The procurement of e-voting systems is the responsibility of the cantons. They can either operate their own system, use that of another canton or call in a private company as before (art. 27kbis para. 1 let. b PoRO). The Confederation sets the regulatory framework and authorises e-voting trials.
Under federal law, only completely verifiable e-voting systems that meet the following examination and transparency requirements will be approved:
- Independent examination commissioned by the Confederation: E-voting systems and their operation will be subject to an independent examination commissioned by the Confederation (Art. 27l PoRO and Art. 10 OEV in conjunction with No 26 of the Annex to the OEV). This addresses the need for an effective review of whether the requirements under federal law have been met and of whether risk-minimising measures are effective, as well as identifying potential for improvement.
- Publication of information on the system and its operation: The cantons must ensure that comprehensive information on the system and its operation is published; this includes in particular the source code and the documentation (Art. 27lbis PoRO and Art. 11-12 OEV).
- Public scrutiny: The public and experts will be involved in improving e-voting systems (Art. 27lter PoRO). In particular, the cantons are to offer a permanent bug-bounty programme (Art. 13 OEV).
Independent examination of Swiss Post system 2021
Certain cantons are planning to resume trials with the new Swiss Post e-voting system. In July 2021, the Federal Chancellery commissioned an independent examination of this system and its operation based on the revised legislation (see the FCh's press release of 05.07.2021).
Experts from academia and industry were commissioned to conduct the examination. This covers four areas: the cryptographic protocol of the system (Scope 1), the software to be used (Scope 2), the infrastructure and operations at Swiss Post (Scope 3), and an intrusion test that the system must undergo (Scope 4). The examination lasted from July 2021 to February 2022. It was based on versions of the system made available from summer to autumn 2021. The examination of infrastructure and operations at the cantons is still in progress.
The first reports on the examination have now been published. Reports on other required examinations will be published when available.
- Scope 1 Final Report Aleksander Essex 29.11.2021.pdf (PDF, 538 kB, 05.04.2022)
- Scope 1 Final Report David Basin 30.11.2021.pdf (PDF, 111 kB, 05.04.2022)
- Scope 1 Final Report BFH 28.03.2022.pdf (PDF, 622 kB, 05.04.2022)
- Scopes 1 and 2 Final Report Thomas Haines, Olivier Pereira, Vanessa Teague 24.03.2022.pdf (PDF, 505 kB, 04.05.2022)
- Scopes 1, 2 and 3 Final Report Bryan Ford 04.04.2022.pdf (PDF, 227 kB, 04.05.2022)
- Scope 2 Final Report BFH 28.03.2022.pdf (PDF, 803 kB, 05.04.2022)
- Scope 2a Final Report SCRT 24.03.2022.pdf (PDF, 1 MB, 05.04.2022)
- Scope 3 Final Report SCRT 26.03.2022.pdf (PDF, 1 MB, 20.04.2022)
- Scope 4 Final Report Network Security Group, ETH Zurich 06.01.2022.pdf (PDF, 175 kB, 05.04.2022)
- Scope 4 Final Report SCRT 19.04.2022.pdf (PDF, 635 kB, 20.04.2022)
N.B.: The examination reports relate to the requirements under federal law set out in the consultation draft of 28 April 2021, available at Federal legislation (admin.ch)
The examination was carried out on the basis of the following audit concept:
Swiss Post statement on the results of the independent examination in 2021:
www.evoting-blog.ch/en/pages/2022/independent-audit-insights-into-the-ongoing-work-at-swiss-post
FCh press release:
Disclosure of the new Swiss Post system
Previous examinations and tranparency measures