Swiss paper-voting system bears cyber risks

A recently published survey by ZISC members revealed the questionable state of a substantial part of the Swiss paper-voting system.

When Swiss citizens vote on constitutional or legislative issues, usually on a Sunday, their paper-ballots are counted, carefully summarised on paper reports, and then sent to the cantonal chancellery by post. Finally, they are submitted to the federal chancellery for final accumulation and checks. The whole process is fully verifiable and takes a few days.

However, voting results are usually published the same evening they are counted, Sunday evening. Contrary to common knowledge, these results are only preliminary accumulations, transferred over insecure digital communication channels, with considerable potential for manipulating Swiss voting results.

Legally, collecting voting results lies within the responsibility of the cantons, and is poorly regulated. This has lead to a wide variety of proprietary implementations: most cantons apply their individual solution, and these originate often from a time with a different view on IT-security than today.

Concurrent research from a team of University of Zurich supports the findings and has lead to an in-depth survey by an independent Swiss Newspaper, examining the current situation from an investigative viewpoint.

While neither the ZISC members, nor the researchers from University of Zurich, nor the Newspaper journalists were able to identify any previous manipulations of Swiss voting results, the conclusions based on the security reviews are uniform:

There is a need to reform the technologies used in transferring voting results.

In reaction to the published shortcomings, member of the national council of Switzerland Balthasar Glättli has submitted an inter-party interpellation to the national council to initiate parliamentary debate. The push seems to have majority appeal.

ZISC members are happy to have contributed to the public security and thank collaborators for their support.