A cryptographic trap door could let someone change votes cast using Switzerland’s online sVote system without being detected, according to a new paper.
Verification: The specific issue is the way the system receives and counts votes before shuffling them and anonymizing voter details (everyone provides a birth date and an initialization code). Once they’ve been shuffled, the votes are counted and then decrypted. The trap door means someone could switch all the legitimately cast ballots for fraudulent ones, undetected.
A recommendation: The Swiss government should immediately halt plans to implement the system more widely, one of the authors said. However, there are ramifications way beyond Switzerland, which had hoped to make online voting an option nationwide for elections in October. A bug bounty program to test the system’s resilience was launched last month.
A wider issue: The software vendor, Scytl, provides electronic voting services to over 35 countries, including the United States. It says it’s working to fix the flaw, but the fact that it managed to creep into the system in the first place is worrying. And researchers say they’ve still only tested a fraction of the code base. It’s one of many issues uncovered with online and electronic voting.
Sign up here to our daily newsletter The Download to get your dose of the latest must-read news from the world of emerging tech.