Zurich – January 25th, 2019 ¦ From the original article by Valerie Zaslawski [D]
Raphael Reischuk, IT security expert at Zühlke [Image: Simon Ziffermayer]
A broad-based political group has started an initiative calling for a ban on e-voting. And this idea is supported by someone who knows what he is talking about.
While the expert group of the Federal Government is of the opinion that e-voting can be provided in a secure and trustworthy way, the SVP National Council member from Lucerne, Franz Grüter, and his tech-savvy co-campaigners believe that it poses a serious threat to democracy. How can there be such a divergence of opinion? "The experts are talking at cross-purposes," explains the IT security expert Raphael Reischuk regarding the mismatch of views.
In the debate, a distinction must be made between the cryptographic design of the system and its realisation, the so-called implementation. While the cryptography can be proven to be secure, the implementation will always have errors – even one hundred years down the line. "We can't get a standard here, because the ecosystem will remain prone to error," says the scientist, who has researched this topic at ETH Zurich and is responsible for IT security at the Swiss innovation service provider Zühlke. By ecosystem, he means the entire environment in which the e-voting takes place; this includes the hardware, the operating systems, and, last but not least, the people. And it is the case, even in the digital world, that where people work, mistakes happen. Reischuk provides an illustrative comparison in this regard: "Even a healthy goldfish will die if it is put in a pond full of dirty water."
The security measures defined by the group of experts only change things to a limited extent in this regard. To prevent manipulation to the greatest extent possible, the systems should be verified, the source code disclosed, and public intrusion tests carried out. In such tests, the public is invited to attack the system. E-voting faces a particular challenge: The electronic voting processes must be verifiable while at the same time preserving voting confidentiality. In addition, the system and operational processes must be transparent.
In the four-week public intrusion test planned for the first quarter of 2019 (after the referendum on 10 February), during which the published source code of the Geneva IT solution will be investigated for errors by hackers in exchange for rewards, it may indeed be possible to identify vulnerabilities and rectify them. But Reischuk warns: "On the grey and black markets, significantly higher prices than the rewards promised by the government are already achievable." For example, as the experts know, some intelligence services are paying hackers more than a million francs for still undiscovered security loopholes via which a system can be attacked. Where e-voting is concerned, there can be a particularly significant amount of interest in this and Switzerland plays a globally strategic role, after all. "There are many groups that are interested in manipulating elections," warns Reischuk. Compared to a paper ballot, there are many more opportunities in the digital world to attack systems from a great distance, most likely from outside Switzerland.
Reischuk is also of the opinion that vulnerabilities in e-voting are particularly serious, because they impact on direct democracy, one of the cornerstones of our society. But also because e-voting is particularly complex, due to its conflicting requirements for anonymity as well as the verifiability of the votes cast – it is "a step too far". And: "Complexity is the biggest enemy of security." He poses the question: "Why start with the most complex project?" There is also the fact that the level of threats on the Internet, i.e. cyber-crime, is increasing rapidly. Services to eliminate the competition or unwanted projects are being offered with increasing frequency on the Darknet. "These dangers cannot be ignored in Switzerland," states Reischuk.
Ultimately, with e-voting it is not just a question of having faith, even if many of those who are involved are keen to see it that way. For example, Barbara Schüpbach, the Head of the Cantonal Administration of Basel-Stadt, who is responsible for the e-voting project, commented to the broadcaster SRF: "We are creating it very securely, so you and I need to have faith in our experts." In contrast, Reischuk states: "There are vulnerabilities all over the place. Anyone who says that systems of this complexity can be sufficiently secure is being naive." If e-voting is to become secure one day, it would first of all be necessary to improve the Internet infrastructure created in the 1980s and 1990s. When the Internet was first developed, there were only four networks, whereas today there are over 55,000. So, adjustments are needed. And, ultimately, awareness must be increased among the numerous digital dinosaurs – the people.