E-voting can not examine whether the result corresponds to the will of the people

Interview with Hernani Marques, Chaos Computer Club*

Current Concerns: I’ve read and heard a lot from the Chaos Computer Club. Now I am pleased to meet you in person, Mr Marques. How did you discover that electronic voting is not secure?

Hernani Marques: We are a computer club, a hacker association of civil society, and we address more deeply computer technology, but also its influence on society. We are computer fans, mind you. But in electronic voting, the e-voting, you want to virtually achieve the squaring of the circle. One wants the vote to remain secret (preservation of the secrecy of the vote), but still ensure that all voices are valid, not manipulated. It is basically an intrinsically intransparent system. If you compare that to a piece of paper with a yes or no on it, in conjunction with a personal voting right card that must be in the same quantity in the election office, then it’s just not quite the same thing. As a citizen, but also as an electoral commission, you can not really examine in e-voting whether the totality of the votes cast really corresponds to the people’s will.

Can you describe how to manipulate votes?

We’ve started to show attacks, such as redirecting the citizen to a fake page and intercepting the codes he needs to start the polling process. You can also prevent his vote: For example, if he chooses something other than the attacker wants, you could break of the connection. Such stories are possible in digital space, which is not easy with handwritten votes.
Of course it is absolutely right that every child can fake a piece of paper, especially in the case of postal votes where less control is possible than with the ballot box. However, we are here in Switzerland, and that here so many pieces of paper will be faked in a big way, so that the final result is manipulated, we consider quite unlikely. There are occasional local incidents where someone tries to do that, but most of the time they do not get very far. After a few dozen or a few hundred maybe, as some time ago in Valais, where someone pulled the voting envelopes out of the private mailboxes and faked them, something like that is discovered and can be investigated. There, some people have complained because they have not received their voting envelopes, then they looked at the relevant voting cards at the community and saw that the signatures were written in another handwriting. It was a matter of two hundred papers. DNA samples were used to find out who the perpetrator was, a single offender. He was sentenced to 12 months in prison with three years probation and a hefty fine.

But there was only one such case.

Yes, that was a bigger case. There have certainly been other, smaller cases that have come out. The difference is that when it comes to electronic voting, there is no handwriting, it’s just data. You can really vote in a big way on behalf of people if you get the necessary codes. Then we have a problem because you do not know what to do. Should we repeat the vote? It is simply unclear. In addition, you can not determine the culprit.
In addition, such a system operates across cantons, for example, that of the postal system. This is currently taken to pieces, as shown in the media: It is unsafe, it even allows the proof that everything is right, but it is forged. Really a complete disaster! These are conditions that just do not go. We cannot do with that in our country.

The hackers were asked by the post system (i.e. the federal government) to hack the system, because they were convinced in Berne that it would not be possible to crack.

Yes, exactly. Actually, the Post intrusion test report should not be ready until the end of March, when the test ends – but the test begins to degenerate completely already in mid-March. Possible attacks were shown on Twitter and in the media. There are also really some bugs in this system that are not accidental because someone has put the wrong character or something like that. But the shortcomings are so vast that you simply have to turn off the system. That’s not how things go!

Thank you for your statement, Mr Marques.    •

Who deals with IT security, knows that computers are never safe

Interview with Professor Dr iur. Simon Schlauri, Lawyer and Cantonal Councillor Green Liberals Zurich

Current Concern: Simon Schlauri, how did you as a Green Liberal join this initiative committee?

Simon Schlauri: I have been asked, and as a lawyer for IT law, I have found, yes, I participate, because I have known the risks of e-voting for years.

How does the Federal Chancellery get to go through with this, even though it is so questionable and controversial?

I honestly wonder that, too. A major problem is that often people with little IT experience are involved. It seems to me that people who are familiar with IT security also are aware of the risks because they know that computers are never safe. This risk also exists with e-voting.
An important point with regard to the security of the Swiss Post system is that experts have established that the code were created amateurishly, that there are security gaps in the verification of the voting result. With e-voting, however, it is essential that this works: Voters must be able to control with certainty the correct transmission of their votes. Because of the shortcomings that are now also appearing in the postal system, I would expect the federal government itself will give up e-voting.

Without confidence in democratic instruments, political decisions are simply no longer possible

As the first young party, Juso Switzerland has supported the initiative

mw. It is particularly pleasing that there are so many young people on the initiative committee. One of them is Jonas Ineichen, Vice President of the Young Socialists (Juso) of the Canton of Lucerne.

Current Concerns: Jonas Ineichen, why is Juso Lucerne taking part in this initiative?

Jonas Ineichen: Juso Switzerland has been criticising the plans to introduce e-voting throughout Switzerland for several years and was the first young party to officially support the initiative. The Juso Canton of Lucerne is also fighting for digitisation, which is carefully considered and benefits for everyone. In my opinion, however, e-voting does not currently meet the requirements of responsible digitisation. It is anything but effective to introduce a technology that has the destructive potential to lastingly damage confidence in democratic instruments. Without this trust, political discussions and above all decisions are simply no longer possible.