E-voting: transparent, secure, verifiable

You could be forgiven for thinking that an election is a matter of simply deciding, casting a vote and then counting the votes to determine the election result. However, anyone who talks to e-voting expert and BFH lecturer Eric Dubuis about the topic will soon realise that even a traditional vote is not that simple. And in digital spaces, everything becomes even more difficult.

Observability creates trust

“Votes and elections need to be transparent, secure and verifiable”, says Eric Dubuis, summarising the aim of voting and election mechanisms. For only then can voters trust that their voice has been included in the decisions and weighted correctly.

At the ballot box, this is relatively easy to accomplish: neutral observers on site check who is eligible to prevent any unauthorised individuals from casting votes. Eligible voters record their choice on paper in a private space so it is not possible to trace how they voted. They insert their ballot papers into a transparent ballot box that remains under constant observation. Received voting rights and ballot papers are counted separately, so discrepancies become immediately apparent (e.g. if there are more ballot papers than voting rights).

The search for the perfect system

In the physical voting process, “most things are observable and traceable”, explains Dubuis. This increases confidence in the voting process: “It is actually the perfect system.” Of course, there are also risks in this process. “It is sometimes the case that individuals are denied access to the polling station”, notes Dubuis. And some communities are so far apart geographically that a physical election or vote is simply out of the question.

This is where the benefits of electronic elections are evident. Users can fulfil their democratic duties from anywhere in the world. This advantage also prompted the Organisation of the Swiss Abroad (OSA) to set up a digital voting procedure together with Eric Dubuis. There is a major need for an alternative to traditional voting procedures, as the members of the OSA are spread all over the world. For the elections to the Council of the Swiss Abroad, held in April 2025, several countries used BFH’s UniVote e-voting system.

Dubuis states that he has repeatedly, from the very beginning, told those responsible that every election system is fraught with risks. “When you digitalise an election”, he explains, “the question arises of how we can verify voters and observe the procedure without violating the privacy and anonymity of users.” And the fact that everything takes place remotely produces risks that can simply be eliminated at the polling station: because the actual voting is not monitored, “[we] cannot rule out that eligible voters may be influenced when casting their votes in a digital election.”

Simple, secure, legally compliant

Today, there are several digital voting systems in Switzerland seeking to solve these problems in different ways. Everyone is looking for a compromise between maximising ease of use, minimising risks and meeting legal requirements.

The team working with Eric Dubuis is experimenting, for example, with how security codes for the verification of voting rights can be scanned via a QR code instead of being typed in. “Good usability simplifies the use of a system”, explains Eric Dubuis, “and leads to more valid votes being included in a decision.” While other systems still use analogue security elements delivered by post for certain steps, Eric Dubuis and his team employ mechanisms that operate entirely digitally.

“For organisations like the OSA, a postal voting procedure is out of the question for practical reasons”, explains Dubuis. Furthermore, e-voting systems must meet certain mandatory criteria – at least at the federal and cantonal level. Decisions must therefore be verifiable both individually and universally (see box), and the secrecy of the vote must be maintained. Ensuring privacy is particularly difficult in the digital space. On one hand, digital voting tools are often used via browsers, which may be controlled and monitored by third parties.

Short-lived security

On the other hand, e-voting is based on the fact that only the votes of persons entitled to vote are included in the election result and that election decisions are encrypted cryptographically. However, cryptography, unlike the physical separation of voting rights and ballots in the polling station, does not ensure absolute privacy. Anyone who has enough computing power and time at their disposal can crack the encryption, according to Dubuis. “However”, he adds, “it would take at least 20 years nowadays.”

But he provides some perspective: “However, one would need at least 20 years for that today”. It is clear that no electoral system is risk-free. The way it is coordinated also depends on how risky or potentially beneficial a manipulation could be. In the election of the US president, the consequences and the potential gains from fraud are extremely important. In the election to the Council of the Swiss Abroad, the expected consequences and benefits of manipulation are clearly smaller in comparison. Accordingly, it is justifiable to use an e-voting tool in the OSA elections that places a higher value on practicality than on minimising risk.

The election system must therefore suit each type of election. It must be easy to use, easy to understand and trustworthy. Eric Dubuis sees this as the biggest challenge for the digitalisation of democratic processes. “How e-voting works is difficult for laypeople to understand”, he says, “and as such it is easy to sow doubts about the procedures and call democratic decisions into question.”