The Adventurous Tale of Online Voting in Switzerland

Note: Presentation times are in Pacific Standard Time (PST).

Monday, February 01, 2021 - 8:15 am8:45 am

Dr. Christian Folini, Program Chair Swiss Cyber Storm Conference, OWASP CRS Co-Lead


The Swiss tale with online voting serves as a typical example of the iterative development of highly critical IT systems and the growing involvement of scientist as a necessary step for a government that is willing to learn from past mistakes.

Switzerland has been experimenting with online voting for over 15 years. Several generations of electronic voting systems have been implemented and almost all of them died along the way because of their profound security problems or when the money ran out.

In 2019, Swiss Post published the source code of its online voting system, the last system that was still in the race. Several highly critical findings were discovered in a matter of weeks and the system was stopped right before the national elections.

In 2020, the government rebooted the process and invited two dozen international researchers into an intense dialogue that lasted several months. The resulting report a the base for the renewed regulation that will pave the way forward in 2021.

Dr. Christian Folini, Program Chair Swiss Cyber Storm Conference, OWASP CRS Co-Lead

Christian Folini is a security engineer and open source enthusiast. He holds a Ph.D. in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is not a big business anymore and he turned to defending web servers, which he finds equally challenging. He brings more than ten years of experience with ModSecurity configuration in high-security environments, DDoS defense, and threat modeling.

Christian Folini is the author of the second edition of the ModSecurity Handbook and the best-known teacher on the subject. He co-leads the OWASP ModSecurity Core Rule Set project and serves as the program chair of the "Swiss Cyber Storm" conference, the prime security conference in Switzerland.

He stood in the first line of the defenders when the Swiss Post Online Voting system was put up for a public intrusion test in 2019. The following year, he moderated a dialogue between the Swiss government and a group of two dozens researchers on online voting. This dialogue resulted in a report with several hundred pages.

Christian Folini is a frequent speaker at conferences. When speaking, he tries to use his background in the humanities to explain hardcore technical topics to audiences of different backgrounds.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@conference {264096,
author = {Dr. Christian Folini},
title = {The Adventurous Tale of Online Voting in Switzerland},
year = {2021},
publisher = {USENIX Association},
month = feb

Presentation Video