Russia scales up electronic voting for key referendum, but misses security issues · Global Voices
The delayed Russian referendum on constitutional reform goes ahead this week as the country emerges from many of the quarantine measures imposed over the past few months to control the spread of the COVID-19 virus. The referendum is being held to amend the Russian constitution, and was unveiled in January. The proposed changes most notably mean that President Putin can legally remain in power until 2036 by making him eligible to stand in a further two presidential elections, should he wish to do so.
Holding a referendum for these changes is not required by law. Such amendments can and have now been authorised by Russia’s regional legislative assemblies. However, the referendum is seen as a show of public legitimacy for these changes. As such, it is important for the authorities that the turnout is seen to be suitably high. Divided opposition movements have been in debate as to whether or not the vote should be boycotted. Meanwhile, the move towards online voting has been presented by the authorities as a move to protect public safety during the COVID-19 pandemic but it also represents an opportunity for the Kremlin to encourage higher voter turnout.
How will it work?
As this is Russia’s first experience of online voting for a national vote, it is to be expected that the promotional material for online voting emphasises both the utility and convenience of online voting but also seeks to reassure users of the security of their ballot. For the upcoming referendum, only eligible citizens in Moscow and Nizhny Novgorod region; the two regions most hard-hit by the COVID-19 pandemic in Russia, may cast their ballots online. These citizens of Moscow and Nizhny Novgorod region will go to the online polls between 25-30 of June. The population of Moscow is around 11.9 million and Nizhny Novgorod region 3.3 million, so these represent a significant number of voters. The time allowed for in person voting has also been extended to cover this time period, in order to avoid queuing at the polls, but there has been a strong push for citizens to use the online voting technology.
The process for voting online for these eligible citizens is as follows: Users register with the local authorities to vote online utilising the Gosuslugi state services portal. To register, users are required to utilise their domestic passport number, pension number or taxation number in order to validate themselves. They then authenticate this account with their phone number. Users accounts utilise simple password protection. Once the account is validated with the above details, users can access the online portal from any computer or smart device and cast their ballot digitally.
The videos promoting online voting enthusiastically hail the integrity of the ballot, which it claims is secured by blockchain utilising distributed ledgers. This platform is a result of state collaboration with private firm Bitfury, a company most noted for Bitcoin mining.
Yet some basic security procedures for ensuring the voter is who they claim to be online are lacking. Additionally, while the video highlights how distributed ledgers protect the integrity of individual votes, the attention to security detail is almost entirely focused on the possibility of outside hackers. It does not address either the possibility of abuse internally nor does it consider the potential abuse of voters themselves.
For example, it does not explain what safeguards exist to prevent actions such as voters from casting a ballot twice (both online and then by subsequently voting in person) . The same promotional video also claims that this system is the only system in the world that provides anonymous online voting, a claim which is demonstrably false. Indeed as this analysis highlights there exist alternative e-voting systems with much more rigorous security procedures.
Who else votes online?
Russia’s neighbour Estonia has been operating online voting since 2005. The Estonian experience with online voting is the world’s most comprehensive and Estonia remains the only country to hold all of its elections (local, European and national) with the option to vote online for all citizens. The original goal of the introduction of online voting in Estonia was to stimulate turnout numbers as well as lower the costs of hosting elections. Whilst the former goal has been relatively unsuccessful (turnout is steady and reflective of most western democracies), the latter has been a success. Estimates suggest that a ballot cast online involves half the costs of casting paper ballots. Whilst overall turnout is largely unaffected thus far, there has been an increasing uptake in the numbers casting their ballot online over time as confidence has grown in a system which also utilises blockchain to guarantee the anonymity of the ballot.
Other nations which have also dabbled with online voting including Switzerland, who have offered online voting for citizens living abroad in 2015 and has periodically introduced online voting within specific cantons. However, as with many other nations, scepticism regarding security has limited the more widespread adoption of online voting, and critics have labelled the Swiss approach piecemeal. Similar approaches have been utilised and subsequently abandoned in Norway.
The Estonian online voting experience is largely defined by the digital identity or eID of users. Every Estonian citizen is automatically issued with a digital identity from the age of 15 which is attached to their state issued ID card (an alternative Mobile eID is also available). The digital identity is integral to casting the online ballot in Estonia. Voters must identify themselves online with their digital identity. For the user’s identity to be authenticated, the user must possess their ID card (which contains a chip) and the 2 PIN codes for that card. The card must be inserted into a card reader in order to generate the private key needed to cast a ballot. The MobileID process meanwhile requires a MobileID compliant SIM card as well as a physical e-ID card for authentication, meaning the voter must have not only valid login details and codes but also physical documentation simultaneously.
A voter must possess an ID card or a phone with the prerequisite MobileID SIM and then combine it with the valid security codes for an online ballot cannot be cast. This ensures, within reason, that the ballot is being cast by the correct person. Furthermore, the ballot can be cast and subsequently changed at any time during the voting period. This is a further security mechanism to prevent coercion, so that if a voter was to be coerced into voting a certain way by someone in person they could subsequently change their vote later. Whilst even these steps have left many outside critics unconvinced of Estonia’s online voting system, they represent an additional layer of security which is absent in the current Russian approach.
A question of trust
Whilst conclusions on the Russian experience of e-voting at this stage are premature, based on the information available there seems to be a notable vulnerability at the users end when compared to the Estonian experience of e-voting using a digital identity. There is also a piecemeal implementation which is arguably reflective of the nature of vote itself as a rushed endeavour. This comes also against the backdrop of falling approval ratings for the president (albeit these ratings are comparably quite high by the standards of western leaders).
There are certain allowances to be made for the first time any procedure is used. But it is important to note that e-voting has been used fleetingly for more low-key local votes in recent years. This experience could and indeed should have been used to improve security procedures, as could consultation with other nations already utilising e-voting. Online voting cannot be introduced overnight and will invariably develop over time, as the Estonian experience demonstrates, but the failure to learn from others experiences should not install confidence in voters that the current Russian approach to e-voting is rigorous enough to be considered secure.
It is vital to note that any online transaction will never be 100 percent secure and this is true of e-voting also. E-voting always carries an inherent risk and requires significant trust in the state to properly and impartially conduct the voting process, as well as protect the integrity of votes themselves. Citizens must fundamentally believe that neither the state, nor outside actors, nor fellow voters themselves will manipulate the process covertly. This applies equally to both Russia and the western states cited within this analysis. Trust comes from the wider actions of a government but can be enhanced by the safeguards and procedures built into the online process.
Significant research will be required to further explore Russia’s e-voting experience after the event. Indeed the online turnout promises to be one of the most interesting aspects of a referendum where the result is all but certain. Especially given there have been reports of employees in public institutions being coerced to register to vote online.
Nevertheless, based on what we know thus far, there is some reason to doubt the integrity of Russia’s e-voting based on the procedures and lack of safeguards.
This article was originally published by oDR, openDemocracy’s section on Russia and the post-Soviet space. It is republished here with permission, and has been edited for style.