Using insecure browsers on insecure unpatched devices for trusted secure state-level voting is a bad idea to begin with.
If they decide to go ahead with this approach, they should at least try to harden their system as much as they can against all possible approaches.
As an example, a few months ago the Swiss CCC demonstrated a DNS attack on the e-voting system of Geneva, which was easy since they deployed neither DNSSEC or HSTS Preloading. While DNSSEC is not trivial to deploy (but almost trivial when using a DNS server like Knot), HSTS Preloading can be done in two minutes and there's probably no reason not to do it.
A few months later, actual state-level votings are done through systems by both Geneva and the Swiss Post without DNSSEC and without HSTS preloading.
The Swiss Post is just doing the minimal they have to in order to fulfill the law, while at the same time using the intrusion test as a PR instrument. If you demonstrate a practical and scalable attack, but require a MITM attack vector (e.g. with a root certificate, see Superfish case for example), then they can claim it's out of scope and that their system was unhackable.
An e-voting system with an intrusion test is better than an e-voting system without an intrusion test. But the consequences of such a test and the way it's communicated is very problematic.
If they decide to go ahead with this approach, they should at least try to harden their system as much as they can against all possible approaches.
As an example, a few months ago the Swiss CCC demonstrated a DNS attack on the e-voting system of Geneva, which was easy since they deployed neither DNSSEC or HSTS Preloading. While DNSSEC is not trivial to deploy (but almost trivial when using a DNS server like Knot), HSTS Preloading can be done in two minutes and there's probably no reason not to do it.
A few months later, actual state-level votings are done through systems by both Geneva and the Swiss Post without DNSSEC and without HSTS preloading.
The Swiss Post is just doing the minimal they have to in order to fulfill the law, while at the same time using the intrusion test as a PR instrument. If you demonstrate a practical and scalable attack, but require a MITM attack vector (e.g. with a root certificate, see Superfish case for example), then they can claim it's out of scope and that their system was unhackable.
An e-voting system with an intrusion test is better than an e-voting system without an intrusion test. But the consequences of such a test and the way it's communicated is very problematic.