February 11, 2019 at
Switzerland’s government continues making progress on their new e-voting system which will allow its citizens living abroad to vote. If successful, the Swiss government plans to introduce the system as the official voting method in the country, in addition to postal mail voting and the poll station.
The system appears to be nearing completion, and the government confirmed that it has already gone through over 300 testing sessions. Now, they are ready to take the next step and make the system available for a public intrusion test (PIT). Their new announcement states that the test will be held between February 25th and March 2nd.
The government also invited anyone, including companies, security researchers, as well as hackers, to attack the system and try to breach it. Those who manage to do so and point out the vulnerability that allowed them to impact the system in some way will receive cash rewards ranging from $100 to $30,000.
PIT rules and restrictions
In order to participate, interested parties have to register, which will provide them with legal permission to try and hack the system and earn rewards. It will also include a certain set of restrictions and general rules that must be followed to win the rewards. One such rule is not to attack personal devices that voters might use. Another restriction will prevent the participants from attacking the maker of the e-voting system, the Swiss Post.
The announcement also states that the system will have additional security when and if it goes live. However, for the purposes of the program, these additional measures will be disabled. The reasoning behind this is the Swiss Post’s desire for the participants to focus on the core system itself.
Additionally, participants will also be allowed to request as many e-voting cards as they find necessary in order to conduct various tests. They can even access the voting system’s source code, which was made available at GitLab.
After PIT participants report a vulnerability, Switzerland-based firm SCRT SA will verify the reports, and forward them to Swiss Post, if the flaw is found to be genuine.
Another reason behind the program is to prove that the system is secure, as a committee of politicians recently started an initiative that might result in a five-year-long ban of the e-voting system. The committee has started collecting signatures that would lead to the start of a legal procedure that will ban the system if the petition reaches 100,000 signatures.