Electronic voting in Switzerland

During the late 1990s, the idea of modernizing elections by providing a remote form of voting spread among European countries. In that matter, Switzerland was no exception, but unlike others it had already been using a form of remote voting systems, postal voting. It was previously well established that the initialization of postal voting had increased turnout rates by 4 percent on average, and unsurprisingly promoters of internet voting hoped that this new form of voting would quickly get accepted by the voters and ideally further increase the turnout rates especially amongst the young. In terms of the progression of internet voting, several parliamentary motions were put forward at the beginning of the 2000s. The actual implementation process however was rolled out at a slow rate since it involved numerous evaluations and testing of different models. In this regard, the role of the federal agencies would mostly be limited to facilitating experiments rather than implementing trials, which was what actually happened when Geneva, Neuchâtel, and Zürich took up the internet voting challenge and the federal agencies initially only provided financing. The result of this approach is that the three cantons had developed three different internet voting methods. Among these models, those of Geneva and Zürich have only one significant difference, which is that while the Zürich model is operated by a private company the one in Geneva is managed by the canton itself. Neuchâtel's system differs from the two in the sense that internet voting is integrated into an e-government portal that required citizens to first register at the municipality. In Geneva and Zürich cases, there is no initial registration required since the voters are mailed the necessary information before every election. The first internet voting trials were conducted in 2003 in a municipality of Geneva, and within two years Zürich and Neuchâtel had also held their first trials. In the early phase of Internet voting trials, Swiss voters abroad were not included. This soon changed when the Swiss government acknowledged its desire to make internet voting available to the large expatriate community. One of the most significant leading factors to this inclusion is the role played by the Organization of the Swiss Abroad (OSA), the main advocacy organization for expatriate interests, which was firmly behind the internet voting initiative. The community of Swiss living abroad was a natural target group since the difficulties they faced while using postal voting were well known. Also facilitating the process for this group was hoped to further boost the turnout rates since they make up 10 percent of the electorate. Since their low participation and lack of media attention on this group the Swiss abroad were considered to be an ideal test group. Moreover, if this new platform had a significant effect on the turnout rates, it would further strengthen the domestic debate. The legal basis was laid shortly, and by June 2008 Neuchâtel had become the first canton to offer internet voting to its community that lives abroad. The two other pioneer cantons were quick to follow with Geneva in 2009 and Zürich in 2010. However, what is interesting is that all Swiss cantons can make internet voting available to their expatriate voters even if their own domestic residents are not yet allowed. By 2009 Basel-City had become the first of the non-pilot cantons to use it for its voters abroad and within a two years timeframe by nine other cantons joined (Argovia, Bern, Fribourg, Grisons, Lucerne, Schaffhausen, Solothurn, St. Gallen, Thurgau). Although trials were successful in several cantons, in the beginning, the new mode of remote voting was not envisioned to have a smooth transition and was not expected to be widely used in all Swiss cantons before many years. One of the main reasons for this was the different traditions and voting procedures in different cantons. Another reason was the typically slow adoption of new systems in Switzerland. However, in 2019 Swiss Post took an initiative to enable e-voting in the whole of Switzerland. == Usage of internet voting (2003–2015)==

The argument that internet voting would increase voter turnout was frequently used in parliamentary debates by advocates; also its high usage would justify the means such as the high financial costs and allocated resources. To keep track of the internet voting usage rates a database was maintained that reported results in as much as detail since the first vote in 2003. Studies about the evolution of e-voting user rates in the three pilot cantons portrait two main social effects that explain the usage pattern over time; the novelty and the convenience effects. Geneva and Zürich illustrate the novelty effect, where drastic downward falls are observed on the usage rates right after initialization. This fall might be due to some voters testing the new system of voting just because it is new, but then return to their usual voting method due to habits. In the Geneva case, the disadvantageous effect of long-term interruption of e-voting (between 2005 and 2009) on the usage rates is depicted. Before the interruption, rate used to be 20% and afterward it was only 15%. In general, the convenience of the postal voting has kept the internet voting levels low; however, they are speculated to eventually grow as younger voters are much more inclined to use the internet. The fact that the voters in Neuchâtel first need to register at the municipality to gain access to the e-government portal had an effect of lack of convenience. However, a small-sized increase in e-voting is observed in 2011, which can be explained by the introduction of the opportunity to file taxes electronically through the same e-government portal, which seem to enticed some citizens to try and use internet voting. Usage rates of the expatriate have a growth rate of 2% each year. In Neuchâtel, the requirement to sign up in person to use the e-government system at the municipality has resulted in lower rates, since this is an even higher burden to those who live abroad. Studies also show that Geneva scores lower than the rest of the cantons, which is speculated to be because of the “fake” expatriates who live just across the border in France to avoid housing prices in Geneva. The two main conclusions that can be made from these studies are; first, the expiries’ natural higher incentive in e-voting due to convenience is reflected in moderately higher usage rates; second, over the years the online channel has gained popularity among Swiss expatriates in contrast to Swiss residents who tend to drop the new channel after the novelty effect wears out. == Socio-demographic profile of internet voters==

Education Like the other factors, education is also positively correlated to internet voting usage. People with the highest educational attainment tend to be the most over-represented. According to a study for instance, more than one-third of voters with a university degree voted electronically whereas this number is only 2.8 percent for voters with compulsory education. Overall, voters with high education are most likely over to be overrepresented among internet voters in both residents and expatriate trials. To conclude the studies has found that internet voting has primarily been a service to the young and privileged, who tend to live in comparatively more wealthy households, have relatively higher education, be male and between 18 and 49 years old. == Advantages and disadvantages==

E-voting clearly has both pros and cons and some of the advantages and disadvantages are listed below. Advantages • Convenience E-voting is a location and time-independent way of voting, which makes it extremely comfortable and convenient for voters who have the means. • Increasing participation E-voting offers people an alternative way of voting for those who may not be able to use the traditional way. This might concern mainly absent, ill, disabled or old citizens. Also, article 6 of the federal law on political rights states that the cantons must assist people with disabilities on the exercise of their political right which would be achieved by e-voting. Additionally, individuals with disabilities may prefer the use of their home computers where they provide conveniences over traditional forms of writing and communication. Also, for example, e-voting systems could be equipped with added features to assist those with visual or hearing impairments and appeal to a greater audience. • Reducing process costs With e-voting after having built the infrastructure and accepting the high investment cost, the cost would get redeemed in a few years and the process cost would get lower compared to the traditional vocation channels such as polls or postal ballots. • Increasing efficiency Usage of e-voting may induce an efficiency increase since the process could get accelerated, arranged more accurately and invalid polls could be prevented. Disadvantages • High investment costs The development of the infrastructure of e-voting is costly, since it includes computers, building up servers, hiring experts and buying the software. For example, the cost of the pilot system used in Zürich during 2004-2006 amounted to 7.9 million CHF for the canton of Zürich and 0.5 million CHF for the communities that attended the project. Moreover, another 3,2 million CHF resulting from the trial period. Which all adds up to 11,2 million CHF. Appraisals assume that the implementation of e-voting in the whole country would cost 400 to 600 million CHF. • Complexity and missing transparency E-voting is a very complicated process that requires expertise to comprehend fully. For that reason, only a few operate with the system, on whom every citizen depends and has to trust. Thus, the whole system might be interpreted as a “black box” by the community, which pulls transparency to bare minimum and damages credibility and trust. • Security A significant disadvantage of e-voting is the level of protection it requires and the fact that it will never be a hundred percent secure, having said that neither going to the polls nor postal voting is fully secure. Although there were not any security breaches or security relating problems during the trials, this does not mean there won't be in the future. • Voting quality Political parties make use of the new possibilities to advertise and propagate their message online at low costs. For users, this might result in information overload and confusion about the origins of information as well as a reduction in political discussion and interactions among e-voters. Studies suggest that a de-ritualization of the voting procedure can be observed and voting without much reflection or in an emotional (or irrational) state may have negative effects on the process of opinion formation. == Case analysis==

An important motivation for the Swiss government to pass e-voting is fast changes in information and communications technologies and indeed political life. Switzerland considered e-voting to make participation in elections easier, add new and appealing forms of participation, increase participation rate and protect the democratic principle “one person – one vote” against traditional abuse. Hans-Urs Wili from the Federal Chancellery points out that introduction of e-voting is necessary if direct democracy as it exists today in Switzerland is to be kept alive. The Swiss Government wanted to keep pace with these changes and they started pilot projects for introducing e-voting in the early 2000s. The main approach used by the Swiss government has been to prioritize security instead of the speed of adoption. For this reason, Switzerland started with 3 cantons, Geneva, Neuchâtel and Zürich. It was a joint project of the Confederation and the cantons. The Swiss Confederation funded up to %80 of the trials and the results of the projects had to be made public to the other cantons. In 2006 the three pilot projects were evaluated and it was observed that the internet voting system could be used by up to 20% of the cantonal electoral roll (later extended to 30%), and by up to 10% of the Swiss electoral roll. Geneva Case Geneva is considered as a “designated candidate” for the introduction of e-voting for several different reasons. One is the fact that there is a centralized electronic voting registry. In Geneva, local voters’ registries have been linked electronically since before the start of the e-voting project on the contrary of many other cantons. Geneva was also well prepared for an e-voting project, since its cantonal voting law authorizes the cantonal authorities to test new voting methods in light of technological developments. Another interesting aspect was that Geneva's high percentage of expatriates. Geneva has the most advanced pilot project. The cantonal administration, in partnership with Hewlett Packard and Wisekey of Geneva, developed an e-voting application. The Geneva system doesn't need any additional software; the user is guided through the process on the e-voting website. In this system, voters receive their voting card that contains a personal ID code 3 weeks before elections. This code changes in every polling occasion and the chance to find it randomly is one in five billion. Voters need this code to be recognized by the servers when voting on the Internet. Voters then submit their vote and can alter the choice before confirming their identity once again. To confirm their identity, they need to enter the date of birth and commune of origin. The system confirms that the vote has been successfully transmitted and recorded. The electronic ballot is encrypted and sent to one of the servers. The votes are then forwarded to an electronic ballot box in a centralized location. Two keys are necessary in order to open the electronic ballot box. To ensure security, different political parties have the keys. It is impossible to match a ballot and a voter because voter's identity and ballot are kept in two distinct files. E-voting lasts 3 weeks and ends the day before the election. Geneva's system based its security on using standard security mechanisms, such as the encryption of the communications by using SSL and encryption of the ballots in the voting server using standard cryptographic algorithms. It is indicated to be secure and usable enough. However, there are mainly two concerns. First, if a computer is already infected with malware, it is not guaranteed to secure the voting process. Second, a lot of data about Geneva's e-voting system is kept secret. The construction of the e-voting system necessitates that the voter has to have confidence, and to create this confidence, Federal Council requires publication of the source code of the software to provide verifiability. Also voters are encouraged to know how the electronic ballot box and the voting register work, how the servers are monitored and what happens if an attack is detected. Zürich Case The e-voting project in the canton of Zürich was launched in 2002. The very first implementations of the Zürich's system were introduced for student elections at University of Zürich in 2004. Following the system's success in student elections, it was tested out for public elections. In principle, Zürich's e-voting system is quite similar to Geneva's but it has additional features. In addition to Internet-based voting, Zürich's system also permitted votes to be cast via text message and interactive television systems (ITV). However, in 2007, it was announced that SMS-voting would be discontinued. Zürich hired Unisys to implement and manage its online voting system. Main security characteristic of the Zürich's system was the usage of different codes to select the candidates. Voters received a special voting card with a unique code per candidate and had to use the code of their candidate instead of selecting them. This mechanism preserves the privacy of the voters even if they use an insecure communication channel such as SMS. On the contrary of Geneva's system, Zürich doesn't have a centralized registry for voters. To solve this problem, e-voting is implemented at the commune level and have the communes pass on the results to the canton. Swiss Post System Swiss Post's e-voting system is designed by Barcelona-based company Scytl. In this system, voters authenticate themselves to the voting website using their birthdate and an initialization code they receive from Swiss Post by mail. After voters make their selections, the votes are encrypted before going to the Swiss Post servers, where they are cryptographically shuffled to lose any trace between vote and voter. Votes are only decrypted during the counting process. This system is under many critics. Experts find serious problems with this system such as its poor design, high level of complexity and possibility of letting someone alter votes during the shuffling phase without detection. To prove the system's security against attacks, Swiss Post has launched a public penetration test and bug bounty program. == Security measurements ==

Switzerland doesn't expect e-voting to be %100 secure but it has to be as secure and reliable as the traditional voting methods (i.e. postal voting and voting at polling stations). Articles 27a-27q of the Order on Political Rights indicate security measurements needed to be fulfilled to obtain a secure and reliable system. According to these articles, an e-voting system has to ensure that all the received votes are anonymous and can't be traced. Identifying a voter's vote must be impossible and votes must be encrypted after submission and only decoded when they are to be counted. Voting must remain perfectly anonymous. Furthermore, the voting system must ensure that a vote has been received, and if there is an altered vote, only the newest version is counted. The procedure must not encourage voters to vote without reflection and voters must be able to alter their choice before submitting their vote. Additionally, the system must ensure that only entitled voters can take part in the ballot, each voter must have one vote and will vote only once. It must be impossible for any third party to capture, modify or divert votes or influence the result of the ballot or to find out the content of the votes. All the votes cast must be taken into account during the count and that any fraud must be impossible. Security is not only satisfied with having a secure software. The system also must make sure that the voting process cannot be affected by the technological environment. In this context, the most important problem is whether a computer, which is used to vote, contains any malware. In this case, an attacker may access all the data stored in the computer including any personal information and be able to manipulate them. In the existence of such a malware, elections can be influenced by malware by storing data transmitted during the voting process, simulating the voting process and vote later, or voting at the same time the voter votes. By doing so, these attacks can violate the principle of” one man, one vote” and allow the capture, modification or deviation of electronic votes. Another important point is that e-voting server where all the votes are stored until counting must be absolutely secure and invulnerable to attacks. If an attacker can reach the main server, he/she can exchange the ballots and influence the main result of the election. If the votes are changed before counting, it is impossible to realize this change in counting. The traditional ballot box at the polling station cannot be manipulated this way. It is opened in front of public and nobody has possibility to exchange the ballot paper before. Similarly, the electoral register must also be secure to avoid attacks which try to manipulate entries. An election system's principal function is to establish the correct election result based on the votes submitted by the voters and all the irregularities caused by attacks or software bugs must be detected in a reliable way. To verify an election's integrity, protocols ensuring individual and complete verifiability must be implemented, and tests must be done to ensure completeness, integrity, consistency, evidence and authenticity of the voting process. To improve the confidence in e-voting systems, Federal Council also requires publication of the source code of these systems and a public intrusion test is required, which will allow interested parties to try to hack the systems that want to be certified at the third level. == Opinion of the swiss public ==

General opinion According to a survey conducted in 2016, the Swiss public generally thinks that introducing the possibility of voting electronically would be an improvement to the voting system, although this opinion is nuanced. Age class and region have a different view. Older people see e-voting as less necessary than younger people. In the francophone region of Switzerland, the E-Voting offer is viewed significantly more desirable than in the Italian speaking Ticino. In total more than half the respondents mentioned an advantage of comfort. The youngest voters stated this reason disproportionately often. Other advantages mentioned were simplification of voting (29%), increase participation or enhance the quality of the decisions made (26%). When ask about the disadvantages, a significant portion (40%) answered with concerns regarding the risk of manipulation and security. One in five feared the possibilities of scams and counterfeiting when E-Voting is used. Sympathizers of the SVP or CVP parties and respondents from rural regions often mentioned that the exchange between the citizens would be reduced. Swiss expatriates have been shown to have a much more positive attitude towards e-voting. They deem such a system could prove to be very useful. This is probably related to the rather low reliability of the postal system (mainly delays) that this type of voters have experienced. Trust in E-voting The Swiss population shows greater trust in voting at the polling station or with the postal system than via the internet. This result can be expected since most voters do not have access to such a system, and therefore no experience with it. Although the skepticism in e-voting is higher, e-voting is not completely mistrusted. Trust depends on multiple factors, the most important one being the age of the voter, with younger voters tending to be more confident in the e-voting system. The higher an individual's education, the less he generally believes in the security of e-voting. Trust is also notably higher in the French-speaking part of the country than in the Italian-speaking part. This correlates with the demand for e-voting of these groups. == References ==