Swiss E-voting Trial Offers $150,000 in Bug Bounties To Hackers

The Swiss government is offering bug bounties of up to CHF 50,000 (around $50,000) to anyone who can expose vulnerabilities in its internet-based e-voting system in a test later this month. From a report: In total, 150,000 CHF (around $150,000) will be up for grabs for any white hat hackers who register for the "Public Intrusion Test" (PIT). The Swiss Post system will be open for a dummy election between February 24th and March 24th, the length of a typical Swiss federal vote, during which time any registered "white hat" hackers will be free to discover and report vulnerabilities.

This PIT comes as the Swiss government is planning to expand its e-voting capabilities by October 2019 to two thirds of the 26 cantons that make up the Swiss Confederation. The country has conducted more than 300 trials of e-voting systems over the past 14 years, but current rules limit the amount of electronic votes to 10 percent of the total for referendums and 30 percent for constitutional amendments. However, the expansion plans have been met by opposition by politicians who claim current e-voting systems are insecure, expensive, and prone to manipulation.

Missing the point, as usual

[JaredOfEuropa]

opposition by politicians who claim current e-voting systems are insecure, expensive, and prone to manipulation

How about intransparent? Manipulation isn't the issue, the problem is that there's no way for laymen to verify that no manipulation has taken place. A transparent voting and tally system like paper ballot allows for audits "for the people, by the people". To audit an e-voting system, you need experts.

Re:

[Anonymous Coward]

FIRST, prove no one can get into the systems from the outside to hack the election
THEN prove the output is easily verifiable.

Number 1 bounty: Are any of these machines connected to any network OF ANY KIND. If you can see it from the internet the vote is suspect.

Re:

[OrangeTide]

the problem is that there's no way for laymen to verify that no manipulation has taken place.

Laypeople aren't of much interest to governments.

Re:

[Kokuyo]

While we contend with that issue as well, don't forget that this is a direct democracy.

Re:

[OrangeTide]

I though we learned in the 20th century that propaganda can easily subvert direct democracy?

Re:

[frank_adrian314159]

How about intransparent?

How about opaque?

Re:

[dzelenka]

Mod the parent up!

E-voting is susceptible to fraud on a grand scale.

Laymen?

[Actually, I do RTFA]

No way for laymen to verify? Hell, I'm not sure how anyone could verify it. Short of taking the devices apart under electron microscopes and seeing changes in the hardware as a result of voting, I'm not even sure how anyone could.

Re:

[Bradmont]

More importantly, the researchers could sell any significant vulnerability for waaaay more than $150,000....

Re:

[Immerman]

Which is why they're putting out a call for white-hat hackers. Not everybody is motivated primarily by money, but the combination of attacking government-grade security, helping to preserve democracy in the face of a move to electronic voting, and a chance to win a tidy sum as well, will likely interest a lot of ethical hackers.

Lol

[Anonymous Coward]

Here in the US candidates can spend over $1 billion on winning an election. You think if a hacker could change the outcome of a countries election they would reveal that exploit for $150,000?

Only $150,000?

[Volatile_Memory]

Russia, China, Israel, the US, and some cool cats on the dark web are offering more. Just gotta know who to ask.

Absent voting is always open to manipulation

[HuskyDog]

The basic problem with internet voting is exactly the same as all other forms of "voter absent" polling such as postal voting and that is how to ensure that the voter hasn't been threatened or bribed. You can make the actual mechanism as secure as you like with bug bounties and such like, but there will still be many thousands of women who will sit at the family computer whilst their husband says "Vote for that guy or I'll punch you again like I did last night" (just an example - many other permutations of abusive relationships are available!).

I agree that there are some steps which can be taken to reduce this problem (e.g. allowing people to vote multiple times and only counting the last one), but these don't seem to properly address the fundamental problem.

light version

[hermi]

They exclude a lot of things from the test, like social engineering or dns spoofing etc.
It's most likely a publicity stunt that "hackers tried to hack our system!11!one" instead of an actual "real" audit / pen test.

voting secrecy

[4im]

A vote is also supposed to be secret.

If you're in a booth, with other people around (voting officers and other members of the public), you'll be able to vote on your own without interference, secretly. Taking a picture of your filled-out voting bulletin as some sort of proof is a no-go (punishable in many places).

What if you're wherever, voting electronically - who's to say you won't be coerced (e.g. by a violent spouse) to vote in a certain way? Who's to say it's even you who's voting, not somebody else wh

Comment

[WallyL]

And opponents of the Swiss government (whether domestic or foreign) are offering $15,000,000 in Bug Bounties To Hackers!

DO YOU NEED A HACKER?

[Albert Hacks]

I’m Albert a hacker who has built a very good reputation and undeniably one of the best hackers you can come across.i have got access to hack into any account and also get to generate passwords for accounts like Facebook,Instagram,Twitter,gmail,yahoo mail,whats-app,we-chat,etc.Retrieving hacked social media accounts,clearing criminal records,increase credit scores,CC hack,hack bank accounts for transfers and credit card top ups,application hacking.We do custom software and web development in php, java