Published in News

Switzerland’s voting full of holes

by on22 February 2019


If only there were a cheesy metaphor, we could use here

Switzerland made headlines this month for the transparency of its internet voting system when it launched a fondue of public penetration tests and bug bounty programme to test the resiliency of the system to attack.

However, after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system's design and the transparency around the public test.

Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what's going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly.

Former GCHQ engineer Sarah Jamie Lewis said that most of the system is split across hundreds of different files, each configured at various levels.

Lewis, who is currently executive director of the Open Privacy Research Society, a Canadian nonprofit that develops secure and privacy-enhancing software for marginalised communities said that when you're talking about code that is supposed to be protecting a national election, that is not a statement someone should be able to make.

"You expect secure code to be defensively written that would prevent the implementers of the code from wiring it up incorrectly", Lewis told Motherboard.

But instead of building a system that doesn't allow for this, the programmers simply added a comment to their source code telling anyone who compiles and implements it to take care to configure it properly, she said.

The online voting system was developed by Swiss Post, the country's national postal service, and the Barcelona-based company Scytl.

Last modified on 22 February 2019
Rate this item
(0 votes)

Read more about: