The Swiss government will make its future electronic voting system available for a public intrusion test and now invites companies and security researchers to launch it.
"Interested hackers around the world are welcome to attack the system," the government said in a press release. "In doing so, they will help improve the security of the system."
The Public Intrusion Test (PIT) will take place from February 25 to March 2. Cash rewards ranging from $ 100 to $ 30,000 are available, as shown in the table below (CHF 1 equals approximately $ 1 USD):
Minimum remuneration in CHFBest Practice (non-critical optimization possibilities)
100Intrusion into the electronic voting system
Correct votes or make them unusable
Successful attack against the secret of voting on servers
Manipulation of votes detected by the system
Undetected Manipulation of Votes
30,000 – 50,000
An electronic voting simulation session is scheduled for the last day of the test period on March 24, but participants can also attack the voting system before that.
To participate, companies and security researchers will need to register before the official start of the PIT session. The registration will give participants legal permission to attack the system, ensure that cash rewards reach those who report the problem first, and impose a set of rules and restrictions on participants.
For example, PIT participants are not allowed to perform attacks that could harm the personal apparatus of an elector or attack systems independent of the Post, the manufacturer of the voting system electronic.
Swiss Post will help by disabling some of the security protections that normally protect the electronic voting system "to allow participants to fully concentrate on the attack of the central system".
In addition, Swiss Post will also allow PIT participants to request the number of e-voting cards they need for their tests and have the source code of their e-voting system available to participants on GitLab.
The Swiss authorities have also engaged the Swiss company SCRT SA as an independent third party to verify the vulnerability reports submitted by the participants before transmitting the vulnerabilities to Swiss Post.
The Swiss government has decided to organize penetration tests of its electronic voting system in order to strengthen confidence in the security of these systems.
In late January, a committee made up of politicians and IT experts launched an initiative to ban electronic voting in Switzerland for at least five years. The group hopes to gather more than 100,000 signatures in the following months to begin legal proceedings to ban electronic voting.
The Swiss government said that the e-voting system had already been submitted to more than 300 private test sessions.
According to officials, electronic voting would facilitate the vote of Swiss abroad. The final plan is to use electronic voting as the official voting method, in addition to voting by polling station and by post.