of 13 December 2013 (Status as of 15 January 2014)



Similar documents
Federal law on certification services in the area of the electronic signature

of 28 September 2007 (Status as of 1 April 2010)

E-Democracy and e-voting

Guidelines of the Higher Education Council for accreditation within the higher education sector

Federal Act on Data Protection (FADP) Aim, Scope and Definitions

Federal Act on Combating Money Laundering and Terrorist Financing in the Financial Sector 1

ISO27001 Controls and Objectives

This English translation serves information purposes only and has no legal force. The original German version is the legally binding document.

Online Voting Project. New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles.

3 Terms and definitions 3.5 client organization whose management system is being audited for certification purposes

Federal Act on the Implementation of International Sanctions

The Mobile Phone Signature in edemocracy and egovernment Applications.

Qualified Electronic Signatures Act (SFS 2000:832)

Guidance for candidates and agents

Federal Act on Human Genetic Testing (HGTA) Scope, Purpose and Definitions

Ordinance on the Protection of Audiences from Exposure to Hazardous Sound Levels and Laser Beams. (Sound Levels and Laser Ordinance, SLO)

Merchants and Trade - Act No 28/2001 on electronic signatures

CONFLICT OF INTEREST MANAGEMENT POLICY & COVEA FINANCE Code of Ethics

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

INFORMATION TECHNOLOGY SECURITY STANDARDS

Redundancy & Redeployment Policy. Transformation & Human Resources

SENATE BILL State of Washington 64th Legislature nd Special Session

NORTHERN TERRITORY ELECTRICITY RING-FENCING CODE

Achieve. Performance objectives

Ordinance on the Use of Private Security Companies by the Federal Government

COMMISSION REGULATION (EU)

ELECTRONIC SIGNATURE LAW. (Published in the Official Journal No 25355, ) CHAPTER ONE Purpose, Scope and Definitions

SCC ARBITRATION RULES OF THE ARBITRATION INSTITUTE OF THE STOCKHOLM CHAMBER OF COMMERCE

Land Registry Help protect yourself from property fraud keep your contact details up-to-date. May 2016

and residents sixty years of age or older who are surviving spouses

Secure Signature Creation Device Protect & Sign Personal Signature, version 4.1

1. Introduction Conditions for Registration Preparation of Register Postal Voters List Special Voters List...

Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts

ELECTRONIC SIGNATURE LAW

Liberty response to The Electoral Commission consultation on the review of ballot paper design

Preparing yourself for ISO/IEC

FACTSHEET ON ON-CALL DUTY

Act on Insurance. The National Council of the Slovak Republic has adopted the following Act: SECTION I PART ONE GENERAL PROVISIONS

E-Voting System and Its Importance

Law Society of England and Wales - Chapter 3 - Money Laundering Regulations 2003

ISA 620, Using the Work of an Auditor s Expert. Proposed ISA 500 (Redrafted), Considering the Relevance and Reliability of Audit Evidence

Institutional accreditation

Chapter 6A SPONSORS AND COMPLIANCE ADVISERS

Act on Investment Firms /579

10 20 ARBITRATION RULES

TERMS AND CONDITIONS OF REMOTE DATA TRANSMISSION

Electronic Voting Protocol Analysis with the Inductive Method

TICSA. Telecommunications (Interception Capability and Security) Act Guidance for Network Operators.

Appendix 11 - Swiss Data Protection Act

Regulations concerning measures to combat money laundering and the financing of terrorism, etc.

The University Board of the Bern University of Applied Sciences,

appeal of general academic matters related to student programs.

Overview TECHIS Carry out security testing activities

How To Write A Takeover Offer In Swissitzerland

NATIONAL TALLY CENTER (NTC) OPERATIONS PROCEDURES Presidential and Provincial Council Elections

INTERNATIONAL STANDARD ON AUDITING 620 USING THE WORK OF AN AUDITOR S EXPERT CONTENTS

Chapter 1 GENERAL INTERPRETATION

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems

TG TRANSITIONAL GUIDELINES FOR ISO/IEC :2015, ISO 9001:2015 and ISO 14001:2015 CERTIFICATION BODIES

Colorado Secretary of State Election Rules [8 CCR ]

2. All references to Returning Officers in this code should be taken to refer to Counting Officers for referendums.

COUNTY AND DISTRICT INITIATIVE & REFERENDUM PETITIONS

2002 No. 318 ELECTRONIC COMMUNICATIONS. The Electronic Signatures Regulations 2002

An Approach to Records Management Audit

REGIONAL CENTRE EUROPE OF THE INTERNATIONAL FEDERATION OF TRANSLATORS

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

Terms and Conditions for Remote Data Transmission

DIRECTIVE 2014/32/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October Document Author(s) Collette McQueen

7 Directorate Performance Managers. 7 Performance Reporting and Data Quality Officer. 8 Responsible Officers

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION

RESPONSE TO FEEDBACK RECEIVED CONSULTATION ON ANTI- MONEY LAUNDERING AND COUNTERING THE FINANCING OF TERRORISM (AML/CFT) NOTICES AND GUIDELINES

2015 No PROFESSIONAL QUALIFICATIONS. The European Union (Recognition of Professional Qualifications) Regulations 2015

UNOFFICIAL CONSOLIDATION AND TRANSLATION OF LAWS 128(I) OF 2009 AND 52(I) OF 2010 THE PAYMENT SERVICES LAWS OF 2009 TO 2010

Land Registry. Version /09/2009. Certificate Policy

CONSULTATION PAPER NO

Decision on adequate information system management. (Official Gazette 37/2010)

Public Records: Evidence for Openness

Translation of General Academic Regulations for Bachelor s and Master s degree programmes at the Zurich University of Applied Sciences

MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY. Ensuring Information is Accurate and Fit for Purpose

ANNEX VI MODEL TERMS OF REFERENCE FOR THE CERTIFICATE ON THE FINANCIAL STATEMENTS PART ï

BYELAWS OF THE COMPANY GENERAL MEETINGS ZAKŁADY URZĄDZEŃ KOMPUTEROWYCH ELZAB SPÓŁKA AKCYJNA [ ELZAB COMPUTER WORKS JOINT STOCK COMPANY]

Spillemyndigheden s change management programme. Version of 1 July 2012

2014 Guidelines on the treatment of assets without contact and dormant assets held at Swiss banks (Guidelines on Dormant Assets)

Level 3 Certificate in assessing candidates using a range of methods (7317)

ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT (ZEPEP-UPB1) (Official consolidated text)

ICCS Convention No. 28 Only the French original is authentic

Procedure PS-TNI-001 Information Security Management System Certification

Newcastle University Information Security Procedures Version 3

ISO Controls and Objectives

VoteID 2011 Internet Voting System with Cast as Intended Verification

2011 municipal and county council elections

Induction for newly qualified teachers (England) Statutory guidance for appropriate bodies, headteachers, school staff and governing bodies

Neutralus Certification Practices Statement

Due diligence requirements for client onboarding via digital channels

BRIDGE HOUSE COLLEGE IKOYI, LAGOS knowledge for success

AUDITOR GUIDELINES. Responsibilities Supporting Inputs. Receive AAA, Sign and return to IMS with audit report. Document Review required?

COMMISSION REGULATION (EU) / of XXX

Article 7. ELECTION OF MEMBERS TO THE BOARD OF TRUSTEES

Transcription:

English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Chancellery Ordinance on Electronic Voting (VEleS) 161.116 of 13 December 2013 (Status as of 15 January 2014) The Swiss Federal Chancellery (FCh), based on the Article 27c paragraph 2, 27e paragraph 1, 27f paragraph 1, 27g paragraph 2, 27i paragraph 3 and 27l paragraph 3 of the Ordinance from 24 May 1978 1 on Political Rights (PoRO), ordains: Art. 1 Subject matter and definitions 1 This Ordinance specifies the requirements for authorising electronic voting. 2 The definitions in Annex number 1.3 apply. Art. 2 General requirements for the authorisation of electronic voting per ballot The authorisation for electronic voting in any individual ballot shall be granted provided the following requirements are met: a. The system for electronic voting (the system) is implemented and operated so as to guarantee secure and trustworthy vote casting. (Annex No 2 and 3). b. The system must be easy to use for the voters. Account must be taken of the special needs of all voters wherever possible. c. The system and the operational procedures shall be documented so as to enable the details of all security-relevant technical and organisational procedures to be understood. AS 2013 5371 1 SR 161.11. 1

161.116 Political Rights Art. 3 Risk assessment 1 By the means of a risk assessment, the canton must document in detailed and understandable terms that any security risks are within adequate limits. The assessment covers the following security objectives: a. the accuracy of the result; b. the protection of voting secrecy and non-disclosure of early provisional results; c. the availability of functionalities; d. the protection of personal information about voters; e. the protection of voter information against manipulation; f. the non-disclosure of evidence of vote casting behaviour. 2 Each risk must be identified and clearly described in the context of the security objectives, any related data records, threats, weaknesses and the documentation on the system and its operation. The canton must on this basis justify why it considers the risks to be sufficiently low. 3 Minimising risks must not be dependent on keeping security-relevant information on the system and its operation secret. Art. 4 Requirements for authorisation for more than 30 per cent of the cantonal electorate 1 If a system is to be authorised to cover more than 30 per cent of the cantonal electorate, the voters must be able to ascertain whether their vote has been manipulated or intercepted on the user platform or during transmission (individual verifiability, Annex No 4.1 and 4.2). 2 For the purpose of individual verification, voters must receive proof that the server system has registered the vote as it was entered by the voter on the user platform as being in conformity with the system. Proof of correct registration must be provided for each partial vote. 3 If the client-sided authentication measure is sent electronically, voters who have not cast their vote electronically must be able to request proof after the electronic voting system is closed and within the statutory appeal deadlines that the system has not registered any vote cast using their client-sided authentication measure. 4 The substantiveness of a proof must not be dependent on the trustworthiness of the user platform or transmission channel. 5 It may be based on the following elements: a. the trustworthiness of the server system; b. the trustworthiness of the special technical aids for voters; these must meet particularly high security standards; 2

FCh Electronic Voting Ordinance 161.116 c. the confidentiality of data provided in paper form; the confidentiality of these data outside the infrastructure must be guaranteed through special measures. Art. 5 Requirements for authorisation for more than 50 per cent of the cantonal electorate 1 If a system is to be authorised to cover more than 50 per cent of the cantonal electorate, it must be ensured that voters or the auditors are able, subject to compliance with voting secrecy, to identify any manipulation that leads to falsification of the result (complete verifiability, Annex No 4.3 and 4.4). 2 Complete verifiability is achieved if additional requirements for individual verifiability (para. 3) and requirements for universal verifiability (para. 4 6) are met. 3 For individual verification the following requirements must be met in addition to those in Article 4: a. The proof must also confirm to the voters that the data relevant to universal verification has reached the trustworthy part of the system (para. 6). b. Voters must be able to request proof after the electronic voting system is closed that the trustworthy part of the system has not already registered a vote cast using their client-sided authentication measure. c. The substantiveness of a proof must not be dependent on the trustworthiness of the entire server system. It may however be based on the trustworthiness of the trustworthy part of the system. 4 For universal verification, the auditors receive proof that the result has been ascertained correctly. They must evaluate the proof in a observable procedure. To do this, they must use technical aids that are independent of and isolated from the rest of the system. The proof must confirm that the result ascertained: a. takes account of all votes cast in conformity with the system that were registered by the trustworthy part of the system; b. takes account only of votes cast in conformity with the system; c. takes account of all partial votes in accordance with the proof generated in the course of the individual verification. 5 The substantiveness of the proof must depend solely on the trustworthiness of the trustworthy part of the system and the technical aids used for verification. Equally, the guarantee of voting secrecy and the non-disclosure of early provisional results within the infrastructure must depend solely on the trustworthiness of the trustworthy part of the system. 6 The trustworthy part of the system includes either one or a small number of groups of independent components secured by special measures (control components). Their use must also make any abuse recognisable if per group only one of the control components works correctly and in particular is not manipulated unnoticed. For the trustworthiness of the trustworthy part of the system, the diverse organisation of 3

161.116 Political Rights the control components and the independence of their operation and supervision are decisive. Art. 6 Additional measures for minimising risks If the risks are not sufficiently small despite the measures taken, additional measures must be taken to minimise risks. This applies in particular even if all requirements under Annex Nos 2 to 4 have already been implemented. Art. 7 Requirements for examinations 1 The cantons shall ensure that meeting the requirements is examined by independent agencies. The examination is made in particular if the system or its operation has been changed in such a way that meeting the requirements for authorisation could be called into question. 2 If more than 30 per cent of the cantonal electorate are to be authorised to participate in a trial (Art. 4 and 5), the system and its operation must be reviewed in particular detail with regard to the following criteria: a. cryptographic records (Annex No 5.1); b. functionality (Annex No 5.2); c. security of infrastructure and operation (Annex No 5.3); d. protection against attempts to infiltrate the infrastructure (Annex No 5.5); e. requirements for printing offices (Annex No 5.6); f. in a trial involving more than 50 per cent of the cantonal electorate: control components (Annex No 5.4). Art. 8 Supporting documents for applications 1 Applications submitted under Articles 27c and 27e para. 1 PoRO must be accompanied by: a. documentary evidence or certificates confirming that the system and its operation have been tested for compliance with requirements and meet all requirements effectively (Annex No 6.1 bis 6.3); b. documentary evidence confirming that the risk assessment was conducted in advance of a ballot. It must be shown why the assessed risks fall within sufficiently narrow limits (Annex No 6.4). 2 Reference may be made to documentary evidence that the Federal Chancellery has already received and which is still valid. Art. 9 Further provisions 1 The detailed technical and administrative requirements for electronic voting are regulated in the Annex. 4

FCh Electronic Voting Ordinance 161.116 2 Until 30 June 2015, a canton may in exceptional cases be exempted from implementing individual requirements in Annex Nos 2 and 3 provided: a. no more than 30 per cent of the cantonal electorate are to be authorised to participate; b. the requirements not implemented are indicated in the application; and c. the canton describes the alternative measures and justifies in reference to the risk assessment why it regards the risks as sufficiently low. Art. 10 Commencement This Ordinance comes into force on 15 January 2014. 5

161.116 Political Rights 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information