For the first time, elections with an expanded cyber format started in the country: are there loopholes for falsifications

– Fair elections, and even in a remote electronic format?! Don’t make me laugh, this is impossible! Surely the developers of this new platform came up with a “loophole” in the program in order to be able to adjust the voting results according to the desired scenario, – this is how one rather active and widely erudite citizen answered my question about trust in elections in electronic format. “Yes, they don’t understand anything at all.” The age of my counterpart – 60 with a “tail” – implied a solid life experience. If you don’t want to, you’ll doubt it too. So it may be worth looking deeper and addressing such doubts to specialists. Those who know all this “kitchen” of remote electronic voting (DEG) from “A” to “Z” and personally know the developers of this platform? By the way, this is very relevant now, because voting started in the country from September 9 to 11, which will cover tens of millions of people.

And yes, nothing is impossible. After our request, “MK” received a personal invitation to take part in the deployment of the Situational Center for Public Observation of the Elections in the Civic Chamber of the Russian Federation. Literally 12 hours before the start of the electoral process, we saw everything, touched it, asked our “sharp” questions and monitored the situation in the room where the territorial election commission of the DEG (TEK DEG) was located.

Let me remind you that it was created specifically for the current September elections at the Central Election Commission (CEC) in the summer. Details in our report.

What kind of animal named “DEG”?

So, during the voting days, elections of 15 governors and deputies of different levels will be held. But on the new federal platform developed by Rostelecom, with the help of the DEG, it will be possible to vote so far only in 7 regions: Kaliningrad, Kaluga, Kursk, Novgorod, Pskov, Tomsk and Yaroslavl regions. In Moscow, with the use of the DEG, they will vote on a different platform. It was developed by the Metropolitan Department of Information Technology (DIT).

A few years ago, before and during the pandemic, remote voting was considered temporary. An experiment, nothing more. But today it is a reality that will have to get used to. The DEG system is gaining momentum every year.

– Our first cyber-voting happened in September 2019 – it was electronic elections to the Moscow City Duma. They had 2 features: firstly, it was possible to select candidates without leaving home, and secondly, blockchain technology was used in this process. It is she who ensures the anonymity and transparency of the process. This technology has been used since 2017 in various fields – legal, financial. It must guarantee the transparency of all transactions that cannot be faked, – says Alexey Shcherbakov, a member of the expert group of the Opinion Department of the Russian Federation DEG. – Remember, that’s when, in 2019, the electronic system failed, and everyone around started talking about mass falsification. Perhaps this was a reason to distrust the DEG.

By the way, not everyone knows that cryptographers have been developing and analyzing the so-called “voting protocols” for 3 decades, which allow implementing the secret of voting “in hardware”.

– I believe that the example of a system failure in the electronic elections to the Moscow City Duma, which gave reason not to trust the system, does not mean that the results were necessarily falsified. This means that they could be falsified, and this assumption needs to be checked, – says Oleg Artamonov, deputy chairman of the TEC DEG. – But if you ask me whether it is possible to ensure the secrecy of voting during electronic remote voting, check the list of voters, recount the ballots, ensure the impossibility of determining the outcome before the end of the voting, I will answer you – “it is possible”, and I will justify it. Let’s walk through our situational center, and I’ll show and tell you where, what and how it will function.

Watch and check

At the entrance to the hall, on the right, there are several long rows of computers with workplaces.

– We have a call center here. By calling the hotline, you can provide any information related to possible violations, get information on the elections. It also receives messages coming to the sites of the public chambers of the regions, – says Oleg Artamonov. – But such information concerns basically “paper” voters. And now we will go to the workplaces of observers and members of the DEG expert group.

There are several tables with computers and monitors in the hall. Around the loops of snake-wires of different colors, on the walls – video cameras.

– The content of all ballots is stored in the system in encrypted form. There is such an algorithm: “Violation-artifacts-detection”. Any observer knows what violations can be in general. Let’s say an attacker created an additional 10,000 ballots and injected them into the system. But the task of the observer is to check it for artifacts. With an electronic stuffing of artifacts, there will be 2. Firstly, each ballot is stored in the system with a unique electronic signature. It cannot be faked, because the key with which the signature is created is located on the smartphone or computer of the voter, from which he voted. Each voter has his own. The violator, of course, can replace this signature with his own. But this substitution can always be checked by the voter himself. There are tools for this. And the second artifact: the violator did not change the signature, but then the system identifies such a ballot as an error, – says Oleg Artamonov. – By the way, the number of our observers has increased by more than an order of magnitude compared to last year. If last year at the DEG we had 6 of them, now their number has already exceeded 100 people ..

Among the observers there are representatives of the OP from the regions, representatives of various parties. By the way United Russia, the Communist Party and the Liberal Democratic Party nominated their observers in each voting region. All of them have access to the surveillance portal. The OP RF is unique in that it has a direct connection to the servers that record the voting results. The so-called blockchain watchdog node. Absolutely all events that occur during electronic voting are recorded on this node. That is, everything is visible: a voter was added, a voter was removed, voting was started or stopped, it is recorded that the voter came to vote, he was given the so-called “blind” signature, he was given a ballot, then he was accepted.

What is a “blind” signature and why is it needed at all?

– Remember the usual polling station. The voter came, showed his passport, he was given a ballot. This confirms his right to vote. Everything looks different electronically. For example, in the Estonian e-voting system, the voter has an electronic signature that is issued to him by the state. It is tied to a specific person. The voter signs the ballot with his electronic signature. When the ballot arrives at the server, it determines whether that person is eligible to vote. The server on the ballot identifies the data of this person, – says Oleg Artamonov. – In Russia, such a system, to put it mildly, would not work. Because it violates the secrecy of the vote. So, in Estonia, after the server has confirmed the right of a person to participate in elections, it removes information about the voter from the ballot. And here in Russia it is more interesting. When a voter sends a request to the voting portal, indicating his data, he automatically creates his electronic key. He will sign the ballot with them. No one knows what the key is and to which voter it belongs. But in order to confirm that the signature with this particular key certifies the right to vote, this key itself is also signed on the voting server. But this is done in a very clever way. The server confirms that this key is correct and belongs to the right person, but does not know what this key looks like.

Oleg leads me to a monitor located on a separate table.

– The servers themselves, on which voting takes place, the issuance and receipt of ballots, are located in specialized data centers. Physical access to them is limited for security reasons, so we cannot directly observe the operation of these servers – and it is unlikely that we would see something important there. But since our computer in the Public Chamber is connected directly to such systems, it sees and automatically records absolutely everything that happens on the blockchain.

This is where the content of the blockchain comes to the aid of observers. In fact, this is a database consisting of a sequentially built chain of digital blocks. Each of them stores information about the previous and next blocks. The specific work of DEG observers in practice is as follows.

Instead of ballot boxes – flash drives as a “moment of truth”

– Everything that happens in the blockchain, observers in the Civic Chamber of the Russian Federation will be recorded on electronic media – flash drives with a capacity of 64 GB each (one main, the other backup). We have 8 of them: that is, 2 for each day of voting and 2 in reserve just in case. We connect them to the system unit, a kind of “black box”, where data on the number of voters is transmitted from the blockchain. Such information goes through a secure channel, – Oleg points to a thick white cable connected to the system unit. – This white cable is that secure channel. In fact, this is a regular Internet channel operating in a protected mode. At the end of each voting day, we put the next two carriers in a safe. Why 2 flash drives? Recording information goes to them simultaneously. They duplicate each other in case one of them fails. You will appreciate the scale: on one flash drive, all the information that occurred during the day of voting is a “cast” of the day! But the key to the safe will be kept by a responsible person – Maxim Grigoriev, Chairman of the Coordinating Council for Public Control over Voting at the RF OP.

– The essence of this approach is as follows. On Monday, the CEC announces the results of the elections. And we take all these flash drives – daily “casts” and combine them into a single block of data for 3 election days. Then we separately download the official data, which are listed in the system as the voting results. And then we compare whether these 2 “packages” of information match. This will be the “moment of truth”! – says Alexei Shcherbakov. – If they are not identical, it means that something was changed in the system last night: extra ballots were added or removed. Intrigue. That is, when comparing the data, you need to answer a specific question: “Are you sure that after the end of the elections, but before the publication of the results, nothing was changed in the system?” The contents of these flash drives will give an answer to it! Every day at the evening press conference, we will remove media from the computer. Then Maksim Grigoriev will seal it in front of everyone in a safe package and put it away in an already large safe. And I will connect a set of blank flash drives to the system unit for collecting data for the next voting day.

Experts are confident that such media, where the entire voting process will be recorded, is much more effective than ordinary ballot boxes. After all, the latter do not record the fact that the voter was given a ballot, voter lists, changes in them. They cannot make copies of the ballots to check their integrity.

– Let’s say if during paper voting an unscrupulous member of the commission added a couple more ticks in the document after it was removed from the ballot box, then we will not be able to find out. And with the DEG, a copy of each ballot is reflected on the carrier at the moment when it fell into the electronic ballot box and all subsequent changes, – says Oleg Artamonov. – For example, a very important point is that with DEG, the time is necessarily fixed. That is, it is impossible to throw something into the electronic ballot box or pull it out unnoticed. All this will become apparent after reading the data from the flash drives. By the way, I promise to give you such an “election” flash drive when the voting results are already summed up and announced. Let it be kept in your editorial office for history. And for the future I will say that this electronic system will be constantly improved over time. And contrary to the statements of some experts, politicians and political scientists, it is possible to build a reliable system of such cybervoting. I know that representatives of the Communist Party of the Russian Federation, Yabloko, doubt it. But I am sure that the time will come, and such an electronic system will provide a level of protection against falsification no lower than the classic face-to-face secret ballot. Confidence in the system will be provided by its advanced technological solutions.