On July 1st, Russia’s citizens will vote to wave the restriction that the president may not serve more than two consecutive terms. Residents of Moscow and Nizhny Novgorod have the option to use electronic voting based on blockchain. Separately, the Russian Supreme Court used blockchain voting during a remote plenary session.
The constitutional vote and Bitfury’s history
Vladimir Putin first came to power in 2000 when the presidential term was restricted to a maximum of two consecutive four year terms. Dmitry Medvedev became president in 2008 and appointed Putin as prime minister. In 2012 the presidency was extended to six years and Putin retook office.
The latest constitutional vote involves changing numerous clauses in addition to waving the two term restriction. If we’re reading the change correctly, the two term waiver only applies to the president in office at the time of the constitutional change.
According to the official site of the Mayor of Moscow, the evoting system was developed by the Moscow Department of Information Technologies using the Exonum enterprise blockchain platform from Bitfury. The company earned significant sums from Bitcoin mining.
Democracy and Freedom Watch (DFW) published an article stating that Bitfury’s Bitcoin mining plant in the Republic of Georgia was given a status that means it’s free from VAT, income and property taxes. That does not per se indicate wrongdoing as many countries offer incentives.
Bitfury’s executive vice chairman George Kikvadze served as an advisor to the $6 billion Georgian Co-Investment Fund Advisory Committee that DFW alleges issued a $10 million convertible note in 2014 to fund the Bitfury plant build (since repaid). A New York Times article references the same loan. Kikvadze’s LinkedIn profile confirms that he had both roles at the time. It also shows he is a founding board member of the Global Blockchain Business Council, which was officially launched by Bitfury in 2017.
Constitutional vote technology
Turning to the technology, the Moscow voting website says: “Blockchain technology works in Proof of Authority mode. The smart contract of the register of ballots is responsible for counting the votes of users, it will save the encrypted votes of participants in the blockchain system, and after the end of the vote, it will decrypt and publish the results in the blockchain system.”
The website further claims that “the only threat to the success of electronic voting is the possibility of a hacker attack. But this probability is extremely small, because the electronic message is transmitted through a closed communication channel.”
Other evoting systems such as Voatz have been criticized for flaws in the apps used to cast votes, so security is not just about the blockchain itself, but what happens before the data is recorded. And despite widespread claims, not particularly related to voting, blockchains don’t automatically ensure security. For example, the nodes that are used for consensus could be corrupted.
One of blockchain’s main claims to fame is the resiliency offered because data is stored on multiple servers. But this only renders a system tamperproof if there is no collusion between those who have access to servers.
Anonymity is another potential concern. The website states: “After starting the anonymization procedure, a unique message link is generated in the network, which disappears (is not cached) after the completion of the nmessage form. The link is formed by the simultaneous generation of hashes containing random “salt” from all subsystems that are involved in the user’s passage to the anonymization procedure. This is an analogue of a blind electronic signature. The hashes that are used to form the link are not related to the personal data of the voting participant.”
“The system for generating ballots, knowing the rules for generating hashes, checks their correctness, and, if confirmed, forms a link to the ballot.”
Supreme Court voting and Kaspersky
Meanwhile, yesterday TASS news agency announced an entirely separate voting solution for the Russian Supreme Court. The session was an online conference, and the voting used Kaspersky Lab’s Polys online voting system.