Security in e-voting is based on many different measures. The most important of these include the following:
- Verifiability: Verifiability allows any successful manipulation attempt to be detected with certainty. Based on special cryptographic procedures, verifiability offers transparency about the correct procedure of the entire voting process, while maintaining the secrecy of the vote.
- Distribution of responsibility: E-voting systems must be distributed over a large number of differently designed computers, some of which must not be connected to the internet. It must also be technically and organisationally ensured that no individuals without multi-person control can access critical data or votes.
- Due to audit and certification requirements, the systems are regularly audited by independent organizations (external audits, independent certification, regular repeat audits for re-certification).
- Best practices: In accordance with the mandatory continuous improvement process, the systems must always be adapted and continuously protected against the latest security vulnerabilities.
The risk awareness on the part of the authorities with regard to electronic voting is high. The principle of "security before speed" always applies for the introduction of e-voting in Switzerland. Only e-voting systems that meet the high security requirements of federal law are permitted.
These security requirements for e-voting have been agreed with representatives from science and technology. They are dynamic in nature and influence the authorisation requirements. Thus, the disclosure of the source code becomes a new approval requirement, and future systems are to undergo a public intrusion test.