Why to worry about ‘electronic voting’ in the proposed referendums on Ukraine
Yesterday, September 19, the head of the DPR, Denis Pushilin, discussed with his colleague from the LPR, Leonid Pasechnik, the need to synchronize further actions on the referendum. Voting is expected to be electronic. The authorities of the Kherson region announced a statement on the issue of a referendum on joining Russia on September 20. Ponomarenko speaks positively about the electronic voting system (here, translation google’s)
In the last couple of days, the leaders of occupied parts of Ukraine have proposed referendums about becoming part of Russia. And it has been suggested that they use ‘electronic voting system[s]’.
This has raised alarm bells (and some jokes — search in Twitter the phrase “дэг”, about to be explained, and you’ll see people posting memes about turning up to vote for another party even though you know your vote will be rigged for Putin’s United Russia; another points out that if they use distanced electronic voting, great, the turn out will be 300%!)
Behind these jokes is a serious and now quite long-lasting problem with Russian elections. For at least the past three years, various iterations of this so-called distanced electronic voting (“дэг”, henceforth DEG) have been used in various types of elections in Russia, and in every case grave worries about its legitimacy and technological adequacy have been raised.
If the powers that be are going to try to use DEG in the referendums, these issues, which have formerly, as far as I can tell, gone mostly unreported on in the English language press, will become important, so I want to give here a very brief rundown of DEG, how it works, and why to worry about it. I want to very much stress that I’m just taking (with citations) information from people who work on this topic at great length (and probably personal cost). They are the ones to be consulted; and any errors — which there definitely are, since I’m not a psephologist who focuses on Russian elections — are my own. But even with that there’s enough to be worried.
Let’s start with a meme, which I straightforwardly steal (quote?) from this Tweet:
It shows the grim reaper knocking at different Russian elections; after the recent news, there should be a new door reading ‘referendums’.
The meme-maker, Roman Yuneman, is one of the people whom one should read on this topic, and his 73 page analysis of the 2019 local Moscow Duma elections, in which he was a candidate, is an important thing to read (at the site, evoting.ru/en, there’s a brief English synopsis — the link to the whole report in English seems to be down). The story, in brief and as I understand it, was that he noticed a discrepancy between the overall votes that he (who came second), the winner, and the third place person got. It was an election which trialled the first iteration of DEG — a hybrid system, which has remained the case in subsequent elections, was used, whereby one could either vote electronically or in person. The discrepancy arose from the difference between the votes he got in person and electronically; while the overall result was extremely close, a matter of about 1%, the overall winner — representing Putin’s party — got pretty much close to fully half of the electronic votes.
I don’t know the causality or the guy’s life story, but presumably that spurred him to write the above-referenced document. A key problem was that the distanced electronic voting rendered the crucial role of election monitoring undoable.
Recall some basic facts about elections. An election needs to be scrutable. As the saying goes, justice doesn’t merely have to be done, but be seen to be done. One way this is accomplished is via observers or monitors — a neutral body of people who can ensure that no funny business happens, record and act on complaints, and so on.
Per Yuneman, the DEG made this crucial role unviable:
Remote electronic voting nullified the institution of surveillance. In fact, the observer was deprived of the opportunity to directly control the process of issuing ballots, voting, counting votes — the entire procedure for conducting the EG remained closed.
Immediately after, he notes the ‘opacity’ of DEG as the fundamental characteristic of DEG. One of the big problems here was the underlying technology. The system used was a blockchain, on which see more below, and while it’s not 100% certain that it’s a bad idea to use blockchains to vote, it is like 95%. In addition, the particular code used was inaccessible to outside observers (a crucial need for a blockchain, if a blockchain is to have any credibility), and the particular ‘smart contract’ (a generic name for the distributed programs blockchains — themselves distributed computing systems or databases — run) that was used had a problem that enabled one to vote in more than one region.
Based on this and more, Yuneman said, at the top of the quoted thread, about the 2022 elections, and having extensively studied the previous ones, ‘if we don’t vote in person, we’ll be deprived of our vote’.
There is more to say, but suffice to note that in this first instance of DEG, many foundational worries were raised. A question will be, if something like DEG is to be used in the referendums, whether these worries have been resolved. You can maybe guess the answer.
I’m afraid I’m going to completely skip the role DEG played in the constitutional referendum of 2020, about which I either couldn’t find any good information when I looked at this topic a couple of weeks ago or which I’ve lost whatever I turned up. Let’s move on to the third door in the meme, the national elections of the Gosduma in 2021.
In the 2021 elections, there were some strange things. Electronic voting was strongly recommended, its convenience was extolled in the tabloids, and footage of Putin and others doing it, and remarking on how easy it was, made news. Moreover, those who registered to vote electronically were entered into a draw to win prizes, prizes funded (I think this is right) by the state.
You can read about the propaganda surrounding DEG in 2021 here. Suffice to say, some people really wanted people to use it. Moreover, there were further technical problems. As I note in the piece just linked, certain features — such as the capacity to change one’s vote numerous times — are prima facie weird.
Much more importantly, a Russian programmer got access to a version of the blockchain software used and was able to show how one could manipulate it — in the piece I just linked to there’s both a technical account with code and an accessible and highly recommended interview (you’ll have to put it through google translate, but that’s okay).
There were just elections a couple of weeks ago. And again, they used DEG. The rhetoric seemed, at least as far as I could tell, more subdued, although there was an ominous (and blatantly false) Telegram shared by Solovyov about how naysayers were trying to prevent the technological inevitably that was DEG being used in the 2024 presidential elections.
It should be noted that at least some of the problems that arose last year were fixed. They got rid of the weird multiple voting thing.
So all good? No. There were at least two problems noted with these elections. My information comes from the group Golos, who helpfully have an English site, and who are deemed foreign agents by the Russian state (typically, a sign of reliability). The first is a rerun of what we saw in 2019: there were weird discrepancies and problems. One story one reads in several places is that DEG doesn’t necessarily need technological trickery to work: what one does is simply compel governmental workers to vote and vote early using DEG, so that a preponderance of votes for the in-power party come in early (see here).
We had the same problem of auditability:
The experts and election participants did not have the opportunity to analyze the program code of all components of the systems for vulnerabilities and “bookmarks”, since their current versions were not published, as well as the technical documentation for the systems. At the same time, even if the program codes were published, the election organizers did not provide tools for comparing the executable codes of systems with previously published code for comparative analysis. The configuration files of the systems, which contain key information about the settings of electronic procedures, were not published either. (here)
We are told that there were similar strange anomalies between the DEG and the in-person voting, and, summing up:
in the results of the DEG, not only administrative candidates (United Russia, Moi Rayon) receive an increased percentage, but also some technical candidates who did not show themselves during the campaign, and sometimes the candidate from the independent team of candidates (usually the least known). Such anomalous candidates usually received a safe number of additional electronic votes for the victory of administrative candidates (here)
So, even if there’s been some slight ironing out of technical kinks, as of this very month DEG remains an untrustworthy way of collecting opinions.
In sum, I think the evidence speaks for itself. Even absent stories like the above, anybody should be concerned about electronic voting (as I said, I’m no psephologist, but this is one thing I think I can be confident they’ll agree with me about). And given the stories, now spread out over three years, and the arguably strange keenness of the administration to use DEG, one should be very wary of any referendums using it or similar technology. There will need to be differences, of course — the announcement of a referendum came with a promise of independent observers who will make a fuss in English if things go badly, and there will no fewer state workers that one can digitally bus in to tip the scales. But there’s still reason to worry about digital voting in the referendums.