Swiss Cybervoting PIT(falls)

Jannis Kirschner

Playlists: '36c3' videos starting here / audio

The Swiss democracy is one of it's kind.
Digitization is starting to affect even our most critical processes, such as voting.

When a piece of code suddenly gets responsible for democracy, it's only natural that the voices get loud and many questions get raised:
Is our democracy at stake? Do we have to fear for our privacy? Is electronic voting even feasible in Switzerland? Is such a solution secure?

As part of a mandatory Public Intrusion Test (PIT), the Swisspost released their e-voting source code to the world and started a heated debate - far beyond the Swiss borders.

Not only the codebase revealed several problems during the PIT.
Interesting scoping, redefining the term "open source" and unreleased security audits were only some of the issues that security researchers faced and caused controversy.

In this talk we will have a look at many technical and non-technical aspects of the e-voting solution and PIT from the view of a participating security researcher.