Swiss Post will be carrying out resilience testing, also known as a public intrusion test (PIT), on its e-voting system between 25 February and 24 March 2019. During the test, hackers and other independent IT specialists can challenge the Swiss Post e-voting system with deliberate attacks. How does the intrusion test work and what happens if anything is found? The answers to the key questions are given below.
The test simulates a federal vote. As with normal voting procedures, the casting of votes is opened and then the intrusion test takes place four weeks prior to voting Sunday. 24 March 2019 is taken as voting Sunday. The intrusion test thus lasts from 25 February until 24 March.
Those interested in participating need to register on the www.onlinevote- pit.ch platform. The Confederation and cantons have commissioned the independent company SCRT SA to perform the intrusion test and operate the platform.
Participants can download their voting cards for the test on the platform. As with normal votes, the card contains the codes necessary to participate in the simulated vote and thus the intrusion test. Unlike normal contests, participants can obtain several voting cards, which are not sent by post but are instead available electronically.
Participants can submit their findings on the www.onlinevote- pit.ch platform. The company SCRT will look into the findings and if plausible, will forward them to Swiss Post.
Swiss Post will then analyse the findings and where necessary, reproduce them. If it is able to confirm a finding, it will release it for publication and the person who submitted the finding will be entitled to financial compensation if they were the first to report it.
On Sunday 24 March, the electronic ballot box will be decrypted and opened by the fictional electoral commission. Findings can be submitted until 25 March at midnight.
In order for the cantons to be able to offer e-voting with Swiss Post’s completely verifiable system to all voters in the future, the system requires federal approval. To gain such approval the system must undergo a public intrusion test in accordance with the requirements of the Confederation and the cantons. Swiss Post complies with this requirement.
Swiss Post's completely verifiable e-voting system is state of the art. This means that it complies with the latest developments and meets the highest safety requirements. Intrusion testing is a standard tool in the IT industry to put state-of-the-art systems and processes through their paces before going live. This is precisely the aim of the intrusion test on the e-voting system. The results of the intrusion test will be used for the development of the e-voting system.
All attacks aimed at reading votes or manipulating the election. Attacks on the central security mechanisms of the e-voting system, individual and universal verifiability are also part of the test.
The intrusion test aims to examine the e-voting system, not the other systems and processes concerned with electronic voting. For this reason, scenarios that attack other systems or processes are excluded from the test. Also excluded are attacks that are known and against which security precautions already exist. Such scenarios would not provide any knowledge gain. Examples of excluded scenarios include:
Detail can be found in the Code of Conduct.
Anyone conducting a public intrusion test deliberately exposes themselves to the sophistication of independent hackers and must expect findings.
Swiss Post will evaluate the submitted findings, classify them according to their degree of severity and correct them according to risk.
Yes, among other things, because:
With these framework conditions, Swiss Post fulfils the requirements of the Confederation and the cantons, and in some cases goes beyond standard practice for the IT sector for intrusion tests.
Yes, there are some differences. The following in particular:
Everyone is entitled to register. There are no restrictions. However, certain individuals are not entitled to compensation, e.g. Swiss Post employees.
On the www.onlinevote-pit.ch platform.
Registration is necessary for three reasons:
performed by this company during the intrusion test?
The Confederation and cantons have commissioned the Swiss company SCRT SA to implement the intrusion test on an operational level. This ensures independent performance and initial analysis of the results. SCRT SA specializes in performing intrusion tests. Its most important tasks are:
Participants needs to submit their findings by Monday 25 March 2019 at midnight at www.onlinevote-pit.ch.
If a hacker believes he has discovered a vulnerability, he will report it on the platform www.onlinevote-pit.ch. The independent company commissioned by the Confederation and cantons, SCRT SA, performs an initial review of the findings. If a finding is plausible, SCRT SA forwards it to a group of specialists within Swiss Post. They analyse and evaluate the finding and also try to reproduce it.
After this analysis, the submitter will know if he has actually discovered a relevant vulnerability. After a waiting period of 45 days, the submitter can publish confirmed findings himself. Many other intrusion tests do not allow this. The entire process is monitored by the Confederation and the Cantons.
The rules of publication described in the Code of Conduct apply to confirmed findings.
Each participant receives the right to publish his findings. Many other intrusion tests do not allow this. In return, Swiss Post has stipulated that participants must observe a waiting period of a maximum of 45 days to publish a report. This way, Swiss Post ensures that they can carefully examine the submitted findings and provide the submitter with in-depth feedback.
A participant will receive compensation if he or she is the first to submit the finding and provided that it is confirmed by the Confederation, the cantons and Swiss Post. The extent of compensation granted depends on the severity of the finding. The following categories have been defined.
| Minimum compensation in CHF
Best Practice (uncritical optimisation possibilities)
Intrusion into the e-voting system
Corrupting votes or rendering them unusable
Successful attack on voting secrecy on the servers
Manipulation of votes detected by the system
Undetected manipulation of votes
| 30,000 - 50,000
Details on the compensation to be granted can be found in the conditions of participation.
The rules of conduct and conditions of participation have been published here. These define exactly what participants are permitted to test, as well as compensation and the rules for publishing findings.
Questions can be submitted via a contact form on the www.onlinevote- pit.ch platform.
Swiss Post published the source code here on 7 February 2019. Registration is required to view this. The source code is published permanently to ensure Swiss Post meets the legal requirements. More information on the source code can be found in the blog post.
No, please see the blog post.
Contact us if you want more information.