The final objective of the project is to offer all Swiss citizens wherever they live the possibility to vote online.

The idea was born out of the success of postal voting, which is used by 95% of the population and increased turnout by 20 percentage points. Yet, there remains some 40% abstainers, on the one hand, and remote voitng in the shape of postal voting is not fully secure. The issue is therefore to attract more voters to the ballots and to come as close as possible to the polling station model, where the administration fully controls the setting and the operations and where there can be a public control over the ballot couting process.

An ICT-based voting channel can help us to reach both these goals.

Security is and always was our priority. The security approach must be global and homogeneous. In full konowledge of fact, a structured methodology was aplied to assess and manage the security risks in our system. When you are dealing with confidential information and sensitive data over an uncontrolled network like internet, you need to comply with the highest privacy and security requirements. It’s the State responsibility.

We established an 11-rules long catalogue based on the international and national law covering elections. Voter ID must be protected, voters must have a single vote, etc...

The challenge was to create a controlled area that would be as wide as possible, to recreate the polling station environement. SSL over HTTP offers an unsafe protocol implementation: in this configuration, the browser running on the client's computer (an unsafe place) initiates the communication and defines the key length and the algorithm used. It has been shown that SSL is vulnerable to “man-in-the-middle” attacks. Interception and modification on the fly were easily performed.

We developed an approach in which, when a browser wants to establish a communication with our server, it has to do it according to our conditions and following our security rules.

The server sends an obfuscated applet to the client PC. We control the applet and can know wether the client's environement has altered it or tried to do so. This is waht we call the "secure channel".

The applet's unique role is to encrypt and decrypt the HTTP flow. Computers are completely deterministic and the fundamental bases in cryptography is the need for randomness. Therefore, we use True Random Number Generator using Quantum principles to define the encryption key, thus reaching an unprecedetnd level of encryption in order to protect only the necessary data embedded on the standard HTTP flow.

The idea of the Swiss Confederation when launching the project was to have a solution it could then extend to the whole country. Therefore, our solution could be reused elsewhere. We are currently defining "entry levels" and calculating their cost. If you still run paper-based election and count the ballots manually, implementing Internet voting will cost XXX. If you have a computerised centralised ballot counting system, switching to internet voting will cost YYY. If you have a digitalised centralised voting register, scaling up to Internet voting will cost ZZZ, etc... This said, experience shows that, beyond the cost factor and the distance between one's current situation and the end situation of implementing internet voting, one must also consider another factor: scaling up directly from polling station voting on paper ballots to internet voting might be to large a change for politicians or citizens to accept. Gradual changes (in our case through a first stage of postal voting) might be advisable.

And, as mentioned in the "economics" section, we are considering selling the system to any interested party outside Switzerland.

The internet voting application is currently in its 3rd version. We are currently working oa a way to authenticate foreigners who were granted last year the voting right on municipal matter, but lack the ID features linked to the Swiss citzenship that we use with Swiss citizens voting online.

Here is a description of all past developments: although few has changed for the users of the eVoting system (we do not provide a link anymore to the voting web site, in order to avoid man-in-the-middle attacks), the application has considerably evolved over the last four years.

It has become technically neutral: we moved away from the HP Virtual Vault standard for which the application had been developed and it now runs on Unix servers. The interoperability and transferability has been greatly improved. The State IT system is the sole owner and maintener of the application, there are no more vendors linked to it anymore.

We have developed an election interface (so far, we only had an interface for referendums, that is "yes-no" ballots and conducted a first online election in Novermber 2006.

We implemented a quantum cryptography-based secure channel on top of the SSL channel. Since the applet generating this cryptography layer is located on the voting server, that is within the controlled perimeter, it increases the State controlled perimeter and cannot be corrupted neither while being upoladed to the voter's PC nor in the voter's PC.

We also expanded our experience of dealing with the constantly evolving software and OS installed on the voters' PC.

We now have an unprecedented and unique experience of internet voting use by the citizens over time and in the context of different ballots (municipal, cantonal and federal, referendums or initiatives).