The SRF released an article today that the progress of implementing E-Voting has stalled.

Source

In my opinion, that's good. E-Voting is incredibly dangerous. The fundamentals of democracy are based on the fact that we all understand what it takes to win an election or a vote. You need one more vote than the opposition. That's it. And anybody, if they wanted to, can go count it.

I personally have no issue with e-voting for disabled people, which may benefit greatly from this, or people outside the country, because both of these groups do not make up a large enough share to severely impact national votes. However, anything more, and I oppose it strictly.

It may increase voter participation, but at what cost? The system would become less secure and more based on trust that the system is actually doing what the voters want. Claims such as elections being stolen will become harder to disprove as the average person has no idea how to program or let alone understand how a database functions. How can a normal person be expected to verify that a person actually won with e-voting tools? They can't!

We see this with Trump. In the US, he blamed the voting machines for stealing the election. Was it true? Probably not. But because they're reliant on this technology, rather than counting it by hand and writing it by hand, it is more easily believable for people. Anybody should be able to go to the Gemeinde and verify the amount of votes anything got. This is no longer possible with e-voting.

Also, if it increases voter participation, I believe it will likely attract voters which are less informed. If you're unwilling to go through the already easy process of just filling out the letter they send you and dropping it in the mailbox on your way to work, should you really participate in important votes and elections? You have the right to, of course, but should we really make it easier? Should we really make it so easy that a person in a YouTube video can make a call to action to vote for that and a person can go and immediately do it?

I understand that people want the convenience of e-voting, but is it really worth giving up the security and certainty that we know our elections are fair in exchange for a little bit of convenience?

Yes, the system has supposedly been tested for years and is secure, but no system is truly secure, and every system has flaws. The things we vote on are worth billions based on the result. Do we really think it is that naive to think that a company will hire people to find security flaws in the system and exploit them? Or even just sow doubt because of the lack of understanding?

Even if you do it with new technologies, such as blockchain technology, to secure it, which could be possible, the issue with that is now that you potentially could identify voters, which is even worse.

And the worst part is, unlike with fraudulent elections done on paper, it is almost impossible to detect. If an exploit is found, it is unlikely to be detected, unless it's reported, which, if somebody found it, is worth billions, therefore unlikely to go reported. It is almost impossible to buy the outcome of an election on paper, because you need to buy so many letters from so many people, and it requires a lot of effort to write yes or no on all of the letters, therefore making it unlikely that it remains a secret for a long time. Whereas with a digital system, you would only need one skilled hacker to exploit it.

Voting machines have been hacked at DEFCON a lot, and that is a real issue. Even if the system is completely secure, it may raise doubts, which makes democracy less stable. Source

In the U.S. this has led to the violent storming of the Capitol on January 6, 2020. Whether the people were right or not that the election was stolen is irrelevant. The supporters of Trump felt it was because the system raised doubts.

Also another concern is if this is all digital and you access it through the web browser you access everything from, could cookies or malicious extensions potentially track what you vote for?

It isnt legal to engage in white hack hacking in Switzerland. Hacking of any kind is punishable in Switzerland, even if you're doing it as a white hat. Therefore, you could actually be prosecuted for pointing out bugs.

I am not the only one with these concerns. Here is an extract from the article:

Auch IT-Expertinnen und -Experten sind kritisch. Etwa Anwalt Martin Steiger, Spezialgebiet Recht im digitalen Raum, sagt: «Man muss letztlich darauf vertrauen, dass beim E-Voting alles seine Ordnung hat.» Abstimmen und Wählen sollten aber nicht Vertrauenssache sein, sondern durch Laien überprüft werden können. Doch das sei nicht möglich. Deshalb rät Martin Steiger: Die Schweiz sollte auf E-Voting verzichten.

Tom Scott also has a great Video explaining why this is a terrible idea:
https://www.youtube.com/watch?v=LkH2r-sNjQs

If the Bund decides to implement this everywhere, I will do everything in my power to stop it.

TLDR:

  • Stalling of e-voting is good
  • E-voting makes it difficult for average citizens to verify election results, moving from a transparent system to one based on trust in complex technology.
  • Sacrifices significant security and verifiability for minimal convenience.
  • The "black box" nature makes it harder to disprove claims of stolen elections, potentially destabilizing democracy (like in the US)
  • Digital systems are susceptible to sophisticated, hard-to-detect attacks, with potentially high financial incentives for bad actors.
  • Concerns exist about potential tracking of votes through web browsers or malicious software.

What do you guys think about E-Voting?

by justyannicc

8 comments

  1. > The worst part is, the system is neither open source, nor is it legal to engage in white hack hacking in Switzerland. Hacking of any kind is punishable in Switzerland, even if you’re doing it as a white hat. Therefore, you could actually be prosecuted for pointing out bugs. And because it’s not open source, there is less of a likelihood that security issues will be found. And quite frankly, I don’t trust the Post, not with something this important, they’re not a tech company.

    it is fully open source and the post has been running public bug bounty programs on it since years

  2. We used to vote via Internet in Geneva a few years ago, and it worked fine. Why would it be less secure than e-banking?

    We have no voting machine in Switzerland.

    People outside Switzerland are already voting by Internet and it works very well.

    You can verify an e-vote. You get confirmation codes.

    Is it a troll post with arguments aimed at USA?

    There is a public bug bounty for white hats to test the e-voting system. https://yeswehack.com/programs/swiss-post-evoting

    How many handwritten signatures are forged in old peoples homes?

  3. As I understand it, there is no way to ensure anonymity in e-voting while also ensuring that every person gets at most one vote.

    And I can think of no way to be able to make sure, as a private person, that the published open source code is also the software voters are connecting to.

    Am I misunderstanding this?

  4. I’m not voting out of protest till E-Voting is a thing. I want an app.

  5. Look, if we are able to run the whole stock market online, we should also be able to implement e-voting one day.

    The contra articles/videos you linked are all older than 5 years – a lot of improvements happened since then.

    The US voting machines are also not something Switzerland should apply and isn’t comparable at all with our e-voting system in Switzerland.

    The SRF article itself stated we need time to trust the process but it looks like the pilots in the “Testgemeinden” were successful despite the low participation.

  6. Software engineer here. 19 years of experience in the industry, more than a decade in FAANG, in my early career I wrote software to keep track of many entities, including votes in some things (this project got abandoned), later on wrote country-level databases with encrypted data (tricky, not only can’t you query things easily, you also can’t easily join it, and if you are not careful it’s easy to do statistical attacks on low entropy data), an avid follower of cryptography advances.

    My most sincere qualified opinion is to stay away from electronic voting. The moment your vote needs to be stored, someone somewhere will insist that your identity needs to be stored with it. The reasoning is clear: how will they know that you only voted once? This way every vote has one owner, the system can count the votes per owner and ensure no voter ever gets more than one vote. That is a terrible idea already. People offering to do this project for you in exchange for a few millions will say “We’ll separate the votes from the information and the join will be physically impossible, except for those holding a special crypto key, which will be in the possession of very few people – think nuclear codes, that kind of thing. The problem remains obvious. From the moment the data is centrally stored and it is possible to join it, it’s a matter of time until it is. Say 40 years from now a despot gets to power. They can see how you have voted in every previous election.

    To be super clear, there is a way to implement this today. This was not possible until a recentish time, but we can envision a cryptographically safe, decentralized, publicly verifiable way to do electronic elections using a piece of mathematical machinery called zksnarks. Problem: very few people in the world can implement this properly. Second problem: many companies will offer to implement a solution for you, then they will say “you don’t need that, here we put this Oracle database in the middle blah blah” and they sell you a standard weak solution.

    TL;DR: stay away. Keep your vote.

  7. It’s ridiculous to me it’s not a thing yet, the average voter is too oldY and participation is too low. Make it more accessible.

    Jesus christ, I can do most of my bank transactions online, my taxes, my doctors appointment – give the people the possibility to vote online finally.

    Sometimes I’m suspicious the powers that be might worry about the demographic shift regarding the average voter once it’s something you can do via app, and it is therefore stalled ro draw this out.

  8. I 100% agree. E-Voting is a danger to democracy. Even if there was a technical solution (there isn’t), it would be too fragile of a system to base our democracy on. Trust is eroded easily and hard to rebuild.

Comments are closed.