News Brief
Legal Tools

Researchers Find Flaw In Swiss Internet Voting, With Global implications

Switzerland’s new online voting system has a problem. After a group of researchers recently examined the source code, they announced that a malicious actor could change ballots without anybody noticing, Motherboard reports.

Swiss Post, which developed the new system with a Barcelona-based company called Scytl, countered that the flaw can only be exploited by someone on the inside. One of the researchers, Sarah Lewis, told Motherboard that this is exactly what the Swiss government should be afraid of.

“No election system should have a backdoor that allows the people running the election the ability to undetectably modify the election outcome,” Lewis said.

The system has not yet been implemented nationwide — Switzerland’s electoral system is only partly internet-based — and Lewis and other researchers caution it shouldn’t be deployed until the flaw is fixed.

The finding comes a month after the Swiss government announced a competition described as a “public intrusion test.” They offered prize money to anyone who could successfully hack their election system. The total on offer was $132,000. The researchers who found the flaw were not contestants, but examined source code that was released due to the hacking challenge.

Their finding has implications beyond Switzerland. The company behind the flawed Swiss election software operates in over 42 other countries, including at least 1,400 U.S. counties. At the same time, governments are increasingly worried about electronic voting in the wake of Russian interference in the 2016 election. In fact, as Bloomberg points out, the Swiss push towards internet voting goes against the grain: a number of governments have recently switched to paper-based voting, reasoning that you can’t hack a piece of paper.

The test continues until March 24.