Swiss government invites public to hack its e-voting system
The Public Intrusion Test is open to anyone, and offers large cash rewards for those who find vulnerabilities and report themEuropost
Confident in its next generation e-voting system, Switzerland's federal government has thrown down the virtual gauntlet, challenging computer geeks and hackers to “try to manipulate the vote count, to read the votes cast, to violate voting secrecy or to bypass security systems”. If anyone succeeds, a total of 150,000 Swiss franc ($149,790) reward is granted.
The amount of the reward paid out will depend upon the level of intrusion achieved by each hacker. The biggest single prize is 50,000 Swiss francs and will go to anyone who manages to manipulate the vote count without being detected.
A smaller bounty of 20,000 Swiss francs is paid for manipulation of individual votes after they've been cast, and the alteration is detected by trusted auditors. Elector privacy breaches, furthermore, earn hackers 10,000 Swiss francs and vote corruption nets 5,000 - the latter incluse "destruction of the electronic ballot box" as well.
The dummy run election will be held from 25 February to 24 March and anyone who wants to display their online piracy talents can sign up at https://onlinevote-pit.ch. Swiss Post that runs the e-voting system has even published the source code for it and made it publicly available to registered users with Gitlab accounts. Any vulnerabilities found in the source code won't be accepted as part of the PIT however, and have to be reported separately.
Electronic voting has been on trial in several Swiss cantons since 2004, but now the Swiss authorities hope this exercise will help assure or perhaps improve, the security of the new generation electronic voting system, that was launched last year. Regularly called upon to take part in referendums and votes, many Swiss electors prefer to cast their ballots over several weeks by post at polling stations and, increasingly, online.