Manufacturing Consent On The Blockchain: The Case of 2021 Russian Election
In September of this year, elections for Russia’s state Duma were held. In light — so goes the official line — of the pandemic, and the enhanced convenience it offers, distanced online voting (henceforth DEG, which is the Russian acronym) was offered. And this online voting was done via a blockchain, which, again per the official line, promised anonymity and security.
The aim of this post is to discuss how that went, both in fact and per the telling of it of a particular Russian weekly newspaper, Argumenty i Fatky (Moscow edition). Presenting work found in other Russian media but, as far as I can tell, as yet not discussed much in English language sources (apart from this, which I just found, and you should read (although the site seems unbelievably terrible in design) because it discusses a few features of the system I don’t), I’ll show the problems and dubiousness of this blockchain voting. By comparing the reality, as discovered by the independent Russian computer scientists, and the story told in the newspaper, I’ll draw some lessons about how propaganda works, in addition to the prospects and problems for blockchain voting.
You might think: so what. Russian elections frauds, blockchain bad? That’s old news. This just confirms what you thought ex ante and you don’t need to waste time learning exactly how the elections went down, and exactly how the blockchain failed to perform as tasked.
But that would be a mistake. One very basic reason is that if something is fradulent (I’m not saying DEG is fradulent — you can assess the evidence yourself), you want to know how the fraud is accomplished, so you can prevent it in future. Another reason is that most people discount blockchain-based technologies too quickly. If it were possible to vote securely from one’s home, that would be a gigantic boon for democracy. Psephologists will tell you that we should repel any attempts to incorporate technology in voting more, and we should listen to them, but it would be nice to have a solid reason for this particular repulsion other than blockchain bad.
And the third, and probably most important reason, is that the possibility of blockchain voting in your country is not entirely unreal. Read a book about recent Russia, and you’ll probably find the claim that Russia is an advanced country when it comes to ‘fake news’ — that the Trump era was presaged by developments in Russian so-called ‘political technology’, an aim of which, per the title of one of those recent books, is to show that nothing is true and everything is possible (Pomerantsev) — the cast doubt on the notion of truth itself.
(Other books that make this case include Ostrovsky, The Invention of Russia (preface to the second edition), which is very good for the media landscape and its personalities in the 90s and 2000s, and Synder, The Road To Unfreedom, which covers slightly more recent history in a slightly more philosophical way. There are many other good books out there.)
If it’s true that Russia is ahead of others, especially the USA, which follow on a lag in terms of how it subverts democracy, then if you look at the on-going attempts to nullify the 2020 elections led by Trump, in addition to the more mundane GOP attempts to disenfranchise people, you should be very open to the possibility that the same dialectic will play out elsewhere: the convenience and security of new voting arrangements will be trumpeted, pushed though and implemented, and you’ll be faced with an election mechanism that no one can understand and that probably isn’t fit for purpose. And then, basically, you can say goodbye to democracy, which according to many — most famously so-called ‘minimalists’, including Joseph Schumpeter and more recently NYU political scientist Adam Przeworksi — is just that arrangement which holds elections enabling power to be transferred non-violently in accordance with how people vote.
Blockchain Voting: The Very Idea
A blockchain is, or can be, a way to generate consent about a given issue among mutually anonymous parties who don’t trust one another. It should be obvious why prima facie that might sound like something that would be appropriate for elections, but the devil is in the details. It’ll be helpful to work through an example, inspired by the Bitcoin blockchain.
Imagine we’re a small community deciding whether or not to enact a certain law — an internet forum, open to everybody, for example. Imagine moreover it’s an anonymous forum — maybe it’s a forum for people addicted to drugs, in a repressive state where drug addiction carries the death penalty, and where the laws require sysadmins to hand over registration information, so people are worried about registering even with a burner email address, as it could be tracked down using various fancy governmental methods. So great is the risk that no one has standing ids — like the nchans, people post without any id. Imagine the law was whether we should allow people to post details of reliable sources, which might reduce overdoses but also lead to peddlers.
If we had standing ids, we could do the vote easily enough. The sysadmin could assign a vote to everybody who met certain standards — had posted enough, registered far enough in the past, wasn’t a troll, and so on. But we don’t, and indeed can’t have that. We don’t want there to be a sysadmin with such knowledge of the users.
That’s a problem. Imagine we just open a topic — ‘should we allow people to post reliable sources of drugs?’ Then trolls who want the addicted to suffer could ‘stuff the ballots’ by posting many many times and voting for the option they think is harmful. In such a set up, generating a trustworthy consensus is difficult.
But there is a way to get us close. Imagine that in order to vote we require each person to solve a mathematical puzzle. The puzzle is different for each person (we generate a class of puzzles with different solutions following the same structure and ensure there are more of them than atoms in the universe), and very difficult to solve, but very easy, once one has a putative solution, to verify whether it’s an actual solution. Such problems exist. Then imagine we quantify that it’ll take a typical CPU 20 hours to solve the puzzle. Then we simply open voting, generate the puzzle set, and close voting 21 hours later. To participate, you pick a random puzzle in a truly random way (so that the chance two or more users chose the same puzzle is basically zero), solve it, then, roughly 20 hours later, submit your solution along with the vote.
Now imagine you’re looking at the results of the poll. Every ballot encodes proof that the voter had access to 20 hours of CPU power. If one imagines that CPU power is equally distributed, one CPU per person, then you have a pretty good guarantee that the person had access to only one CPU, and so you have a pretty good guarantee that this is the only vote that real life person made.
Of course, this is conditional. It requires that CPU power be equally distributed. If someone had a mega-powerful CPU that could solve the puzzle in one hour, they could vote twenty times, subverting the system. But it’s enough to make the system trustworthish. And really, this is quite great: we’ve enabled strangers online, with competing interests, to have an equal say in a matter without giving up any details of their identity, and have done so in a way that anyone can verify. Very, very, very roughly, this corresponds to part of how Bitcoin works, or is meant to work, and it’s this greatness that make some people, myself included, see potential in such systems for group decision making and acting in conditions where anonymity is necessary. (This little model also shows where Bitcoin’s energy consumption comes from — we’ve essentially bought a fair vote by using (number of voters x 20 hours) worth of CPU time, which might be a sizable amount of energy. The fundamental question in assessing a crypto system is whether the energy expended is worth the results. Here, opinions may vary, but they should vary depending on how much you value what you get in exchange. For our example, it’s the self-direction of a marginalized group (incidentally, I don’t use this example for cynical rhetorical purposes — I think it’s a good example of the sort of group whom crypto could benefit); for Bitcoin, it’s — depending on your perspective — a new way of storing value that empowers the powerless or a libertarian fantasy (that’s a non-exclusive or).
Now, if you’re with me, I hope you can see why we might think that prima facie blockchain technology might be suitable for elections. It allows the anonymity elections require, and in addition, it is transparent — one can see how people voted, with a pretty good guarantee that all and only actual people (qua actual owners of one CPU) voted. Transparency about its workings is, as suggested above, a necessary feature of a legitimate system for transferring political power. In addition, because this is done online, it evades the serious problems in person voting involves — getting time off work, travelling to polling stations that have been moved out of the way to disenfranchise you, bearing cold or heat or thirst, and so on.
But there’s a problem. Governmental voting is not like our hypothetical forum case. By design, the forum is open to all to participate. We don’t want to limit use. But governmental voting is not like that. Only citizens (indeed, only a subset of citizens, excluding children, perhaps the incarcerated, and so on) can vote. We need some way, for governmental voting to work, to track the identity of the voters. And that’s a problem. Now, it’s not necessarily insolvable, and people are working on it, and will continue to work on it (indeed, the technology might even already exist, in the form perhaps of zero knowledge proofs or ring signatures or things of that nature, along with a much more widespread recognition and uptake of cryptography in the public). What is important to realize is that the inference from being on a blockchain to being suitable for ID-requiring voting is no good. While blockchain holds promise for online voting systems (temporarily setting aside the general adage that no technology is good technology when it comes to voting), it is not straightforward.
But you wouldn’t know that from reading the papers. My aim in this section is notably different from above or below. I want to explore how blockchain voting was presented in a Russian weekly newspaper, Argumenty i Fakty (Moscow edition, henceforth AiF), in the run up to and fall out of the election.
There are several reasons for this. One relates to propaganda: it is interesting to watch how the media develops and sells an idea. AiF is owned by the Government of Moscow and so can be viewed as a state-guided publication, something that will be underscored when we consider what they wrote about blockchain voting. In addition, as a print newspaper, it evidently caters to a different audience than ones we are used to. If you’re interested in Russia, you might read the authors mentioned above, or The Atlantic, or perhaps even take a look at RT. You’ll be encountering things meant, in a sense, for you. AiF is not meant for you — looking at the contents, from pension-reform to pile cream ads, to TV listings (!) it is clear that the audience is different — older, and, well, Russian. And third, as I’ll suggest, observing how the idea is presented to a friendly audience enables one to detect anomalies, which in turn might enable one to locate problems with the official narrative. In this, I am following in the footsteps of Chomsky, where my title comes from, by looking at how governments leak information that doesn’t favour them by simply … saying it.
The elections happened the 17th to the 19th of September, and I will be looking at all four September issues. (It would be nice to look at the end of August, but my subscription only started in September. And if you’re wondering why some random Northern Irish person is reading a newspaper for middle-aged Muscovites — it’s because I’m learning Russian.)
In the first paper of the month, on the front (not the main story) we read ‘Elections With Gadgets’, and we get half a page inside introducing the idea. It’s convenient; it won’t interrupt your holidays; it won’t require you to go into a place with COVID-19 carriers. We soon get to what I think is the most interesting thing I found. Moscow has used what it calls distanced electronic voting before, but this time, they’ve added functionality, such as the ability to ‘defer’ voting
to return to your electronic ballot and to make another choice (the last is the one that counts). Why is this needed? It will help if your internet connection drops or your gadget freezes) (here; you can use google translate for this and everything cited)
The thing to note is that this just doesn’t make sense. Being able to log back in if your connection goes and being able to change your vote if the change your mind are two completely different things, and while the former is important, why would one want the latter? The thing to do, surely, if you’re undecided, is to wait a bit before logging in to make your choice!
But there’s more. Blockchain technology is often feted as being able to produce immutable records, and indeed that’s one of its big selling points: if something is recorded in a blockchain, it can’t easily be changed. You can maybe squintingly see why this is even based on our toy example: it’s because to record something requires energy. A blockchain chains these energy-requiring records together in such a way that to recreate the chain requires re-doing all the puzzles, and so having at one’s disposal very large quantities of energy.
So this is two strikes against the deferring idea: its motivation is obscure, and it’s not a good fit for the technology that implements it. This is in addition to the general worry that blockchains can’t deal with nymous (ID-linked) voting readily.
It goes on to extoll the merits of blockchain for the promise it shows in banking, and for how it means you can’t vote using fake accounts. It cites a study by Deloitte who apparently found scientists from around the world saying ‘blockchain is convenient and safe’ (I’d like to see the whole study!) I’ll note that even for languages like Russian that lack definite articles, these sorts of statements are nonsensical — saying, as we often read in mainstream media, ‘the blockchain is x’ or ‘blockchain allows x’ is basically like saying ‘the database’ or ‘database’ — a blockchain is a data structure, implementable in a bunch of different ways, not a proper noun. In some contexts for some purposes, maybe, some blockchains have these properties. But it’s very dependent on the technology and the purpose it’s put to.
In the second paper, for the period 8–14 September, on the front cover we have the mayor of Moscow quoted as saying that he registered for the distanced electronic voting. We get the same roll call of reasons for DEG — you don’t have to leave your summer house (dacha), miss out on ‘ceremonial finale of barbecue season’ (I think I’ve got that right, though I’m taking liberties with the translation); you don’t have to go among the covid-infected sickies, something especially important for pensioners and people with chronic health conditions. It’s interesting to note the repetition of the same points, as if the paper is concerned with really getting across this message.
On the topic of pensioners, one might wonder whether it wouldn’t be a bit difficult for them? Not at all — they are ‘on familiar terms’ (‘na ty’) with gadgets and can rely on their community and children for help. I’ll return to this below, but recall that i) pretty much nobody understands what blockchains are and ii) it’s a crucial feature of democratic decisions that they be legitimate — not only be fair and trustworthy, but be provably so. With no shade whatsoever meant to Moscovite pensioners, I can’t imagine that more than 0.1% would be able to assess blockchain voting, especially with the information given.
The second paper reveals something that I think was missing from the first: if you enroll in DEG, you get entered in a competition to one one of a bunch of prizes including cars and apartments. A later issue will face head on the question — isn’t that incredibly illegal? Turns out no, but you might wonder about the motives of the prize offerers — is it really to increase the turnout?
In the third paper, whose date overlaps the election, we get a bit more. We hear the same laundry list of reasons to vote using DEG, the same reference to the Deloitte survey. We also get more information about how the system works. We read:
Votes are counted right on the blockchain network — this ensures data security and transparency of voting. As soon as the encrypted voting ballot gets into the blockchain, the system will print the block code in the blockchain where this ballot is posted. After the end of voting, the system will generate a key that will allow decrypting the ballots in a single way and counting the votes. Then electronic votes are summed up with paper ones to calculate the overall result. (here)
I challenge anyone to understand this. You need waaaay more information to assess it than is given, and more information than can be assumed of a typical voter. We also learn about the crucial ‘deferred vote’ feature. It gets its own little box, and again we’re told it’s for the dual reasons of letting you change your mind and guarding for technological problems.
You might think I’m a little harsh to be so skeptical about this dual feature — we do definitely want something to allow you to vote if you internet craps out, and maybe the easiest way to implement that is via a ‘change vote’ feature. Hold that thought.
So how did it turn out? AiF, in the final September issue, tell us: very well. The turnout of online voters was great, no problems were reported. There were delays, sure, but despite ‘hysteria’ on the internet, it wasn’t due to any malfeasance. It was simply that the option to defer one’s vote made the count take a little longer. They quote Putin, whose party predictably won, telling us ‘It was all simple, understandable, and — mainly — convenient. There was no need to hurry, you could do it literally with one click’.
As for the ‘hysteria’ — well, there was certainly a lot of anger on that Sunday night, as the votes for Moscow, the region were Putin’s United Russia party were most shaky, were massively delayed. As Maria Pevchikh, a journalist and an anti-corruption alley of imprisoned Putin opponent Alexei Navalny, put it:
For more tweets, check out Pevchikh’s timeline on the day (by searching from:pevchikh since:2021–09–19 until:2021–09–20) and look through the replies to get a sense of what (some, Twitter-using) Russians were thinking.
So What To Make Of This?
What are we to say? On the one hand, as we’ve seen, the suitability of blockchain technologies for ID-requiring voting is doubtful. The defer vote thing is weird and undermotivated. There were suspicious delays. But the whole thing, if one were just to focus on the media of the time, leaves too little unanswered to be able really to say. We really need, if we want to up our confidence in what happened, to look at how the system actually worked. Luckily, we can do that.
Or rather, a Russian programmer did do that (I feel awkward naming him in case it gives unwanted attention — click through either the above time or the below links for his name). Getting a hold of the source-code, he was able to get to the bottom of how the system might work. He did so in at least three places. Initially, on a computer science forum/site-type thing here, a few days after the election, then with two interview for Novaya Gazeta, the last of which was published 17th October, and which I’ll concentrate on. I highly recommend those with the background click through, look at the github repositories, and check it out yourself — the below is a bit hurried and I don’t entirely understand each part of the system (although the interview is exemplarily clear — I just haven’t spent enough time with it).
So recall where we were. A blockchain is good for certain anonymous purposes. But for something like a government election, it is not. We need to do two things: we want to record the votes. A blockchain is good for that, although the deferral feature makes it difficult. But we want also to make sure that only those appropriately credentialed can vote. And there’s the problem.
Here’s how this problem was solved. Our programmer discovered a separate, private blockchain. In addition, he discovered, or just inferred, that there must be another server. This server is responsible for giving access to appropriately credentialled citizens to the public blockchain to inscribe their vote.
Note that this is already basically game over, from a cybersecurity point-of-view. What it means is that we have some third party, the state, who is in control of assigning to citizens credentials to access the public blockchain to write their votes. But spend some time in crypto spaces and you’re likely to hear: ‘trusted third parties are security holes’. It’s precisely to get rid of dependence on a third-party (whether that be the government and its money-producing capabilities, banks who have a record of all your transactions, or website operators who have your log in details) that you use blockchains.
What is needed to be able to trust the deliverances of the blockchain is a reason to trust the administrator of the server — that they didn’t add or remove names from the register, that they didn’t take the code they assigned to people and use it to vote on the blockchain themselves. These are live possibilities given the set up. That’s problem one that the programmer highlights in the Novaya Gazeta interview.
It gets worse when we move to the private blockchain. It was responsible for keeping track of the ‘deferred’ (changed) votes. My understanding of the mechanics here is a bit wonky, but I think it went roughly like so: once you voted one time, a record was created for you on the private blockchain (this is what’s called ‘group_id’ if you read the interview). Any subsequent vote was recorded directly on the private blockchain as a vote of identified by group_id. Say I vote first for ER then change my mind and go for the communists. I will have been assigned a key to access the public blockchain, which will encode my message ‘I vote ER’. I will, in so doing, get assigned a group_id (say, 1234), and a record will be written on the private blockchain. ‘1234 votes ER’. If I subsequently change my vote, a new record is added to the private blockchain under the same group idea ‘1234 votes communist’. At the end, in theory, the final (temporally) vote of a given group (we are each groups from this perspective — groups of votes by the same person) is the one that counts.
Now, there are some problems here. As is noted in the interview, the system itself is buggy: using the source code, he was able to rig it so that no voter was registered, no ballots were alloted, and yet a given party got 160 million votes on the private blockchain! That’s a problem. More problematically — and here I want to nota bene again I might not be following— the group_id is stored in encoded form, and the encryption and decryption keys are again possessed only by, we must suppose, the system administrators. Having a secret blockchain controlled by a third party — well, that’s not great! I believe that the programmer says that it’s possible to do this: take a legitimate vote, and get its group_id, and then write to the private blockchain a record with that group_id for whichever party we like. (I simplified, look at the bit beginning “Напомню нашим читателям” and google translate.)
Near the end of the interview a helpful question is asked. Recall what we want of a blockchain: we want anonymity, but we also want legitimacy, to ensure that only those who are allowed to vote do so. It appears that, in order to get this, the system designers had recourse to a second blockchain, and the functionality was divided between the two. Note that the system designers could potentially have done this with good motives. If they had done so, it’s just an indication that the technology is not fit for purpose (and even if that were fixed, it wouldn’t resolve the problem that access to the system is mediated via a third-party).
What should we take from all this?
I think there’s a few things of interest to conclude. The first is monitory: returning to the point about how the US seems to be retracing Russian steps in terms of propaganda, we should be on the look out for attempts of this sort of move — the move of introducing bleeding edge, under-understood technology to domains where something’s being understandable is a necessary condition for its being acceptable. Again repeating myself, elections are coming under an information attack in the US and it is necessary to safeguard them by being aware of the ways those attacks might go. It can’t be underestimated how serious the threat is: individual districts can gerrymander, and individual governers compel recounts, but a system like DEG, which would serve as the fundament of a system, would enable its controllers, if they had malign intent, to oversee every single ballot cast. That’s massive. Again from a propaganda perspective, it’s useful to see how highly complicated technology (along with bribes and the promise of uninterrupted holidays) was used to compel acquiescence to a particular form of voting.
The second is slightly optimistic: we have the capacity to at least understand those attacks. Propaganda seemingly can’t help but show its ass by revealing facts that undermine its narrative, and the Chomsky method of simply reading the papers can yield knowledge of how power operates. There are people with the skill, and — still, just about — outlets (like Novaya Gazeta) with the willingness to back them, to understand new systems, so that we can assess things like the technological backbone of electoral systems, and show why we should or should not trust them.