Hackers flock to hunt for cracks in Swiss e-voting system
GENEVA — Swiss authorities are trumpeting the fact that more than 2,000 would-be hackers from around the world have taken up an invitation to try to find holes in Switzerland’s groundbreaking online voting system — and potentially earn tens of thousands of francs (dollars) if they succeed.
The Federal Chancellery and Swiss regions, known as cantons, expressed satisfaction at the high response barely a week after launching a registration for IT experts to help crack a planned update to Switzerland’s 15-year-old e-voting system. Among countries in Europe, only Estonia has a similar online voting program, a Swiss official said.
As of Friday morning, more than 2,000 had been registered.
The effort amounts to a coming-of-age of Swiss e-voting, or online voting, systems: After over 200 trials and the rollout of e-voting already in 14 of Switzerland’s 26 cantons, authorities now believe they’ve developed “completely verifiable systems” that they hope to introduce for the first time this year.
But first, they have to be tested: Thus the appeal to hackers to give it their best shots. There are rules to the challenge, and Swiss Post ultimately is looking for such experts to help find unknown vulnerabilities so the system can be strengthened.
The outreach to computer whizzes in Switzerland and beyond amounts to an unusually candid and transparent approach to prevent illegal, nefarious hacking that has befuddled authorities in some countries, allegedly at times by state-backed intruders bent on upending Western democracies.
The Swiss want to get out front on a system that could, one day, be mirrored or applied in other democracies.
Under the arrangement with e-voting system operator Swiss Post, the four-week test run — known as a public intrusion test — starts Feb. 24. Hackers and IT specialists can earn anywhere from 100 francs to 50,000 francs, depending on the type of flaws they find, if their findings from “deliberate attacks” are deemed worthy by an outside test organizer. A total of 150,000 francs is to be disbursed.
“Swiss Post believes that only a transparent e-voting solution can be successful in the long term,” the invitation to the challenge said on the site, onlinevote-pit.ch. “By opening it up to an intrusion test, it is exposing its system to the intelligence and skill of sophisticated hackers to identify whether, when and how its e-voting system can be compromised.”
In Switzerland, democracy is taken seriously — so much that voters are called to cast ballots four times a year to vote on an array of issues. Among some recent topics up for consideration were initiatives to crack down on urban sprawl, to compensate farmers who let their livestock keep their horns, and to guarantee a basic income of up to few thousands of francs per month — though they all failed.
The point is that voters have final say, and the federal government is often consigned to an advisory role for the public.
Rene Lenzin, a spokesman for the Federal Chancellery, said the e-voting system is more complex than e-banking systems, where operators interact regularly with known customers. The e-voting system needs to separate the identity of the electors, which needs to be known so as to prevent errors in counting or fraud, from the way that they vote — which needs to stay anonymous.
Lenzin said the chancellery and cantons were delighted at the large and still-growing turnout for the challenge announced Feb. 7. /ee