Security in Everyday Life
Generally speaking, „security“ describes the absence of threats. In many everyday situations, dangers can be easily recognised: if a car speeds towards us without braking or if someone in public transport coughs potential corona viruses in our face, most people are aware that they are not in a danger-free situation. In the virtual world, dangers are often not so obvious. While we hear the speeding car, phishing attacks, spyware or man-in-the-middle attacks are often more difficult to identify. At the same time, our digital reality and identity are becoming increasingly entangled with our analogue world.
This brings us to the subject of data security: in contrast to extensive rights that protect us in the physical world, security and privacy in the digital space often describe a grey area. Since many online services are interconnected, a successful attack on our digital persona can have particularly serious consequences. If, for example, our e-mail account is hacked, attackers can gain simplified access to a whole range of other access points. Whether private social media channels and their content, details of personal contacts and conversations, or even credit card information – much of our information is linked across platforms.
Data security in the digital space thus refers to the efforts to comprehensively secure users‘ data. In Projekt CH+, we are also dealing with this challenge. As an election aid, we protect the political data of our users and treat it confidentially. Projekt CH+ is young, but we are well aware of the significance of data protection. Data security as well as data protection are important to us. We do not approve of the data trade that seems to be commonplace nowadays.
«No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.»
Article 12, Universal Declaration of Human Rights. December 10, 1948
In our opinion, this also applies in the virtual world.
With these thoughts and concerns, we contacted Michael Hartmann of Zühlke AG.
Security Review thanks to Zühlke
Zühlke is a global innovation service provider specialising in software engineering and IT security. Earlier this year, they made a security review for the COVID app by the BAG. After we contacted them, it took less than two days before Zühlke decided to sponsor a security review for our election aid. Michael Hartmann and his colleague Pascal Wiesmann examined our election aid for possible security gaps. In addition to the protection of access data, they ensured, among other things, that neither Internet service providers (e.g. Swisscom, Salt, etc.) nor other people in the same WiFi can read user data, that unauthorised persons cannot pretend to be someone else and that the connection to the database is well protected.
Our development partners of Knobotech received a report with suggestions for improvement, which they worked through before the release of the Basler Wahl App.
As with many things in Projekt CH+, the development of the best data protection strategy is an iterative process – accompanied by experts and users. Even though initial weaknesses have been identified and resolved, it is clear that the security of our election aid will always be an important task. Just as the security of any system needs to be regularly checked and revised, we will ensure that the same is done for our application.