Officially, the blockchain-based system used for e-voting in Russia, on the by-elections for State Duma in Yaroslavl and Kursk regions went without a hitch. But experts who had inspected the source code of the system – published in the days leading to elections – say that it is not without problems. The most glaring one is its centralized nature, but it is not the only one.
“We did not find any significant failures in three days of work,” were the words of Minister of Digital Development of the Russian Federation Maksut Shadayev while speaking about the system for remote e-voting in Russia for Kommersant. Adding that there was only a single problem of a user who tried to vote using an outdated version of a web browser.
Remote e-voting in Russia is powered by blockchain
This system for remote voting in Russia was developed by state-owned Rostelecom. And the planning of the Central Elections Commission was to use it for the 2020 Russian constitutional referendum. Due to the emergence of the Covid-19 pandemic those plans had to scratched. Instead, remote e-voting in the Russian referendum was done using an older system available in Moscow and the Nizhny Novgorod region.
In the days preceding the 13 September by-elections, Rostelecom has published the source code of the voting system at their GitHub page. This gave the look into the inner-workings of the system to independent experts.
After the last year’s Moscow region by-elections, some losing candidates were voicing their concern that the system used for e-voting in Russia is to be blamed for their electoral loss.
The remote voting in Russia is based on the blockchain technology. It is implemented in such a manner that cast votes are registered as blocks of the blockchain. But critics are saying that the whole blockchain can be easily replaced.
The officials are saying that the blockchain voting system is public and that all changes are broadcasted to all participants when a vote is cast. And also that the secrecy of votes and the identity of voters is protected by encryption.
Experts have serious concerns about the security of the voting system
Sergei Aksyonov, executive of software developer FunCorp, is saying that while being hosted on Rostelecom’s servers whole voting process can be recorded. That it is plausible to presume that the whole process could be replayed with additional votes added during it. Which would invalidate the process of remote e-voting in Russia.
An additional concern is that the cast votes could be de-anonymized, using Russian Unified Identification and Authentication System (ESIA). Experts are saying that the problem is that Rostelecom has sole control of the whole process, voting servers, authentication servers, and communication channels between them and users.
Another concern is the encryption protocols, which must be pre-approved by the FSB for use in any official systems. Some experts consider the used encryption algorithms to be insufficiently secure and their implementation outdated, allowing for potential breaches of the e-voting in Russia.
As a reply to these publicly voiced concerns, the VP for digital platforms of Rostelecom has said for the Kommersant that it is unimaginable that Rostelecom organizes a man-in-the-middle attack on the process of e-voting in Russia.