Backdoor discovered in Swiss voting system would have allowed hackers to alter votes
A team of cybersecurity researchers on Tuesday revealed technical flaws in the Swiss government’s electronic voting system that could enable outsiders to replace legitimate votes with fraudulent ones.
The issue is related to the way Switzerland’s voting system receives and counts votes. Anyone familiar with the sequence of “shuffle proofs” — the cryptographic protocol the system relies on to verify votes — could manipulate ballots that would pass the system’s authentication test, according to a paper published by Sarah Jamie Lewis, Olivier Pereira and Vanessa Teague.
Swiss Post, the country’s national postal service, which developed the system along with Scytyl, a Spanish company, said Tuesday the issue had been resolved. But researchers say this flaw personifies the kind of worst-case scenario election security experts have warned about as more governments move toward paperless voting.
“This system as apparently been audited multiple times, and both Scytl and Swiss Post have not been shy about their confidence in this system. Why did those audits miss this critical issue?” Sarah Jamie Lewis, the executive director of the Open Privacy Research Society, said in a series of tweets. “This code is being held up as ‘state-of-the-art,’ and yet the system contained at least one critical cryptographic vulnerability – apparently left open for years.”
“Let us not downplay this,” she said. “This code is intended to secure national elections. Election security has a direct impact on the distribution of power within a democracy. The public has a right to know everything about the design and implementation of the system.”
Switzerland has experimented with electronic voting since 2004, and has plans to make it a nationwide option as soon as October.
This disclosure comes after the Swiss government offered rewards of up to CHF 50,000 (roughly $50,000) to any researcher who reported vulnerabilities in the e-voting system. The contest is scheduled to run through March 24.
Lewis said she did not participate in the bounty program, but that she is now aware of other issues in the code, though they are not as serious as the one disclosed Tuesday.
“This code is simply not up to the standard we should require of critical public infrastructure,” she said.