Pilots federal electronic voting meet the principles of democratic vote

Pilots federal electronic voting meet the principles of democratic voting

The architecture and operation of current electronic voting (evoting) pilots can be compared with profit to what a popular vote must be, which is the culmination of the evolution of our democratic societies.

We must refer for this to the Ten Critical Criteria of a democratic voting system1 (English-HTML ou French-HTML or -PDF), with comments and, for each of the ten criteria, reference to the federal legislation and the link to those thereof.

Here is a summary of the ten criteria of a democratic vote:


One and only one vote for every citizen having the right to vote (universality and uniqueness).


The anonymity of the voter and the confidentiality of its ballot  are unconditionally guaranteed.


The ballot  must contain the voter's motivation.

not transferable

The voting should not be able to vote by proxy, or obtain evidence enabling him to sell his vote.


The content of the ballot may not be known until the close of polling.


The ballot box should contain only and must contain all ballots collected (precision and completeness).


Ballots must be able to be recounted with sense (verifiability of their authenticity and integrity).


Claims (before closing) and challenges (after) should be resolvable.


The whole session and every single vote must be monitored.


Any attempt at fraud are prevented or detected without delay.

In clear contrast, the current Federal Pilots:

However, the current pilots, particularly the pilot "which is focused at arm's length since six years2" by the State Chancellery of Geneva, fail -and away- all these core principles of democratic vote and -moreover- the criteria required by federal law.

The debate goes far beyond the circle of the canton of Geneva (or the three cantons drivers), because other cantons actively preparing to extend their use of electronic voting, especially by the taken of these pilots under the economic motto "once developed - copied twenty-five times".

For example, the electronic voting pilot of Genevaº was chosen by the State Council of the canton of Basel City for the vote of its expatriate citizens.Similarly, the Geneva's pilot¹ would be a priori chosen for the test of the Canton of Vaud²- at least for its expatriates. If this is not this one which is finally chosen, it will be one of the two other pilots, or the grievances are the same for the three pilots. This the same story for the Valais³.


Press release, Swissinfo's news.


According to a meeting with the chief of political rights' section of the Canton of Vaud (08/01/2008)


According to the e-mail received from the canton of Vaud's public administration 20/06/2008  (Sylvain Jaquenoud / SDP-secre-DINT): : "it is extremely likely that we retain one of the three pilot systems".


According to the letter from the State's Vice-Chancellor Monique Albrecht of 05/02/2008, showing the willingness to move towards solutions known as "approved" by the Confederation.

Vote without democratic transparency

Like the other two federal pilots, the Geneva's pilot does not respect  democratic transparency.

First, the position of the state of Geneva (such as Zurich, or the Spanish company providing Neuchâtel) is to prohibit the public in-depth study* of the software's source code.


Going to the federal court, a Geneva's citizen obtained a the source code of the pilote , but only on paper, and printed on dark red sheets !
In addition, collated in disorder and mixed with the 
code of the standard Web server Apache.


The bill project, which has been discussed and not accepted in late August by the Grand Council of Geneva (PL9931), explicitly prohibits this final opportunity to review and publicly discuss the program (mirage of security through obscurity).

Secondly, despite the appeal to the mystery fever, the study of its architecture and operation (such º as described in official documents and recent articles) shows: :


Since  May 08, the Chancellery has insisted that its system has evolved significantly since 2003, but these changes are clearly negligible facing significant disrespect for the principles of democratic vote. According to the descriptions in the report of the bill, the site of the state or recent speech, or intervention by officials included in the latest articles, the basic architecture of the system has not at all changed. Even the technical objections and the vulnerabilities remain the same!

In conclusion of transparency, if we compare with the procedure and the central concepts of voting by correspondence, we see that the electronic voting pilots have, in their operations, no monitoring opportunities due by popular democratic vote; without saying that the political scrutinity  (election commission) which is the norm in the usual paper voting  -the constant observation of the operations- is totally impossible with the systems currently in use.

A vote without protection of secrecy

Moreover, as the list which binds the names of citizens to their identification numbers for the vote is processed and stored ª by the government, the secrecy of the vote is not guaranteed: the public administration can easily connect each electronic ballot with the name of the citizen who voted with this system.


This list is needed to resolve the claims: A citizen can argue to have lost his voting card, having suffered a computer crash or a loss of connection, etc.. And thus not being able to perform or complete his vote and request a new voting right (a new voting card). It must be a mean to link the name of the citizen to his identification number, to verify the presence or absence of his ballot into the electronic ballot box.

This link between identity of the voter and his ballot can be either because ballots are received clear by the server to build confirmation¹ (with the famous "thumbnails"), after the counting of ballots because the electronic ballot box² is  not really  "brewed" or, thanks to the systems' logs because a single computer session includes the identification of the voter and the filing of the ballot !


The construction of this confirmation by the server of the public administration, which therefore receive the ballot in clear text, also violates the criterion of temporality of the vote.


The ballots are simply read in a different order (but determined as computational 3) that of reception in the database (testimony of Mathias Schmocker).
Indeed, computers are deterministic machines, so there is no chance (randomness) and any operation is indefinitely reproducible, so brewing a "ballots box" is meaningless (formally, computers are
Turing machines, or finite automata).


In addition, the printer of those (so costly) voting cards received this list which links the names of citizens and their identification numbers for electronic voting. He put this list through its entire workshop's network : it is actually copied onto servers for the workload management, several computers, industrial printers, network controllers, etc... And we all know that " erasure" of coputer data is a very ambiguous one, the effective suppression of an electronic data is very difficult (see the computer forensics techniques in cybercrime).

A bitter finding, a necessary awakening

In summary, with the federal pilots of electronic voting, every citizen (even an "expert") must rely blindly on public administration and is at its mercy.
In short, this short-sighted concept of electronic voting violates everything that modern democracy has patiently developed to protect the free expression of the motivation of the voter.

Citizens, media, officials and politicians must be made aware of those issues, and should take the topic now while change is underway.

THis is because the Federal Council has formally ordered the cantons to take the path of electronic voting, the lobby of the Swiss Abroad (ASO/OSE) insists to obtain it, three quarters of the population want it, young people imagine not to vote otherwise.

The vote (including election) is at the center of a democratic society, and even more for (semi-) direct democracy as the one of Switzerland.
The achievements of the last two centuries was not only the universality of the democratic vote, but also the guarantee of "safe and faithful expression of the free will of citizens" brought by the protection of its confidentiality and the garanty of its transparency.

Here, those pilots threaten to present a regression of our democratic practices.


2Tribune de Genève, 26 juin 2008, Luca Sabbatini

3Using software to generate randomness  (random numbers) is a case of sin by Donald Knuth (Professor Emeritus, Univ. Stanford), continuing the quotation from the mathematician and computer theorist John von Neumann: (1951) "Anyone who considers arithmetical methods of producing random numbers is, of course, in a state of sin".

© Jean-Paul Kroepfli 20080723_2216 25.09.08 20:21 (31)