Online Voting Testing in the Russian Federation: Observers’ Assessment

The Central Election Commission (CEC) of the Russian Federation has tested the system of remote electronic voting. In order to participate in the testing, one had to apply (April 21 - May 7) and then vote (May 12 -14).

The process of Internet voting was of significant concern to election observers, as neither technical specification nor official program code of the system had been published. Moreover, the respective legislative standards had not been developed. Public discussion and tools for effective monitoring had also been lacking. In addition, a special expert group was supposed to supervise the testing. However, the composition of this group remains unknown; its work has been kept secret.

Once the testing was over, the CEC announced seven regions in which remote electronic voting would be conducted during the 2021 State Duma elections. Among them are Kursk, Murmansk, Nizhny Novgorod, Rostov, and Yaroslavl regions, Moscow (on a different platform), and Sevastopol¹.

The Movement in Defense of Voters' Rights "Golos" observed the testing phase, took part in the voting, and shared their conclusions and recommendations in a respective report. The report was subsequently sent to the CEC of the Russian Federation.

Key conclusions and recommendations of Golos:

• Testing the remote electronic voting system prior to elections should be intended to increase public confidence by allowing observers, experts, political parties, and others to monitor the process. It is also done in order to check the technical readiness of the system. To achieve this, some means of overseeing the testing should have been provided to the above-mentioned entities. However, the CEC did not observe this rule. The organizational procedures of the remote electronic voting system were not carried out openly and publicly. The public at large was not provided with tools enabling them to oversee the operation of the system, which further contributed to increasing mistrust.
• Development of the remote electronic voting system is not being carried out based on a thoroughly thought out technical specification, provided by the CEC of Russia, which must clearly describe its procedures and processes. On the contrary, the developers first create a system that is later formalized by the regulatory documents of the Russian CEC. This issue arises from the lack of legislative standards applicable to Internet voting systems. The absence of these standards allows developers to generate voting systems with significant built-in flaws, yet avoiding any responsibility.
• The CEC of the Russian Federation did not hold the required open, public expert discussion of the remote electronic voting system, which, as a result, has significantly reduced public confidence in it. In the very midst of the testing phase and after public criticism of the closed nature of the system, the Chair of the CEC established an Expert evaluation group, the composition of which was not rendered publicly available. Fragmentary comments in the media assert that the above-mentioned group is headed by the developers of the system, which indicates a clear conflict of interest.
• The official code of the system components, which was used for testing, as well as its full description required for verification and analysis, were not published. A mandatory procedure certifying compliance of the program code with the program codes previously published for verification and analysis was not offered. Also, no alternative methods for thoroughly checking the system have been offered.
• Whether by accident or deliberately, the CEC of Russia commissioned the testing phase of the system in parallel with the implementation of United Russia's party primaries. Both actions were conducted based on the Gosuslugi.ru² website. This led to state employees in the Russian regions being forced to take part both in the testing of the voting system and in the primaries of the party. Thus, voters have become even more vulnerable to pressure due to the peculiarities of remote voting.
• During the period established for acceptance of applications for participation in the remote electronic voting, the members of the CEC did not have access to information related to all submitted applications, including the list of applications rejected by the system with a specification of reasons for rejection. Only technical specialists of the State automation system ''Vybory'' (Elections) and Rostelecom³ had access.
• The Russian CEC did not operate with exact numbers, as is customary for an election commission. Rather, it published rounded numbers of submitted and rejected applications from voters who wanted to take part in the remote electronic voting.
• A large number of voters were not allowed to participate in the testing without proper explanation. There were roughly 137 thousand refusals out of almost 2.5 million voters. The exact numbers were not publicized.
• Despite one of the testing objectives being to assess the security of the system in terms of voting secrecy, no means for such verification had been provided. The results of testing have demonstrated that citizens have no chance to make sure the remote electronic voting system guarantees the secrecy of their expression of will.
• Users' devices cannot be considered a trusted environment within the system of remote electronic voting, as in the case of a software virus, the expression of will may be distorted and the secrecy of voting violated, passing unnoticed by the system.
• Any person with access to the voter's credentials could cast a vote on Gosuslugi.ru. An attacker could easily switch the mobile phone number to receive a confirmation code, which is sent to confirm the identity of the voter via SMS. Examples of such unauthorized access to the identity verification system have been reported in different regions of Russia. A serious vulnerability of the system is that it allows voting from a personal account linked to a phone number registered to someone other than the respective voter. Thus, the remote electronic voting system does not allow both the CEC members and observers to ensure that all voters personally take part in the voting process by having entered their credentials and an SMS code themselves.
• On May 12, an anomalous ratio of the number of "ballots issued" vs. "ballots encrypted" was published on the main page of the "Observation portal" of the system. "Ballots issued" appeared 11.5 times more frequently than "ballots encrypted". If we stand on the presumption of an integral and proper operation of the system, such a ratio should be close to 1. The developers of the system could not explain the reason for this statistical anomaly and refer to the incompleteness of the data published by the system during the testing period. They also asked to wait for the release of the next version of the system, which would contain additional tools, allowing for the acquisition of a larger dataset.
• External observation data indicate malfunctions in the operation of the remote electronic voting system.
• During the testing phase, a reduced monitoring interface was provided. It contained no option to download files with transactions and provided no direct access to the database. It should be noted that the option to download such a file from the system had already been implemented last year.
• No objective instruments enabled both the voters and observers to confirm any presence of the blockchain technology, the application of which had been announced by the CEC. It is impossible to check whether the data is being saved, to which database, and how many such databases are in use. The databases remain under the control of the technical specialists only and are closed to external audit. Both the display of a set of blockchain transactions in the web interface of the portal and the ability to download transactions in a file to check the operation of the system are inadequate, as there is no way one can verify that instead of a live broadcast from the database an edited video is being displayed.
• The voting interface did not provide for voter's access to information about all candidates, lists of candidates and electoral associations included on the ballot, including biographical data of candidates in the scope established by the commission organizing the elections, information on the income and property of candidates in the scope established by the election commission organizing the elections , information on the facts of submission of false information by candidates, etc., as required by Art. 61 of the Federal law no. 67.
• The system was not adapted for the voting of visually impaired voters. At the end of the testing phase, the developers promised to improve the interface.
• As part of the ongoing testing of the remote electronic voting system, all citizens' reports about issues and the responses to them should be rendered publicly available. But as we can see, while implementing this costly contract, the developers are not at all interested in voluntarily revealing emerging errors, issues, and their scale. Neither do they provide any instruments for external audit. At the same time, it has been made known that the support service received more than 10 thousand calls during the testing phase.
• Generation and division of the decryption key into separate bits were not conducted openly and publicly during the testing phase.
• Lack of control tools (decryption key, transaction database, and details confirming its authenticity) did not allow to verify the correctness of the decryption of votes and accuracy of vote counting.
• The system documents, including electronic ballots, were not signed with the electronic signature of the members of the election commission. Therefore they do not have the required legal power.
• There is no method to verify vote tabulation, which should be as reliable, objective, and accessible as counting paper ballots is.
• At the end of the testing phase, a detailed report including an attachment of technical information and data sets, allowing to evaluate the results of performed work, as well as the fulfillment of the testing goals was not provided. Only the interested party presented at the May 19 CEC meeting, as it was composed of the system developers, whose reports on testing results were fragmentary and biased.
• Cybersecurity of voting conducted over the Internet is of critical importance. Both representatives of government bodies and members of election commissions have recently been actively discussing a threat of foreign interference in the Russian elections. However, this does not prevent them from promoting online voting. Either they understand that in reality there is no such threat, or, knowing about the threat, they purposely expose the elections to unjustified risks.
• To prevent violation of the electoral rights of citizens and delegitimization of election results, it is not recommended to use the remote electronic voting system proposed during the testing phase in elections without a substantial revision and consideration of the recommendations submitted herein.

The full report may be found here (Russian).

¹ A major city in illegally annexed Crimea - REM

² The online public services portal of the Russian Federation - REM

³ Russia's leading long-distance telephony provider - REM