Mr. Harri Hursti, a Finnish born IT engineer who lives in the USA, is well-known as a leading expert on electronic voting. He often writes and speaks that one of the greatest threats to voting devices is not necessarily hacking, but human incompetence.
He’s been featured in 2 documentaries — Kill Chain: The Cyber War On America’s Elections and Hacking Democracy. They reveal the weaknesses of the US election technology where he has s seen election officials and volunteers inadvertently mishandle devices or do not follow security protocols because they just do not have the proper training.
It is currently not possible to vote online in Finland, or in any of the Nordic countries, because we prefer to stay with tried and tested public voting booths, pens, and paper – all tried and tested and very safe from hackers.
But now in Switzerland, if everything goes according to plan, the cantons will be able to start piloting e-voting again in 2023 when Swiss Post should have its e-voting system up and running by then.
This is a brave plan in this unsecured cyber world where Russian, Chinese and N. Korean hackers are running amok – and just look at the US system where Trump has managed to create distrust in the minds of many voters with false accusations about hacked voting machines and voter fraud!
But there have been setbacks in Switzerland – a case of two steps forward, one step back. E-voting was first piloted in 2004. It was even possible in some cantons to vote in the national elections via computer, tablet or smartphone in 2015. E-voting was very popular among Swiss Abroad, with the “Fifth Switzerland” casting around a third more votes than normal.
Over 300 pilots took place in 15 cantons. This was until the Federal Council decided to abort the project in 2019, after the canton of Geneva and Swiss Post had pulled their IT solutions due to financial considerations and security flaws respectively. The federal government subsequently adjusted the parameters for a new attempt at e-voting. It wanted stricter security and an open-source strategy, while announcing that independent specialists would conduct reviews. The first such check has now taken place.
Swiss Post is the sole provider because of a lack of competition and Developing and this e-voting system is an extremely complex and expensive undertaking, in which Swiss Post has already invested a lot of time and money.
A team at the Berne University of Applied Sciences has continued to develop the source code since 2019. The team had already been consulted for the cryptographic specifications at an earlier juncture. When its service contract ended with the canton of Geneva, it carried on working within the parameters of a federally run e-government project.
“We were able to implement all security-related parts of the system in full,” says IT professor Rolf Haenni. Their efforts have paid off, with the publicly available code now reaching a high-quality level, he adds. Others will be able to build on this expertise. “But no company has yet come forward, unfortunately.”
Swiss is prioritising security over speed. “The biggest challenge is maintaining trust in our solution,” CEO Roberto Cirillo recently told the media. The company is therefore being very open about how it detects and irons out flaws. In 2021, it published its source code and launched a bug bounty program. It has since received around 130 tip-offs from hackers and paid out a total of 97,000 Swiss francs in rewards. It has not disclosed how much it is spending on e-voting otherwise…
Given what we see today from Putin and his buddies, we should be more than doubly sure about putting such key parts of our democracy online!