The security requirements for e-voting are tailor-made for Switzerland and have a firm legal basis. They must be continuously adapted to the latest developments in the security sector and to the current threat situation. When setting and updating the requirements, the Confederation and the cantons work closely with experts from academia and business circles. The security of e-voting is based on many different measures. These include:
- Verifiability: Verifiability ensures that attempts at system manipulation can be reliably detected. Based on special cryptographic procedures, verifiability creates transparency about the correct course of the entire ballot procedure, while preserving the secrecy of the vote. Until now, systems with individual verifiability were in use in Switzerland. In future, only fully verifiable systems are to be approved.
- Sharing of responsibility: E-voting systems must be spread across many differently configured systems, some of which must not be connected to the internet. Technical and organisational measures must be in place to ensure that no individual can access critical data or votes without the involvement of a third party (multiple-assessor verification).
- Transparency: The source code and documentation of fully verifiable systems must be published so that competent persons can operate and analyse the system privately. The source code may be used for non-commercial and specified scientific purposes, for example exchanging information on any faults found in the system and the right to publish.
- Independent audits: For the use of fully verifiable systems, regular audits of the systems and their operation are carried out by independent organisations and experts.
- Public scrutiny: The public is encouraged to be involved in testing e-voting to a greater extent and a steps will be taken to build up a community of specialists. In order to involve independent experts in a public scrutiny process, a bug bounty programme is to be run for the disclosed source code and documentation.
- Best practices: In accordance with the mandatory, ongoing improvement process, the systems must be continuously adapted and constantly protected against the latest security vulnerabilities.
- Cooperation with the public, in particular with the academic community: The Confederation and cantons will work more closely with experts from different fields in designing, developing and auditing e-voting systems.
The risk awareness on the part of the authorities with regard to electronic voting is high. The principle of "security before speed" always applies for the introduction of e-voting in Switzerland. Only e-voting systems that meet the high security requirements of federal law are permitted.