Russia Is Testing Online Voting

This is a bad idea:

A second innovation will allow "electronic absentee voting" within voters' home precincts. In other words, Russia is set to introduce its first online voting system. The system will be tested in a Moscow neighborhood that will elect a single member to the capital's city council in September. The details of how the experiment will work are not yet known; the State Duma's proposal on Internet voting does not include logistical specifics. The Central Election Commission's reference materials on the matter simply reference "absentee voting, blockchain technology." When Dmitry Vyatkin, one of the bill's co-sponsors, attempted to describe how exactly blockchains would be involved in the system, his explanation was entirely disconnected from the actual functions of that technology. A discussion of this new type of voting is planned for an upcoming public forum in Moscow.

Surely the Russians know that online voting is insecure. Could they not care, or do they think the surveillance is worth the risk?

Posted on March 11, 2019 at 6:54 AM • 39 Comments

Comments

Peter GalbavyMarch 11, 2019 7:25 AM

Russia is becoming a single party state (again) so it doesn't really matter; This fun one may have passed many by last week:

https://www.bbc.co.uk/news/world-europe-47488267

"Russia's parliament has passed two bills outlawing "disrespect" of authorities and the spreading of what the government deems to be "fake news".

The first ban refers to "blatant disrespect" of the state, its officials and Russian society, and repeat offenders face up to 15 days in jail.

The second bill prohibits sharing "false information of public interest, shared under the guise of fake news," the TASS state news agency reported."

So, voting against the government will be disrespectful, I assume.

WeskerTheLurkerMarch 11, 2019 8:11 AM

Oh, I'm sure they know - that's why they're doing it. It'll let them be able to manipulate the votes easier while legitimizing United Russia's takeover of the government, and if they don't get the voting results they like, they can blame it on America/Britain/EU/whoever Putin's latest boogeyman is.

B from RussuaMarch 11, 2019 9:16 AM

Well, the voting system in Russia is spoiled from the ground, so who cares it will be spoiled one more way? Maybe someone who will get government funds for implementation.

TimHMarch 11, 2019 9:25 AM

@Peter Galbavy: It matters to Russians who'd like to keep the option to vote Russia away from a single party state.

Somoza's Law: "Indeed, you won the elections, but I won the count."**

** According to Snopes, wording allong these lines has been attributed to many people, including Big Joe. But Somoza has a nice rhythm to the syllables.

I take it as a given that political parties that promote electronic or remote voting and deliberately ignore the fraud potential... expect to be in a position to control the counting. Which is stupid in itself, because at come point their competitors may gain control...

thatguyMarch 11, 2019 9:32 AM

Nonsense, this is a fine way to secure elections - from the citizens, that is. No more embarrassments from observers documenting mass election frauds, either.

And bonus points for being able to crow to western democracies about how Russia has managed to do online voting when they cannot.

Snarki, child of LokiMarch 11, 2019 9:36 AM

Russia is testing out online voting in America.

What could possibly go wrong? Oh, wait. It already did.

VMarch 11, 2019 9:41 AM

All forms of absentee voting - electronic and paper - are fraud-friendly. Case in point: US House North Carolina 9th.

v2March 11, 2019 10:09 AM

Democracy has to look believable in order to function; whilst it may have been a bit of a nuisance to cook the books semi-legitimately - historically (boundaries that are no longer as relevant) and/or legally - “The US Senate is inherently anti-majoritarian,” according to Erwin Chemerinsky, the dean of Berkeley Law at the University of California (other countrues use similar constructs) - going through the pretence gives peoples of the world a shred of hope in the process... remove the pretence/hope and people will become less readily governable by a democratic 'front'.

ludwig_arMarch 11, 2019 11:13 AM

@ Peter Galbavy

If Russia had megacorporations like Facebook/Twitter that dominated the public sphere, then they wouldn't need these repressive laws. They could just let the corporations censor people, like we do here.

Why is it ok when speech is censored by corporations, but not when the government does it? Try to imagine that it's your own views that are censored, rather than just opposing views you don't like -- especially since things could swing the other way at any time.

RonnieMarch 11, 2019 11:14 AM

"Even a blind squirrel …"
Maybe they will break new ground as to what not to do.

bombaMarch 11, 2019 11:17 AM

@v2 Democracy has to look believable in order to function

Then why is the American left so opposed to voter ID? Can we really be asked to accept that someone who has no form of ID is engaged enough in society to be qualified to vote?

bombaMarch 11, 2019 11:24 AM

I can't believe that online voting cannot be made secure and verifiable. Are you telling me that the most advanced technological society in the world can't figure out how to make online voting secure?

Counting sure would be easy; there's no such thing as a digital "hanging chad."

It should be completely feasible to design a system where everyone is assigned a key, and they use that key to vote. Your key is your ID. Put your vote in the blockchain. If you can't figure that out, come to a booth and a volunteer will help you.

This way EVERYONE can verify that the votes are valid, not just a bunch of partisans in a room behind closed doors. It's odd we don't have this already... the technology exists. It's almost as if some people don't want it. Can't imagine why that is.

PaulMarch 11, 2019 11:29 AM

By the way, Brazil has electronic voting (not on-line). One characteristic of the system is to NOT associate the vote with a person, meaning, the vote is secret no matter what. At the end of the election day, each machine only carries the information of X votes for Y candidate. There's no way to know WHO voted on each candidate.

Recently some people suggested a checking system or a blockchain confirmation, however, that would break the secrecy of the vote. Brazil conquered the secret vote because in the past some people would force people to vote on certain candidates. If we allow any type of recording, companies would force the employees to reveal their votes. "But blockchain is secure..." - it doesn't matter, someone can force you to reveal your vote. The only true safety is to have no data recorded.

Today, each citizen can vote and come back to their home without the need to reveal their vote. They can lie to their employee and they can put their heart on the candidate they truly believe.

That, however, have not prevented people from voting on the worst....

HisVoteDidn'tCountMarch 11, 2019 12:44 PM

About 3 elections ago (I think), a friend of mine went to vote and was told he had already voted. He suspects it was a former coworker of his who is on the other side of the political aisle. Voter ID definitely would have stopped that one. At the very least, making in at least opt-in, would really have made that guy's day particularly nasty, claiming one name and then being forced to show ID.

Doug KMarch 11, 2019 1:19 PM

"Surely the Russians know that online voting is insecure."
That is a feature, not a bug, as far as Putin and his henchmen are concerned.
Who are the the Russians ? In this case, they are whoever has power to do this. Like the Republicans here, for them power is its own end and supreme justification.

justinacolmenaMarch 11, 2019 1:21 PM

@ O.P.

Surely the Russians know that online voting is insecure

If it is anthing like the murderous baseball bat wielding city hall mobsters who count ballots in every district and municipality of the United States, the common people of Russia have absolutely no say in the matter whatsoever.

SteveMarch 11, 2019 2:23 PM

@justinacolmena

"If it is anthing like the murderous baseball bat wielding city hall mobsters who count ballots in every district and municipality of the United States"

No hyperbole please. We have serious problems to fix here.

JonMarch 11, 2019 2:28 PM

There is another detail of electronic (and mail-in, incidentally) voting that doesn't get much press, and that is that not only can your vote be changed without your consent, they can (depending on the system*) determine how you voted, and single out certain voters for 're-education' if they did not vote the party line.

On Voter ID:

I have no problem whatever with Voter ID, as long as the government provides someone who comes to your house or place of work and says, "Here is your voter ID" and gives it to you for free.

My problem comes from when to get one you need to pay $40 or $50 and stand in line for four to six hours. People to whom $40 means 'we can pay the rent AND the electric bill this month!' (and yes, there are lots of people in that situation. Few comment on Bruce Schneier's blog) and to whom spending six hours in line instead of at work means 'you're fired', or at least loss of equivalent income (Four hours at $15/hr is a loss of $60!) are going to be a little less inclined to go get that ID, despite having the same right to vote.

In effect, Voter ID is a poll tax.

Oh, and you must have paperwork you may not have. As an orphan who's bounced around multiple step-parents and child support services, you think you still have your birth certificate handy? And what's it going to take to replace that if you don't?

J.

* In Nazi Germany they liked to treat ballot papers so they would clearly show fingerprints, thus leading to whom was an enemy of the state.

mrfoxMarch 11, 2019 2:32 PM

@bomba, Then why is the American left so opposed to voter ID? Can we really be asked to accept that someone who has no form of ID is engaged enough in society to be qualified to vote?

Not sure if trolling, but I'll bite.

Because most people are not dumb enough to risk years in prison to change a single vote? Because studies show that in fact in-person voting fraud is basically non-existent? Because the voter ID laws that have been enacted almost always conveniently target certain demographics very specifically? Because such laws often coincide with measures that make it difficult to obtain an acceptable ID in the first place? Because many republican operatives and politicians are on the record stating that these laws have nothing to do with voter fraud, and everything to do with keeping "undesirable" voters off the polls?

Gilbert McChateauMarch 11, 2019 3:29 PM

I think the electronic voting is future. It enables big masses' participation in decision making. There is two thing that must be met by the application:

-- Open source so that the voter can download the application from where ever he wants. E.g. from the government.
-- Zero trust so that the processing is done locally in the voters machine.

MarkHMarch 11, 2019 4:06 PM

@thatguy:

You made an excellent point: although new techniques won't make much difference to Russia's pre-determined "elections," they CAN help to submerge election fraud so that it's more difficult to publicly confirm.

To the Kremlin, that's a worthy goal.

Murdoch StonewallMarch 12, 2019 2:59 AM

The real threat is an "arms race" for democracy. If Russia gets any reliable digital voting platform working it is just one click away of implementing the voting process worldwide. And that would make Moscow the capital city of the one world government.

By the way. Have you noticed that also the present world order is based on voting. The technique however is from the stone age: The one who has a bigger stone wins the case.

Another feature of this present stone-age ballots is that promoting democracy worldwide is rather expensive: You have to heavily bomb nations to stone-age to imply new democracy to them.

Not Clive RobinsonMarch 12, 2019 3:57 AM

This is a great opportunity for us to “introduce western democracy values” to Russia by hacking their online voting system ;-)

JG4March 12, 2019 6:13 AM


@Murdoch - Thanks for the chuckle. It went well with coffee. Before I saw your comment, I was thinking about Kubrick's brilliant work. In particular, the part where an ape uses a bone for political ends, capturing the progression from murder as an evolutionary strategy to the space race in a flash. The murderous baseball bat wielding city hall mobsters have a fine pedigree indeed. Bombing bronze age peoples back to the stone age hasn't enhanced US security yet.

@MarkH - Thanks for the suggestion to look up brachristocrone. This quote was worth the price of admission, "Nothing is more attractive to intelligent people than an honest, challenging problem..." I'm not sure about fame and monument, although those aren't wrong. I probably didn't say that I had a good run at problem solving last year. I've been negligent about putting the solutions into the literature.

Getting electronic voting right is fairly easy, but if it could make any difference, it would be illegal. Anonymous, traceable, or secure - pick any two. Those almost map onto concurrency, integrity and availability. Fast, cheap or good. Your planet is a tradespace.

If you want a hard problem, it would be defeating the surveillance state to disempower the public sector liars, thieves and murderers. If that's not hard enough, do it without enhancing the power of the private sector criminals.

BrandonMarch 12, 2019 6:24 AM

@JG4 You nailed it with the pick 2. Honestly, I think it could be a good alternative that would help eliminate traditional barriers to voters (see Georgia's voting from last year), but you would give up anonymity. Have it tied to a national/state ID card that uses a chip and pin similar to any common access card used by the government or private industry.

The only concern then is that someone knows how you voted and can prove it. This would be even more of a concern since we have to assume the system would be hacked (does anyone trust the government to truly secure the system anymore?) and your voting record would be published at some point. I don't know if that's as much of a concern anymore though since Google and Facebook can already guess with 99.9% certainty how you voted based on what articles you viewed, commented on, and/or reacted to.

JG4March 12, 2019 7:49 AM

All good solutions start with a clean statement of the problem. "What problem are we trying to solve?" I don't think that I've written it up here, but I did work out a system that has partial traceability for the individual vote and is anonymous. Of course, without requiring ID, you can't keep imposters from voting. The basis of the scheme is a paper receipt with a unique identifier and a record of the vote. The record of the vote could be password protected. The approach only provides statistical verification as to whether votes are being toggled, which is a good start. The other problem that I wanted to solve was vote-buying and coercion, so half of the people who ask for a paper receipt won't get one. Thus, if an elderly person is hauled to the voting booth and threatened, they can say that they asked for a receipt and didn't get one. It's all mental masturbation ("How many angels can dance on the head of a pin?"), if the voters are brainwashed by television. Good luck with that hope and change. The more things change the more they will be the same. It's all entropy maximization all the time. May yours be favorable.

TatütataMarch 12, 2019 8:43 AM

I was trying to think of a good Russian reversal, but couldn't come up with any that didn't sound contrived.

Isn't Russia a country where private crypto is heavily frowned upon? If they don't want you to discuss your political opinions privately on Telegram (and surely also Signal?), how can you expect to be able to use your fondleslab to place a secret and untainted ballot? Or that you won't suddenly have billing issues or network problems exactly during the voting period?

I can't help imagining a dial-a-result system when I see the current organisation of polling stations in various voting fraud videos, with the urn essentially being left unguarded. The procedures I'm familiar with involve much smaller boxes under the watch of two officers, who ensure that you only insert a single properly folded ballot.

I was impressed by the 2012 paper
Statistical detection of systematic election irregularities
, where the Viennese authors could show aberrant results (or differing national electoral mores) by a simple dot-plot, with one axis representing the percentage turnout, and the other one the proportion of the vote received by the dominant party.

vas pupMarch 12, 2019 1:01 PM

@all:
'It is not important how people vote, it is important how their vote count' (Joseph Stalin).
There is always possibility in any country (more or less) where electoral process exists to affect processing of final count of the results. Tools evolved with technology of voting. I consider that is 'medium' interference with electoral process regardless of source: internal(inside the country) or external (by foreign actors: professional/government or not).

You see now when electoral results could be overridden by interference into internal affairs of the country by foreign actors by instigating and financial support of mass protests, riots, violence or/and up to military intervention. That is 'hard' interference with electoral process.
That is like cowboy playing cards in saloon.
When he won, it is ok, when lost - he pull the gun and restore balance in his favor by force, i.e. behave OUTSIDE the rules of the game.

'Soft' interference is providing information (true of fabricated) about candidate to voters to affect their votes at the poling place WITHOUT interfering into count process at all.

But that is just my personal opinion.

SpellucciMarch 12, 2019 1:02 PM

@bomba I can't believe that online voting cannot be made secure and verifiable.

Nothing online is secure and verifiable today, so I'm not sure why online voting would somehow be an exception.

It should be completely feasible to design a system where everyone is assigned a key, and they use that key to vote. Your key is your ID.

Ah, but in the U.S., voting is anonymous. I would not give up my anonymity to vote. And the problems of keeping one's key separate from one's identity are legion.

1&1~=UmmMarch 12, 2019 1:52 PM

@Tatütata:

"how can you expect to be able to use your fondleslab to place a secret and untainted ballot? Or that you won't suddenly have billing issues or network problems exactly during the voting period?"

You can not is the answer to both questions, and it's not encryption related.

If you spend a little time thinking about it, the answers are not going to change even with other voting methods or technology...

It's the old issue of 'Time Place and Token' you have to get all three correct simultaniously or you actions are invalid.

Lets look at the phone, in most cases the owner/payee/user is known. In the US companies give this information to the US Government in return for immunity from other things.

Due to other US legislation on health and safety all cellphones sold in the US are required to have GPS units in them, that an 'Operator' can access silently.

Further due to the principle of 'inventory cost minimization' all phone types that are sold in the US have GPS in them, even if they are being sold elsewhere. It's a point @Bruce elaberates on in the video he posted a few days ago.

So connect up to a US or many other networks and they can pull not just your location but altitude without you knowing to within a couple of meters of position and about twice that in altitude. Let's say you are sufficiently skilled to 'pull the chip' or similar, the phone network still has a fairly good knowledge of where you are[1] simply by good old mathmatics and two or three point fixes on you and adjacent phones.

So not wishing to sound creepy or melodramatic but 'They know where your phone is or was' and can make predictions about where it will go, when and with respect to other peoples phones (most of us are creatures of habit either in our repeatability or lack of repeatability and a change from one to the other is suspicious).

Oh and those health and safety rules for your phone alows for the 'operator' to do all sorts of things to/with your phone. But it gets worse, remember CarrierIQ and their 'test harness' they put in phones to 'assist tech support', That sent all your keypresses etc across the Internet in 'plain text' and could alow the TechSup person to use your phone like they had it in their hands totally unlocked. All mobile phones can and frequently do have such test harnesses built in that might or might not be enabled now or at some point in the future.

Thus stoping you voting as an individual would not be overly difficult.

Just the same as it would not be overly difficult from stopping you registering to vote, de-registering you to vote, gerrymandering the districts or stopping you getting to or entering the polling station. Likewise they can always swap ballot boxes in transport to counting stations or mis report candidate tallies etc. Or any one of a whole bunch of tricks.

Whilst we can build some robust voting casting systems, we have little chance of controling what is around them. Worse as we reach outwards to control other aspects vote riggers will just use a different method.

However history does teach us one thing, whilst it's not impossible for a dead person to vote, or draw their pension etc. Using voting papers to identify those who vote in a certain way such that they receive punitive action upto and including death is well practiced and has been for thousands of years even in supposadly 'true democracies'[2].

[1] The thing about fixes is that whilst they have 'uncertainty' of location often called a 'cocked hat' they have much better relative position fixing. So whilst if you and I were walking in Central Park NY, whilst they would not know where we are very accurately they would no much more accurately just how close together we were physically, and because if we were moving our tracks would be consistant with each other they could assume either we were together or one of us was following the other.

[2] See how the trial of Socrates nearly two and a half millennia ago was set up https://erenow.net/biographies/the-hemlock-cup-socrates-athens-and-the-search-for-the-good-life/10.php and for all it's technical wonder of the time, some have reason to think it was still actually rigged...

ICMarch 12, 2019 1:56 PM

Not sure why the electronic/online voting system is insecure by definition, as seem to be implied by the post.

This is not applicable to the whatever thing Russians are implementing, but let’s assume the following…

1. Everyone has a voting ID or simply an electronic passport (which is a smartcard with it’s corresponding PIN or password). This voting ID or electronic passport contains a private-public key pair.
2. When someone wants to issue a vote, a unique ID for the elections is generated by the smart card (it’s a random number basically).
3. When the voter chooses and confirms an option, her vote and unique ID is signed by the private key alongside some additional info such as approximate time and place.
4. The unique ID, the vote, additional info and signature are sent to the election’s server and are validated against the public key (previously obtained from a valid voter ID/passport). Once the vote is verified, it is registered in the system.
5. The unique ID, the choice and additional info is printed on physical paper. The signature is printed as well as the hexadecimal string.
6. All of the above is also stored inside the voter ID/passport, so it can be retrieved later as well.
7. The vote is published on the public list, which is accessible for everyone for counting and vote verification. The voter can check his vote, unique ID and signature at any point in the future. The date and place of voting are approximate to ensure anonymity.

I do realize that the anonymity may be compromised when the vote is validated against the public key which is stored on some central server. Maybe one way to try to secure it a bit more is to have two distinct systems such that the voter ID and the person’s ID are not associated, but can be physically on the same smart card (it can contain two “virtual” cards, so to speak, but no system shall have the info on which voter ID belongs to which person’s ID).

Surely it’s not a perfect system (and surely it can be improved), but assuming it is robust and well implemented, I think it’s probably more reliable than traditional voting system and it’s more resilient to attacks.

VivianMarch 13, 2019 11:46 AM

What better way to get ahead than to test in their own backyard? Real quick way to have your best red teams flesh out vulnerabilities. Its a win-win.

Rach ElMarch 14, 2019 1:03 AM

Tatütata 1&1~=Umm

thankyou I just learnt what a russian reversal is! I just thought of one (kind of) on the spot

When UK liberates by enforcing border, UK become isolated
When Trump liberates by enforcing border, World becomes isolated

1&1~=UmmMarch 14, 2019 5:20 AM

@Rach El @Tatütata:

"I just learnt what a russian reversal is!"

It is defined as 'a chiasmus for humours effect'... Yup it's just another word you will probably never hear again (I know more signs of a wasted education ;-)

My favourit humours chiasmus of Russian origin --that can be said in public-- is from the late 1970's and comes from the end of a joke,

My friends the reality is there is no difference between the objectives and outcomes of capitalism and communism, it is what we hold most dear we seek to protect. In the Capatilist West you lock up your money, whilst here in Soviet Russia we lock up our people.

In the 1980's it was shortened to in effect just the punch line and variated so you got,

In Soviet Russia the television watches you*.

Which if you think about it George Orwell thought up in 1948 when writing his warning to the world, that instead became a political manual like the work of Machiavelli.

Now of course the joke is on the Capatilst West as Ed Snowden's trove highlighted.

In history it is known that the wheel turns over and over repeating what went before, however in time the ground changes beneath it...

* Or more correctly for 80's USSR 'the radio listens to you' which was a technical feat acomplished by its Soviet inventor, Leon Theremin. Who also designed The Great Seal Bug and the musical instrument named after him you can hear on the Beach Boys 'Good vibrations'.

As Terry Pratchett once observed,

"The trouble with having an open mind, of course, is that people will insist on coming along and trying to put things in it.".

CoenMarch 15, 2019 8:34 AM

It is not a problem if the system gets hacked. Russia will "correct" the votes if the elections turn out differently than expected!

JasonMarch 16, 2019 7:11 AM

> Surely the Russians know that online voting is insecure.

Surely you can add a link to comprehensive book prooving this overly generic statement?

Because after reading dozens of papers about online voting protocols and related security proposals I'm rather disappointed to see that 'nope' is the best comment you could come up with.

Is making a quick post on minor political news really worth it to taint your reputation?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.