Updated Jan. 25, 2021 11:40am
The Swiss Post had been in negotiators to purchase the sole rights to the source code for Scytl voting software for “several months” according to published reports in European media outlets in May 2020. They were forced to go public with news of that purchase however when Scytl, to the surprise many, declared bankruptcy.
The Swiss Post is the national postal service of Switzerland. A public company owned the Swiss government, it is the country’s second largest employer.
The Post was working jointly with Scytl (of Spain) on an e-voting system for at least a year prior to the announcement. They were forced to scrap plans for implementing such a system in Switzerland because of the discovery that manipulated votes could go unnoticed.
Officials in Switzerland criticized the government’s purchase of such software source code even though it had knowledge of such issues.
“It’s hard to believe that Swiss Post has paid an undisclosed price for a system which we already know doesn’t work properly. In other countries, too, Scytl systems have experienced major problems. Perhaps that’s precisely why the company went bankrupt,” Swiss parliamentarian Franz Grüter said last year.
The Scytl system is “fundamentally untrustworthy,” said Nicolas A. Rimoldi, the head an anti-electronic-voting initiative. “The Post has bought a heap of junk and is still riding a dead horse.”
The flaw in the software was first discovered by British hacker Sarah Jamie Lewis.
“The implementation of the commitment scheme in the SwissPost-Scytl mixnet uses a trapdoor commitment scheme, which allows anyone who knows the trapdoor values to generate a shuffle proof transcript that passes verification but actually alters votes. This allows undetectable vote manipulation by anyone who implemented, administered, or otherwise took control of a mix server,” she and her team wrote in a report.
“The Bottom Line: A problem in the implementation of the SwissPost-Scytl shuffle proof allows undetectable vote manipulation,” it concluded.
It is 9am Swiss Time, @VTeagueAus, Olivier Pereira & I are releasing details of a cryptographic trapdoor that we found in the Swiss Post #evoting system that would allows admins to falsely “prove” mixes that alter votes & undetectably compromise elections: https://t.co/ETEDuDsSAe
— Sarah Jamie Lewis (@SarahJamieLewis) March 12, 2019
The knowledge raises questions about why the Swiss Post, a government agency, purchased software it new to be flawed and also why it failed to adequately notify allies of those flaws, including the United States.
If you’ve ever been through security vetting you know that you are asked many, many questions about your financial history, outstanding debts etc.
Financial vulnerability is regarded as a security risk when combined with operating critical infrastructure.
— Sarah Jamie Lewis (@SarahJamieLewis) May 15, 2020
Scytl claims 78 million voters from more than 800 counties in the U.S. “benefited” from its election solutions during the presidential election, which included election night reporting, eBallot delivery and online election worker training.
In a statement to ITN however, Swiss Post denied involvement of any of their products in the election. “The speculation has no basis in facts and we distance ourselves formally from it,” the statement read. “Swiss Post had no system in use during the US elections, not even indirectly via another company. Swiss Post has no intentions of offering electronic voting services outside Switzerland in the future either,” it added.
The revelations were made by Neal David Sutz, an American who has been living in Switzerland for several years. Sutz had been researching mail-in voting and its security flaws for several months prior to Nov. 3 and began organizing and publishing his findings in the wake of the massive voter-fraud allegations made after the election.