Transparency of Russia’s Blockchain Voting Setup Put Under a Microscope

Published at: July 17, 2020

From June 25 to July 1, the Russian government held a public vote with the goal of finding out whether the country’s constitution should be amended. Part of the vote was held on blockchain to “ensure security and transparency,” according to the government, making it the country’s most extensive DLT project to date.

But this didn’t stop independent researchers from registering over 20 million “abnormal” votes and arguing that it was one of the most falsified voting events in the modern history of Russia. So what was blockchain’s role in all of this, exactly?

What was the referendum all about?

The amendments to the constitution generally reflect the government’s course toward so-called “traditional values,” or a right-leaning conservative agenda championed by President Vladimir Putin. Specifically, some of the proposed changes mentioned God and essentially outlawed same-sex marriage.

However, the vote was arguably built around one single amendment, allowing Putin to run for two more six-year terms after his current one expires in 2024. Citizens could vote only for or against all 206 proposed changes at once.

A Bitfury-developed blockchain involved?

Notably, residents of Moscow and Nizhny Novgorod could participate in-person or cast their votes electronically from June 25 to 30. The e-voting system was reportedly based on the Exonum blockchain platform developed by Bitfury, and was maintained by the Department of Information Technologies of Moscow. Neither Bitfury nor DIT provided comments at Cointelegraph’s request.

According to the Moscow government’s website, the blockchain was used to ensure security and transparency, helping to anonymize and encrypt each vote to provide safety and immutability of data. The choice of blockchain seems to fall in line with Russia’s latest policies that favor decentralized technology and oppose cryptocurrencies amid general regulatory uncertainty.

Golos, an independent Russian election monitoring group, has since stated that the e-voting was held on an illegal basis, as the nation’s Central Electoral Commission had no right to create a separate entity overviewing the procedure.

The blockchain was reportedly built on a proof-of-authority consensus algorithm on which all transactions were allegedly handled by approved accounts that stored the encrypted votes on the blockchain and then deciphered them using smart contracts.

Blockchain is an efficient solution when decentralization and transparency are the key goals, meaning that it is suitable for voting procedures. Artem Grigorev, head of the research lab at the Russian Association of Cryptocurrency and Blockchain’s analytical center, elaborated to Cointelegraph on how blockchain should operate in this instance:

“The [blockchain] technology makes it possible to create a mutually reliable environment for the vote organizers and the voters themselves. The mathematical algorithms act as an arbiter between the two sides, ensuring that all data is immutable and authentic, which means that the participants don’t have to trust each other.”

In order to ensure transparency, a blockchain-based e-voting system should allow all participants — such as constituents, observers, and social or political organizations — to set up their own nodes on the blockchain, Grigorev noted.

The e-vote didn’t go smoothly

Over the five days of e-voting, the system experienced several hiccups. Not only did it crash soon after going live on June 25, it also started to show abnormal results in certain regions on the spot. As reported by Russian news outlet Meduza, nearly 7,300 people signed on to vote online at a polling station in Troitsky region despite the station only having a total of 2,361 residents eligible to vote.

Another polling station in the same administrative division saw 4,000 people register to e-vote, despite having twice as few residents assigned to it. The local electoral commission called it “a technical malfunction,” confirming that no polling station in Troitsky administrative region had more than 3,500 voters assigned to it, based on the local records.

Further, the ability to vote either in person or remotely led to several double-voting incidents. Local journalist Pavel Lobkov reported on how he successfully managed to vote twice on the same day by first visiting his local polling station and then voting online an hour later.

Yael Iliinsky, a Russian national based in Israel, reportedly managed to vote as many as three times: online via the website, at the Russian embassy in Tel-Aviv and at the Russian consulate in Haifa. Additionally, she claimed that her daughter, who is still a minor, also voted in Haifa because the staff did not check her ID.

Additionally, Meduza reported on a vulnerability that reportedly made it possible to decipher votes before the official count. According to the research, any constituent could theoretically decipher their own vote before it would get decrypted by the electoral commission, and even allow third parties access. To this end, voters could retrieve and save their private key by going to the e-bulletin page, opening the developer console in their web browser, and making a minor adjustment to the “election.js” library (by adding a logpoint and entering: voter secret key is', encryptor.keyPair.secretKey) before casting their vote.

The vulnerability theoretically would have allowed anyone with access to check whether an individual has voted and even which choice they made after inducing them to save their private keys. According to local opposition reports, state-funded entities in Russia were allegedly pushing their employees to vote in favor of changes proposed by the government.

Finally, the data that allegedly belongs to the citizens who participated in the e-vote was reportedly leaked soon after the event. According to Meduza, an archive titled “degvoter.zip,” which contains the personal data of over 1 million Russian nationals, was publicly available for download for at least several hours on July 1 via a government website. The file has since been distributed through various Telegram channels.

Along with the archive, there was a database titled “db.sqlite,” which was not password-protected while reportedly containing passport numbers for over a million e-voters and was encrypted with the SHA256 algorithm. The reporters were allegedly able to decode it “very easily” using free software.

Further, the journalists cross-referenced the leaked data with the Ministry of Internal Affairs’ official service to check the validity of passports used by the voters. They allegedly found that over 4,000 passports registered for the e-vote were invalid.

The Ministry of Digital Development, Communications and Mass Media commented on the investigation, stressing that it excludes “any possibility of leakage,” since the files and passwords were distributed through “secure data channels” and only to authorized personnel.

The agency also said that the passport numbers were encoded and consisted of a randomly obtained sequence of characters, or hash sums, adding that “hash sums are not personal data” and that the “publication of random sets of characters cannot harm citizens.”

Questions over transparency

Like with the Moscow City Duma elections in 2019, where blockchain was also used, the electoral commission did not publish the vote decryption key after the event took place, and provided no information on how to register a node to observe the voting processes. Since participants couldn’t download the data registry and see if it was genuine, the use of blockchain “served no purpose,” as Grigorev told Cointelegraph:

“As far as I’m concerned, it was impossible to register as a blockchain participant (or a network node) and have access to the registry at the e-vote. Therefore, in this particular case, I view the blockchain application as yet another experiment that was not directly related to improving the vote transparency.”

Grigorev noted that the above-mentioned reported data leak was a basic cybersecurity matter that had nothing to do with the blockchain technology itself. However, he added that it is important to “take the reliability of all system components into account” when using blockchain for voting purposes, meaning that all websites, servers, databases, etc. should have been double-checked beforehand.

With all the ballots counted, 77.9% voted for the reform package and 21.3% against, according to the Central Electoral Commission. As for the e-vote results, 62.33% of Moscow voters supported the amendments and 37.37% opposed it. In Nizhniy Novgorod, the results were somewhat similar, with a split of 59.69% and 40.31%.

Tags
Related Posts
Russia’s Blockchain E-Vote Participants May Have Had Their Private Data Leaked
Personal data for over a million Russian nationals has reportedly been leaked. The data allegedly belongs to some of the citizens who participated in the recent blockchain-based e-vote on Constitutional amendments. The archive was reportedly available for everyone to download According to an investigation published by Russian language media outlet Meduza, an archive titled “degvoter.zip”, which contains said data, was publicly available for download for at least several hours on July 1 via a government website. The file has since been distributed through various Telegram groups and channels. The archive was password protected. According to the publication, however, it could …
Blockchain / July 10, 2020
Ruling Russian Political Party Launches Blockchain-Based E-Voting
The ruling party of the Russian Federation, United Russia, has launched a blockchain-based platform for electronic voting, local news agency TASS reported on March 6. United Russia has reportedly launched an updated website for its primaries with the added function of e-voting. The party’s head of IT projects Vyacheslav Sateyev said that the vote counting process will be implemented using blockchain technology. He also stated: "Candidates will be able to fill in their personal pages on this site, including posting news, videos, photos, distributing their pages. The personal account is now integrated with all social networks. We have also made …
Adoption / March 7, 2019
Russian Region Conducts Blockchain Election With 40K Participants
Saratov Oblast, a region in Southern Russia, has conducted a reportedly successful blockchain election with 40,000 participants, according to a press release shared with Cointelegraph Dec. 18. On Dec. 12, participants voted to elect members of the local Youth Parliament via the blockchain-driven electronic polling system Polys, developed by Kaspersky Lab in 2017. According to the press release, the decentralized network was deployed at 110 polling stations and the election lasted seven hours. Blockchain-driven voting mechanisms are being actively tested on both the regional and national levels in many countries. Switzerland implemented blockchain-based voting this summer, while the United States …
Adoption / Dec. 18, 2018
Russian Independent Electoral Watchdog to Pilot Blockchain for Voting System
A Russian independent electoral watchdog is trialing a blockchain-based electronic voting system, local news platform Tass reports August 17. The non-profit Association of Independent Public Observers, dubbed "National Public Monitoring" (NOM), announced the pilot at a press conference in Moscow on Friday. NOM federal coordinator Roman Kolomystev, told reporters: “As part of our congress, we are launching a pilot electronic voting system built on a blockchain system." The inaugural Russian Congress of Public Observers was held on the initiative of NOM, alongside the Russian Fund for Free Elections and the Association of Lawyers of the Russian Federation, Tass reports. Other …
Adoption / Aug. 17, 2018
Election tally: Does blockchain beat the ballot box?
In October, Greenland was reported to be exploring the feasibility of an online voting platform for its national elections. Among the options being considered is a blockchain-based system. That isn’t entirely surprising. Electronic voting, or e-voting, has long been viewed as a promising use case for blockchain technology. “It’s time for online voting,” wrote Alex Tapscott in a New York Times opinion piece in 2018. “Using blockchain technology, online voting could boost voter participation and help restore the public’s trust in the electoral process and democracy.” It seems especially timely now as large swaths of the world’s population are raising …
Adoption / Nov. 21, 2022