern Adrian Perrig, ETH Zurich Bryan Ford, EPF Lausanne Carsten Schürmann, Denmark Reto Koenig, BFH Bern Matthias Stürmer, University of Bern Philipp Locher, BFH Bern Ulrich Ultes-Nitsche, University of Fribourg Olivier Pereira, University of Leuven, Belgium Vanessa Teague, Australia POLITICAL SCIENTISTS Bogdan Warinschi, Bristol, UK Florian Egloff, ETH Zurich Rolf Haenni, BFH Bern Fabrizio Gilardi, University of Zurich Uwe Serdült, Center for Democracy, Aarau SECURITY INDUSTRY Stéphane Adamiste, SCRT MODERATOR Sergio Alves Domingues, SCRT Christian Folini, netnea.com Tobias Ellenberger, One Consult

Source: https://www.bk.admin.ch/bk/de/home/politische-rechte/e-voting.html Timeline

The workshops are The steering board The dialogue starts with replaced with a 12 publishes the 70 pages a survey over 62 weeks online dialogue report with the re- questions sent to 25 on a dedicated gitlab commendations of the scientists platform. scientists. Survey Online dialogue Scientific report 2020.2 2020.3 2020.4 2020.7 2020.11 Covid-19 hits Additional research When the on-site Several separate re- workshops were slowly search articles are taking shape, Switzer- commissioned with land entered a lock- individual scientists to down and the on-site bring up more infor- gatherings had to be mation on individual called off. questions. Scientific report

https://www.bk.admin.ch/bk/en/home/politische-rechte/e-voting.html Key Recommendations of Dialogue Key Recommendations of Dialogue

- Strict hierarchy of specifications Key Recommendations of Dialogue

- Strict hierarchy of specifications

- Diversity in hard- and software Key Recommendations of Dialogue

- Strict hierarchy of specifications

- Diversity in hard- and software

- Maximum level of transparency, namely in development Key Recommendations of Dialogue

- Strict hierarchy of specifications

- Diversity in hard- and software

- Maximum level of transparency, namely in development

- Voting security beyond internet voting Summary

- Switzerland is a useful test bed for online voting - Iterative process with strict supervision on federal level - Expert dialogue with recommendations in 2020

Download English version of report from https://www.bk.admin.ch/bk/en/home/politische-rechte/e-voting.html Contact

Christian Folini

[email protected]

@ChrFolini

Download English version of report from https://www.bk.admin.ch/bk/en/home/politische-rechte/e-voting.html