The Swiss government is offering bug bounties of up to CHF 50,000 (around $50,000) to anyone who can expose vulnerabilities in its internet-based e-voting system in a test later this month. In total, 150,000 CHF (around $150,000) will be up for grabs for any white hat hackers who register for the “Public Intrusion Test” (PIT). The Swiss Post system will be open for a dummy election between February 24th and March 24th, the length of a typical Swiss federal vote, during which time any registered “white hat” hackers will be free to discover and report vulnerabilities.
This PIT comes as the Swiss government is planning to expand its e-voting capabilities by October 2019 to two thirds of the 26 cantons that make up the Swiss Confederation. The country has conducted more than 300 trials of e-voting systems over the past 14 years, but current rules limit the amount of electronic votes to 10 percent of the total for referendums and 30 percent for constitutional amendments. However, the expansion plans have been met by opposition by politicians who claim current e-voting systems are insecure, expensive, and prone to manipulation.
Bounties range from a maximum of between 30,000 and 50,000 CHF ($30,000 and $50,000) for manipulation of votes that is undetectable, which drops to 20,000 CHF ($20,000) if an auditor would be able to detect the manipulation. At the lower end of the scale, hackers can earn a 100 CHF ($100) bounty for highlighting any places where best practices haven’t been observed.
Swiss law guarantees that every Swiss citizen has the right to vote, whether or not they currently live in the country. Overseas citizens have previously pushed for e-voting, arguing that postal methods are frequently delayed, making them unreliable. Votes are also a much more common occurrence in Switzerland, whose system of direct democracy means that it’s had over a dozen national votes in the past two years alone.
Switzerland is not the only country to have looked into online voting, but the threat of manipulation has meant that many governments have since dropped their plans. In France, for example, electronic voting was ended for overseas citizens in 2017, while the UK abandoned its own plans in 2007 over security concerns. In the USA, e-voting is currently restricted to overseas service personnel from 25 states, who are able to submit their ballots via email.