Slashdot Mirror
Experts Find Serious Problems With Switzerland's Online Voting System (vice.com)
An anonymous reader quotes a report from Motherboard: Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system's design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what's going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly.
"Most of the system is split across hundreds of different files, each configured at various levels," Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England's GCHQ intelligence agency, told Motherboard. "I'm used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding." She said the system uses cryptographic solutions that are fairly new to the field and that have to be implemented in very specific ways to make the system auditable, but the design the programmers chose thwarts this. "It is simply not the standard we would expect," she told Motherboard. [...] It isn't just outside attackers that are a concern; the system raises the possibility for an insider to intentionally misconfigure the system to make it easier to manipulate, while maintaining plausible deniability that the misconfiguration was unintentional. "Someone could wire the thing in the wrong place and suddenly the system is compromised," said Lewis, who is currently executive director of the Open Privacy Research Society, a Canadian nonprofit that develops secure and privacy-enhancing software for marginalized communities. "And when you're talking about code that is supposed to be protecting a national election, that is not a statement someone should be able to make." "You expect secure code to be defensively written that would prevent the implementers of the code from wiring it up incorrectly," Lewis told Motherboard. But instead of building a system that doesn't allow for this, the programmers simply added a comment to their source code telling anyone who compiles and implements it to take care to configure it properly, she said.
The online voting system was developed by Swiss Post, the country's national postal service, and the Barcelona-based company Scytl. "Scytl claims the system uses end-to-end encryption that only the Swiss Electoral Board would be able to decrypt," reports Motherboard. "But there are reasons to be concerned about such claims."
"Most of the system is split across hundreds of different files, each configured at various levels," Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England's GCHQ intelligence agency, told Motherboard. "I'm used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding." She said the system uses cryptographic solutions that are fairly new to the field and that have to be implemented in very specific ways to make the system auditable, but the design the programmers chose thwarts this. "It is simply not the standard we would expect," she told Motherboard. [...] It isn't just outside attackers that are a concern; the system raises the possibility for an insider to intentionally misconfigure the system to make it easier to manipulate, while maintaining plausible deniability that the misconfiguration was unintentional. "Someone could wire the thing in the wrong place and suddenly the system is compromised," said Lewis, who is currently executive director of the Open Privacy Research Society, a Canadian nonprofit that develops secure and privacy-enhancing software for marginalized communities. "And when you're talking about code that is supposed to be protecting a national election, that is not a statement someone should be able to make." "You expect secure code to be defensively written that would prevent the implementers of the code from wiring it up incorrectly," Lewis told Motherboard. But instead of building a system that doesn't allow for this, the programmers simply added a comment to their source code telling anyone who compiles and implements it to take care to configure it properly, she said.
The online voting system was developed by Swiss Post, the country's national postal service, and the Barcelona-based company Scytl. "Scytl claims the system uses end-to-end encryption that only the Swiss Electoral Board would be able to decrypt," reports Motherboard. "But there are reasons to be concerned about such claims."
Like some other Swiss products?
Meanwhile in extremely related news, North Carolina's 9th district is provably fraudulent, because all those paper write-in ballots the GOP collected and completed/destroyed/altered had the same people writing the same fake signatures on them, mailed in batches by the same people passing the same cameras. Over and over and over again, the same handwriting.
It's not just that a few witnesses tell investigators they were paid to collect those ballots. There is a paper trail proving the fraud.
Paper ballots, watched by all candidates, counted in front of all candidates is the only solution.
I see his son is now publicly telling people he warned his GOP dad that it was a felony to do this.... he's a lawyer, he's throwing his dad under a bus so that he isn't arrested on a conspiracy charge for not telling the FBI of the crime. He's not an idiot, he knows there is massive documentation of the voter fraud if anyone looks.
https://abcnews.go.com/Politics/video/son-north-carolina-congressional-candidate-warned-absentee-votes-61199843
Internet voting breaks secret ballot. If you are being bribed or threatened into voting for someone & you are voting at booth, then you can vote for anyone without the perpetrator knowing who you actually voted for.
Internet voting, OTOH, doesn't ensure this - the briber or the "threatener" will be looking over your shoulder when you are e-voting.
Because electronic voting systems are inherently not capable to perform what they are supposed to do. Voting has to be equal (every vote has to be counted the same, only eligible voters can vote, but no one eligible must be disenfranchised), secret (no one can be compelled to reveal his vote) and accountable (it must be possible to prove the correctness of the ballot casting and the count). Because in general, you can't prove the correct count in a computer without tracking individual votes, you always run into danger of revealing individual votes in the process. So you have to tack additional layers onto the casting-and-counting system with different levels of privileges, which makes voting systems inherently complex and complicates audits. And to warrant secrecy while at the same time warranting accountability in principle, you have to use processes which can only be understood by specialists, which in turn makes audits less accountable, as the normal citizen has to trust the expertise and goodwill of the auditors.