(Part 4 of a 5-part series starting here) In 2021 the Swiss government commissioned several in-depth technical studies of the Swiss Post E-voting system, by independent experts from academia and private consulting firms. They sought to assess, does the protocol as documented guarantee the security called for by Swiss law (the “ordinance on electronic voting”, […]
How the Swiss Post E-voting system addresses client-side vulnerabilities
(Part 3 of a 5-part series starting here) In Part 1, I described how Switzerland decided to assess the security and accuracy of its e-voting system. Swiss Post is the “vendor” developing the system, the Swiss cantons are the “customer” deploying it in their elections, and the Swiss Parliament and Federal Chancellery are the “regulators,” […]
How NOT to Assess an E-voting System
by Vanessa Teague, an Australian computer scientist, cryptographer, and security/privacy expert. (Part 2 of a 5-part series starting here) Australian elections are known for the secret ballot and a long history of being peaceful, transparent and well run. So it may surprise you to learn that the Australian state of New South Wales (NSW) is […]
How to Assess an E-voting System
Part 1 of a 5-part series If I can shop and bank online, why can’t I vote online? David Jefferson explained in 2011 why internet voting is so difficult to make secure, I summarized again in 2021 why internet voting is still inherently insecure, and many other experts have explained it too. Still, several […]
Most top websites are not following best practices in their password policies
By Kevin Lee, Sten Sjöberg, and Arvind Narayanan Compromised passwords have consistently been the number one cause of data breaches by far, yet passwords remain the most common means of authentication on the web. To help, the information security research community has established best practices for helping users create stronger passwords. These include: Block weak […]