Slashdot Mirror

← Back to Stories (view on slashdot.org)

Swiss E-voting Trial Offers $150,000 in Bug Bounties To Hackers (theverge.com)

Posted by msmash on from the open-challenge dept.

The Swiss government is offering bug bounties of up to CHF 50,000 (around $50,000) to anyone who can expose vulnerabilities in its internet-based e-voting system in a test later this month. From a report: In total, 150,000 CHF (around $150,000) will be up for grabs for any white hat hackers who register for the "Public Intrusion Test" (PIT). The Swiss Post system will be open for a dummy election between February 24th and March 24th, the length of a typical Swiss federal vote, during which time any registered "white hat" hackers will be free to discover and report vulnerabilities.

This PIT comes as the Swiss government is planning to expand its e-voting capabilities by October 2019 to two thirds of the 26 cantons that make up the Swiss Confederation. The country has conducted more than 300 trials of e-voting systems over the past 14 years, but current rules limit the amount of electronic votes to 10 percent of the total for referendums and 30 percent for constitutional amendments. However, the expansion plans have been met by opposition by politicians who claim current e-voting systems are insecure, expensive, and prone to manipulation.

33 comments

  1. Missing the point, as usual by JaredOfEuropa · · Score: 3, Interesting

    opposition by politicians who claim current e-voting systems are insecure, expensive, and prone to manipulation

    How about intransparent? Manipulation isn't the issue, the problem is that there's no way for laymen to verify that no manipulation has taken place. A transparent voting and tally system like paper ballot allows for audits "for the people, by the people". To audit an e-voting system, you need experts.

    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    1. Re:Missing the point, as usual by Anonymous Coward · · Score: 1

      FIRST, prove no one can get into the systems from the outside to hack the election
      THEN prove the output is easily verifiable.

      Number 1 bounty: Are any of these machines connected to any network OF ANY KIND. If you can see it from the internet the vote is suspect.

    2. Re:Missing the point, as usual by OrangeTide · · Score: 1

      the problem is that there's no way for laymen to verify that no manipulation has taken place.

      Laypeople aren't of much interest to governments.

      --
      “Common sense is not so common.” — Voltaire
    3. Re:Missing the point, as usual by Kokuyo · · Score: 1

      While we contend with that issue as well, don't forget that this is a direct democracy.

    4. Re: Missing the point, as usual by Anonymous Coward · · Score: 0

      Yes I believe I have heard that fact. For the less experienced or less educated among us, you should have explained that it should not be confused with the many totalitarian regimes who label themselves blah blah democratic something something something republic of something else

    5. Re:Missing the point, as usual by frank_adrian314159 · · Score: 1

      How about intransparent?

      How about opaque?

      --
      That is all.
    6. Re:Missing the point, as usual by dzelenka · · Score: 1

      Mod the parent up!

      E-voting is susceptible to fraud on a grand scale.

      --
      Bah!
    7. Re:Missing the point, as usual by OrangeTide · · Score: 1

      I though we learned in the 20th century that propaganda can easily subvert direct democracy?

      --
      “Common sense is not so common.” — Voltaire
    8. Re: Missing the point, as usual by Anonymous Coward · · Score: 0

      People's Democratic Republic of Fuckery. Or how to live in poverty for the benefit of your autocrat.

  2. Re: Old Jack Dorsey by Anonymous Coward · · Score: 0

    Jack would lose count

  3. Enough money by Anonymous Coward · · Score: 0

    I know we're talking about Switzerland but will they have enough money ?

    I think nobody will ever complete a electronic voting system that is auditable, secure and preserve the secrecy of vote.

    1. Re:Enough money by Bradmont · · Score: 1

      More importantly, the researchers could sell any significant vulnerability for waaaay more than $150,000....

    2. Re:Enough money by Immerman · · Score: 1

      Which is why they're putting out a call for white-hat hackers. Not everybody is motivated primarily by money, but the combination of attacking government-grade security, helping to preserve democracy in the face of a move to electronic voting, and a chance to win a tidy sum as well, will likely interest a lot of ethical hackers.

      --
      --- Most topics have many sides worth arguing, allow me to take one opposite you.
  4. Lol by Anonymous Coward · · Score: 1

    Here in the US candidates can spend over $1 billion on winning an election. You think if a hacker could change the outcome of a countries election they would reveal that exploit for $150,000?

    1. Re: Lol by Anonymous Coward · · Score: 0

      Dude hackers are lazy and they really care about what they are working on more than complicated money making schemes. They may from time to time pay attention to other stuff, like electrical engineering, especially if they happen to blindly walk into a really interesting environment like a maker space, but generally they really think about one thing.

    2. Re: Lol by Anonymous Coward · · Score: 0

      State hackers do not do that for the bounty, they do it to be able to control.

  5. Swiss by Anonymous Coward · · Score: 0

    They liked Hitler alot in WWII.

    1. Re: Swiss by Anonymous Coward · · Score: 0

      I am positive he would blush, nod in thanks, and then rile up a crowd in embarrassment

    2. Re:Swiss by Anonymous Coward · · Score: 0

      i like being able to spell "a lot" even more

  6. Impossible to prove. by Anonymous Coward · · Score: 0

    It's like asking you to prove that you will never eat a parasite.

    You could prove that you do, if you accept the pseudo-scientific term "proof" (instead of a reproducible statistically significant set of observations/measurements).
    But you cannot prove that you don't.

  7. Not really. by Anonymous Coward · · Score: 0

    There are many cases where people wanted to vote on something, but the government would simply not allow it.

    And even a "direct democracy" is merely a nice fantasy anyway. In reality, most people are passive thinkers, and it's almost trivial to make them *want* what you want.
    Create a one-dimensional false dichotomy of two extreme exaggerations, and tell people the others are "literally Hitler", and if they don't pick you, they hate the country, don't think of the children, and support communism^Wterrorists^WRussia^WChina....
    If necessary, a few false-flag moles put in "the enemy" will create the necessary internal fighting and external discrediting acts. (In the NSA leaks, the NSA bragged about doing exactly that to 43 organizations in a single year. Including Occupy, Anonymous, Wikileaks and the Tea Party.)

    People don't even want to be individals anymore. They will attack you to defend their opinion maker swarm head, from my experience.
    And he corporate lobbyist politicians / talking heads / ... that form those heads already do have their direct democracy. As corporations are the actual citizens now.

    1. Re:Not really. by Anonymous Coward · · Score: 0

      In reality, most people are passive thinkers, and it's almost trivial to make them *want* what you want.

      Some places yes, especially where the educational system is found wanting.

  8. Laymen? by Actually,+I+do+RTFA · · Score: 1

    No way for laymen to verify? Hell, I'm not sure how anyone could verify it. Short of taking the devices apart under electron microscopes and seeing changes in the hardware as a result of voting, I'm not even sure how anyone could.

    --
    Your ad here. Ask me how!
  9. Only $150,000? by Volatile_Memory · · Score: 1

    Russia, China, Israel, the US, and some cool cats on the dark web are offering more. Just gotta know who to ask.

    --

    /**
    I have a "Zero Policy" tolerance.
    */

  10. Absent voting is always open to manipulation by HuskyDog · · Score: 2

    The basic problem with internet voting is exactly the same as all other forms of "voter absent" polling such as postal voting and that is how to ensure that the voter hasn't been threatened or bribed. You can make the actual mechanism as secure as you like with bug bounties and such like, but there will still be many thousands of women who will sit at the family computer whilst their husband says "Vote for that guy or I'll punch you again like I did last night" (just an example - many other permutations of abusive relationships are available!).

    I agree that there are some steps which can be taken to reduce this problem (e.g. allowing people to vote multiple times and only counting the last one), but these don't seem to properly address the fundamental problem.

    1. Re:Absent voting is always open to manipulation by Anonymous Coward · · Score: 0

      If only your vote mattered enough to punch my wife.

      They can implement whatever system they want, it's still getting thrown into a trash can. #TwoTurdsSystem

  11. light version by hermi · · Score: 1

    They exclude a lot of things from the test, like social engineering or dns spoofing etc.
    It's most likely a publicity stunt that "hackers tried to hack our system!11!one" instead of an actual "real" audit / pen test.

  12. voting secrecy by 4im · · Score: 1

    A vote is also supposed to be secret.

    If you're in a booth, with other people around (voting officers and other members of the public), you'll be able to vote on your own without interference, secretly. Taking a picture of your filled-out voting bulletin as some sort of proof is a no-go (punishable in many places).

    What if you're wherever, voting electronically - who's to say you won't be coerced (e.g. by a violent spouse) to vote in a certain way? Who's to say it's even you who's voting, not somebody else who's taken your credentials from you (say, personnel from a caring facility voting in place of the elderly)?

    Voting by correspondence falls largely into the same categories, it should be kept to a minimum, not extended, for the reasons above.

  13. Comment by WallyL · · Score: 1

    And opponents of the Swiss government (whether domestic or foreign) are offering $15,000,000 in Bug Bounties To Hackers!

  14. DO YOU NEED A HACKER? by AlbertHacks · · Score: 1

    I’m Albert a hacker who has built a very good reputation and undeniably one of the best hackers you can come across.i have got access to hack into any account and also get to generate passwords for accounts like Facebook,Instagram,Twitter,gmail,yahoo mail,whats-app,we-chat,etc.Retrieving hacked social media accounts,clearing criminal records,increase credit scores,CC hack,hack bank accounts for transfers and credit card top ups,application hacking.We do custom software and web development in php, java, asp.net etc.hacking computer systems,Website hack,Catch hacker scammers,Phishing emails, that's to mention a few.You can contact me on. Email ... Theredhackergroup@gmail.com Whatsapp...+17867089974 or TEXT:571 318 9498 Best Online hacker with 100% guarantee and money back return policy for 48hours.