The public intrusion test required by the Confederation and the cantons of Switzerland as a component of the 100% certification process on Scytl’s and Swiss Post’s eVoting system concluded on March 24th. The eVoting system successfully resisted the attacks from over 3,200 interested parties worldwide during a 4-week public intrusion test. A number of vulnerabilities were found in the Scytl online voting application by source code review, and these were not successfully exploited during the public intrusion test. This is the first time in the government election internet voting history that a system provider has submitted to such a transparency initiative, setting a precedent in the way Governments approach online voting adoption for political elections.
Last week, a vulnerability was found that affects the individual verifiability process used by the cantons of Thurgau, Neuchâtel, Fribourg and Basel-Stadt. This vulnerability could allow a voter to cast an invalid vote which would not be detected by the voter – this invalid vote would however be detected upon decryption of the ballot box. Due to this detection of invalid votes, it can be shown that previous citizen consultations and elections have not been manipulated. No other Scytl solutions are affected by this recent finding.
On March 29th, Swiss Post announced its decision to place eVoting on hold for the upcoming voting process taking place on May 19, 2019. Placing the service temporarily on hold allows time for the correction of vulnerabilities and performing of additional reviews.
The purpose of the public intrusion test and source code disclosure was on one side transparency, and on the other, to enhance the security of the online voting system, including the Scytl software within it. With that purpose in mind, Scytl and Swiss Post will take the time to review the system security to ensure that it is updated with the findings communicated by the interested parties which included members of the academic, hacker, activist, and security communities.
Scytl acknowledges the valuable input provided by the researchers who have participated in this initiative and more concretely to the ones that detected the issues in the source code. Isolation of these weaknesses by the researchers has allowed Scytl to address any residual risk rapidly and we thank them for their work. Scytl supports responsible disclosure practices and encourages others who have a finding regarding the eVoting software to share it with us.
The decision made by Swiss Post reflects a strong commitment to security and transparency and a common effort to provide a secure, reliable and transparent online voting system in Switzerland. The source code review process will remain open for those who want to continue reviewing the eVoting system.