Switzerland’s proposed new e-voting system—which isn’t on the blockchain—has a flaw serious enough to allow hackers to steal an election without being detected.
On March 12, news site Swissinfo.ch reported that white hat hackers participated in a public intrusion test of Swiss Post’s proposed new Internet voting system. They found what the Federal Chancellery described as a “significant flaw” that could refocus attention on the blockchain-based voting system tested recently in the heart of the nation’s crypto-friendly region. Swiss Post stated that the source code error had been fixed the same day.
Although small, the permissioned blockchain-based e-Vote system tested by 72 voters in the Swiss city of Zug from June 25 to July 1, 2018, relied on a mobile app for an Ethereum-based digital ID platform built by uPort, a ConsenSys company. The test was a non-binding vote on several local question, such as the use of fireworks at a local festival and ways the municipal government could use the digital IDs it issues.
The e-Vote system is an open source permissioned distributed ledger technology (DLT) solution built by Swiss IT firm Luxoft on Hyperledger Fabric that anonymizes votes while providing tamper-proof tallying and secure audits. And because the votes are recorded on a blockchain maintained on a number of servers, they cannot be tampered with after the fact.
“There is a concern with e-voting as it is a fundamental mechanism for direct democracy” and requires full transparency, Luxoft CTO Vasily Suvorov said in a statement at the time of the vote. “As a result, we believe this technology cannot be owned by a single company.”
In announcing the findings of its bug bounty program, Swiss Post noted that the government-mandated open testing process—offering rewards of up to 50,000 Swiss francs (about $50,000)—worked exactly as intended.
Swiss Post added that “the error in itself did not make it possible to infiltrate the e-voting system,” and pointed out that “to exploit the weak point the attacker had to override numerous protective measures. They needed control over Swiss Post’s secured IT infrastructure, for example, as well as help from several insiders with specialist knowledge of Swiss Post or the cantons.”
Which is exactly the point, said Sarah Jamie Lewis, executive director of the Canadian non-profit Open Privacy Research Society, in a March 12 Tweet: “Do not let people minimize this issue. This isn’t ‘some random hacker can steal an election’ this is ‘Swiss Post can prove they didn’t steal an election, even if they did.’”
In its research document for the Zug vote, Luxoft noted that because its blockchain-based e-Vote solution is decentralized, “a set of entities validate the votes, and every entity must agree how a vote has been cast before recording it. A validator may not only be the organizer of the poll, a government for example, but it could also be various accredited institutions…. Such a process ensures that even a corrupt government cannot forge the votes. In other words, the decentralized system protects against internal falsification.”
Blockchain-based e-voting systems have been tested in other countries, including the U.S., South Korea, and Japan. Among these was Overstock.com-owned blockchain voting company Voatz’s groundbreaking West Virginia pilot program during the 2018 midterm elections. And Denver and Moscow have both announced they intend to trial the technology in municipal elections this year.
Leo Jakobson, Modern Consensus senior editor, is a New York-based journalist who has spent much of the last 15 years covering the employee engagement and recognition business. Before that he covered the East Coast side of the Internet boom and bust, and wrote about politics in New York City. Disclosure: Jakobson owns no cryptocurrencies.