Stop the steal, rock the vote Meduza explains the debate about the legitimacy of Moscow’s online elections
Moscow’s Public Election Monitoring Committee is auditing the results of local remote electronic voting (DEG) during Russia’s recent State Duma elections. The review (not to be confused with a formal recount that carries legal weight) is a rare response to fraud allegations from opposition candidates who lost narrowly after electronic votes were added to the final results. The monitoring committee has defended the elections’ legitimacy and hopes an audit will raise confidence in electronic voting, which federal officials plan to expand in future elections. The effort, however, is unlikely to persuade opposition politicians and experts in blockchain technology (which is the basis for Russia’s DEG system) who say online voting is a “black box” that the authorities’ control completely. Since the polls closed in Moscow, mathematicians, political scientists, and economists have debated the merits of election fraud allegations. Meduza breaks down these arguments.
You’ve clicked on this article, so it’s only fair that we warn you now: What lies ahead is a sometimes excruciatingly dull breakdown of Moscow’s electronic ballots, focusing specifically on the technical obstacles that complicate public oversight. Scrutinizing hour-by-hour voting patterns, blockchain customizations, and voter mobilization strategies, at least in this case, does not amount to a compelling human interest story. But as Russia embraces electronic voting ahead of 2024, when Vladimir Putin’s current presidential term ends, the nitty-gritty of online elections promises to be increasingly important.
A general outline of this text:
- The geography of electronic voting’s availability in Russia’s 2021 parliamentary elections, and how Moscow’s implementation of this technology differed.
- How Russian election officials utilized blockchain technology ostensibly to protect voters’ anonymity, while simultaneously concealing the information needed for real election monitoring.
- Comparing Moscow’s actual electronic voting results to theoretical outcomes expected in scenarios of voter mobilization, voter demobilization, ballot stuffing, ballot reassignment, and combinations thereof.
- Tracking the timing of electronic ballot submissions and spikes in apparent revoting.
Russia offered electronic voting in Moscow and six other regions: Nizhny Novgorod, Murmansk, Rostov, Kursk, Yaroslavl, and Sevastopol
In the six regions outside the capital where electronic ballots were available, the telephone provider Rostelecom was responsible for running the online system. In Moscow, however, this task fell to Mayor Sobyanin’s Information Technology Department and the Public Election Monitoring Committee, headed by Ekho Moskvy editor-in-chief Alexey Venediktov. Kaspersky Lab, a cybersecurity company with close ties to the Russian authorities, was directly involved in designing Moscow’s DEG platform.
Outside the capital, relatively few voters experimented with the new electronic option, but nearly half of Moscow’s electorate (about 2 million people) cast their ballots online.
When the dust settled, the candidates backed by United Russia or the Kremlin won every single race where electronic voting was available. In most of these contests (with the exception of elections in Yaroslavl), they won by comfortable margins both offline and online. Voting in Moscow was different, however. Eight of the candidates with Mayor Sobyanin’s endorsement would have lost their races without electronic votes.
The same phenomenon repeated in Moscow’s proportional-representation voting: Russia’s Communist Party (KPRF) narrowly bested United Russia in paper ballots, but the ruling party collected roughly 450,000 more electronic votes, catapulting it ahead of KPRF. Thanks to these online votes, United Russia finished a whole 14 percentage points higher than the Communists, when all the counting was done.
The other thing that separates Moscow’s electronic voting from what was offered in other regions is that Muscovites were given the chance to change their votes several times before the end of the elections. The “revoting” option was designed to prevent employers from being able to pressure staff to vote (under their supervision) for particular candidates. (This way, anyone forced to vote a certain way at work could change that vote, later on, in private. Only the last ballot cast actually counted.) This was the first time Russia ever allowed voters to recast their ballots.
According to Alexey Venediktov, 300,000 Muscovites utilized the revoting option, and many of these people changed their votes more than once. In total, the city’s online elections system processed more than 650,000 revoting “transactions,” but election observers cannot access these data. Instead, Moscow’s election commission released only aggregate numbers, meaning that revotes were somehow already factored into the final tally.
So who counted Moscow’s “revotes”?
Nobody really knows. The developers behind DEG have explained many times how the system works, though important technical details (for example, how the final tally is calculated) remain a mystery. Developers discussed and described one system but used a completely different, ultimately unknown procedure to count all the electronic ballots.
A more detailed explanation
The original design of Moscow’s electronic voting platform complicated the introduction of revoting. If developers had centralized the platform and actually identified users in the system’s data, they could have enabled revoting simply by updating a single value for any users who changed their votes. To protect votes’ secrecy, however, developers had to separate the processes for issuing and counting ballots by resorting to blockchain technology (using decentralized data storage spread over a network of participants, often referred to as “nodes”). DEG’s architecture assigns one part of its system the tasks of identifying users and issuing ballots, while a separate part of the system actually registers and counts votes. This division of labor is meant to make it impossible to link the identity of anyone who received a ballot to how that ballot was counted.
To add revoting to this system while preserving ballot secrecy, developers had to add modifications that allowed the platform to throw out all but an individual’s final vote.
Independent observers still don’t know how these modifications were designed, though it’s clear that the number of votes recorded in the “old,” main part of the system differs significantly from the results published by Russia’s automated State Information System. We do not know who these additional ballots were for.
All the records of the voting process were stored in the blockchain, to which election observers lacked direct access (except through special restricted computers installed at monitoring points). To watch the blockchain’s data being uploaded, monitors could use a special “observer” website that the Moscow Mayor’s Information Technology Department controlled. Observers say the two different systems reported different data during the elections, however, which could have been due to a delay or to disruptions in the “observer” website’s functionality.
Speaking to the radio station Ekho Moskvy on September 21, Artem Kostyrko, who chairs Moscow’s electronic voting developers’ group, promised to release examples of revoting chains and details about the mechanics that guide how these votes are counted.
An even more technical explanation
In a post on Habr, Pyotr Zhizhin has broken down all the technical details about what is missing from Moscow’s elections data. To try to understand how the electronic voting occurred, Zhizhin downloaded the entire sql (Structured Query Language) archive that was available at Moscow’s blockchain observer website and analyzed its contents.
Using a PostgreSQL database management system, the electronic voting data is arranged into three columns that include decrypted ballots and transactions. Among a dozen kinds of transactions are issuances, receipts, ballot decryptions, and completed votes. Zhizhin also found that transaction data show user IDs only for transactions when ballots were issued, not when ballots were received. Transactions for ballots received don’t even contain a voter’s district number — just an encrypted record of the vote’s result, a public encryption key, and a cryptographic nonce (an arbitrary number that can be used just once in a cryptographic communication).
Zhizhin could find no traces of revotes in the database. In fact, even using the saved hashes for one voter’s two revotes, he was unable to find any transactions linked to a single electronic ballot. This is perfectly consistent with the blockchain structure’s anonymity, but it raises a serious concern: If the public part of the system can’t isolate revotes, it means it’s also incapable of counting the elections’ final vote tally. In other words, we don’t know how election officials actually counted all the electronic votes.
When examining the sql archive, moreover, it becomes clear that more than a third of the encrypted ballots aren’t decrypted at all, and transactions 10 and 11 in the blockchain (at the conclusion of the voting process) weren’t ever recorded.
At the same time, Moscow’s DEG system registered significantly more votes in each district than it issued to voters: the city issued a total of 1,943,590 electronic ballots to voters but received 2,021,969. Both the information available at the official observer website and Zhizhin’s own analysis (the combined numbers of ballots issued and received) confirm these figures.
Based on these findings, Pyotr Zhizhin reached the following conclusions:
- Moscow election officials did not use the data released to the public to calculate the results of online voting because the system available to the public is incapable of counting votes. In special elections to fill vacant seats in the Moscow City Duma, moreover, election officials simply uploaded their final tallies instead of the actual electronic voting data. Due to revotes, the ballot count had to be conducted using some other system beyond election monitors’ oversight. No one in the public has yet found the source code for this information.
- We can’t verify how many Muscovites applied to vote through the DEG system or how many people the system registered in specific districts, but there were far fewer applications submitted through the Moscow Mayor’s website (mos.ru) than the number of voters the system ultimately registered citywide. These extra voters could have registered for electronic voting through Russia’s Public Services Portal (gosuslugi.ru), but the analytics there are different and it is impossible to know if all the DEG’s additional voters who didn’t use mos.ru actually registered through Gosuslugi.
- Using only the publicly available data, it’s impossible to track which vote was a revote and which was a voter’s final vote, meaning that Moscow officials did not release enough information to count the city’s electronic ballots.
- There was a lot of revoting in every district. Everywhere throughout the city, the DEG system received more electronic ballots than it issued.
- During the elections, the DEG system issued blank electronic ballots, and then entered any completed ballots into the blockchain, before decrypting and counting them. The election commission then endorsed the total count. Next, the electronic votes along with the paper ballots reached their final destination: Russia’s automated State Information System, where the data were entered manually. But in each district of the State Information System’s database, a significant number of the ballots received by Moscow’s DEG system were not counted. Due to the system’s opacity, we can’t reliably know which ballots the system discarded as invalid.
- If we assume that the DEG system’s revoting feature was used to counter pressure by employers (who typically urge staff to vote for the Kremlin’s preferred candidates), Moscow’s electronic voting should theoretically have favored opposition candidates. In practice, the opposite occurred.
Okay, so remote electronic voting has its drawbacks, but is there any direct evidence of fraud?
There’s no direct evidence. Opposition candidates say votes were falsified in the part of the DEG system that is inaccessible to outside observers:
- Maybe it was ballot stuffing. Though it’s impossible to know if the number represents actual people, the ballots cast by “surplus” voters registered outside mos.ru may have been fake.
- Maybe it was ballot changing. Using the part of Moscow’s revoting system that was inaccessible to election monitors, it may have been possible to reassign opposition votes to the candidates endorsed by United Russia and Mayor Sobyanin.
Those who support the authorities and defend the legitimacy of Moscow’s electronic voting and United Russia’s victory have offered the following arguments:
- The authorities’ traditional base (namely, public servants, police officers, and state officials) were “mobilized” to vote electronically. The opposition complained that this mobilization violated Russia’s election laws, insofar as some public employees could be pressured to vote at work in the presence of their supervisors or ordered to surrender their voter account information. There is no evidence of such widespread violations, however, which has allowed the authorities’ supporters to argue that the online voting “mobilization” was legal and voluntary.
- United Russia’s advocates also point out that multiple opposition campaigns actively discouraged their own voters from casting electronic ballots, telling people to vote in person where election observers could monitor the process. This amounted to “demobilization.”
In both these cases, the effect on electronic ballot totals would resemble voter fraud: the mobilization of United Russia’s supporters would have the same impact as ballot stuffing, and the demobilization of the opposition’s voters would look similar to ballot changing.
As Tatiana Mikhailova and other economists have noted, however, outside observers can still catch some differences between outright fraud and the mobilization or demobilization of voters. This detection requires understanding the various results that parties and candidates would likely get given different levels of fraud and mobilization.
If the authorities’ candidates benefitted from electronic voter mobilization
Whatever the legality of how Muscovites were mobilized, flooding the city’s DEG system with votes for the candidates backed by United Russia and Mayor Sobyanin would have raised these candidates’ shares of electronic votes relative to in-person voting, but it also would have proportionally lowered the shares of online votes received by all other parties’ candidates.
If mobilization explains the results, opponents’ share of electronic votes should have declined the most in the districts where the online mobilization of the authorities’ supporters was greatest. In Moscow, the city’s eastern and southeastern districts have the most resources to manage such mobilization. Traditionally, the authorities’ candidates perform much better in these areas of the capital than in the southwest, west, and north sides.
If the authorities’ candidates won thanks to ballot stuffing
Ballot stuffing would also inflate the share of electronic votes won by the authorities’ candidates and suppress opponents’ online vote shares, but the shifts would be more dramatic where more fraud was necessary (namely, in Moscow’s more traditionally opposition-leaning districts, like in the city’s southwest).
If the authorities successfully mobilized their supporters to vote electronically and the opposition succeeded in demobilizing such voting
Under these circumstances (which certainly existed in reality), the authorities’ candidates would have won higher shares of electronic votes than paper ballots, and the opposition groups that urged supporters to vote in person (such as the Communist Party and Yabloko) would have won smaller shares of online votes.
The shares of electronic votes for other parties and their “neutral” candidates, meanwhile, would vary from district to district, depending on the support levels for the authorities and the opposition.
Where the authorities have more supporters, they would be able to mobilize more electronic voting, boosting their candidates’ online vote shares to a greater degree than the opposition’s demobilization diminishes its candidates’ shares of electronic voting, ultimately lowering the share of votes for “neutral” candidates relative to paper ballots.
In the districts where the opposition’s support is stronger, we would see the reverse effect: the opposition’s online voter demobilization would reduce its share of electronic votes in these areas more sharply than the authorities could raise their returns by mobilizing supporters, resulting in neutral candidates winning higher shares of electronic votes than with in-person voting.
Where the authorities and the opposition typically enjoy equal levels of public support, the mobilization and demobilization effects would largely counterbalance and “neutral” candidates’ share of online voting would be roughly the same as observed in paper ballots.
In other words, if the authorities successfully mobilized online voting and the opposition successfully demobilized online voting, the candidates endorsed by United Russia and Mayor Sobyanin would have won higher percentages of electronic ballots in the districts most loyal to the authorities, while the opposition’s share of online votes should have fallen to its lowest levels in the districts where opposition sentiment is strongest. Candidates outside these two camps would have performed differently online in different districts across the city.
If votes for the Communist Party’s candidates were reassigned to United Russia’s candidates
The expected effects of reassigned votes would vaguely resemble the combination of mobilization and demobilization described above. The main difference is that votes taken from opposition candidates and “given” to United Russia’s candidates would have left the two groups’ aggregate share of electronic voting unchanged. If these “transfers” occurred in all 15 districts across the city, “neutral” candidates’ share of the electronic vote would be consistent, as well.
So what actually happened?
The graph above depicts how much more or less United Russia (orange), the Communist Party (blue), and all other parties combined (gray) won in electronic voting across Moscow, relative to voting with paper ballots. Clearly, the “other” parties’ performance was generally the same across all districts. Meanwhile, United Russia’s share of online votes was highest not where the party typically enjoys the most support (in Moscow’s eastern and southeastern districts), but in the traditionally opposition-leaning areas, where anyone theoretically trying to falsify the election results in the authorities’ favor would have needed to commit extensive fraud.
These results most closely resemble what would happen if Moscow election officials reassigned votes for KPRF to United Russia in districts across the city, though the debate about this interpretation is ongoing. For example, statistician Boris Ovchinnikov has argued that natural differences in voter preferences might partially explain the patterns in online and offline voting. Journalist Mikhail Zelenskiy, meanwhile, believes that Moscow’s electronic voting resembled a single polling station mobbed by public servants mobilized to vote for United Russia.
But accusing Moscow election workers of “reassigning” votes fails to explain why similar patterns emerged in three of the six regions (Murmansk, Yaroslavl, and Rostov) that also offered online ballots but no revoting option. United Russia’s share of the electronic votes was relatively higher, KPRF’s share dropped, and other parties performed roughly the same offline and online. (Of course, as some have pointed out, electronic voting outside Moscow suffered from other technical vulnerabilities.)
In the three remaining regions that conducted electronic voting, the effects of the authorities’ mobilization and the opposition’s demobilization were evident.
That’s a lot of fine-and-dandy data science, but is there anything more concrete that indicates fraud?
Others have interrogated the election data and found signs of fraud, but the evidence is still circumstantial and ultimately ambiguous. Observers, experts, and campaign workers for the losing opposition candidates have studied the partial electronic voting records released to the public in accordance with the law: anonymized data about when votes were cast and for whom (without any indication of which votes were revotes).
For example, Anastasia Bryukhanova (an independent who ran in Moscow’s 198th district with Smart Vote’s endorsement) defeated Galina Khovanskaya, Mayor Sobyanin’s candidate, by less than two percentage points in offline ballots, but Khovanskaya crushed her in electronic voting by a margin of 13 percent, and Bryukhanova lost the election.
Using data from the publicly accessible part of Moscow’s DEG system, Bryukhanova’s team tracked how Khovanskaya jumped to an early lead in electronic voting on Friday morning (like all the authorities’ winning candidates). In theory, this could be the result of the authorities “mobilizing” voters at their places of work.
Khovanskaya’s online lead slowed on Saturday but exploded to new heights on Sunday morning. The authorities’ candidates in other districts enjoyed the same late burst of electronic support. The voting dynamics during these hours (in this case, the difference in the percentage of votes for the authorities’ candidates and their closest competitors in the opposition) repeated almost exactly across all 15 districts in Moscow.
Just around lunchtime on Sunday, the percentage of ballots cast for the authorities’ candidates mysteriously dropped to what opposition candidates were getting. After an hour, the influx of votes for United Russia resumed before it slowed again for good in the elections’ final hours, when Bryukhanova briefly won more electronic votes.
This kind of synchronized voting across the entire city resembles neither an organic expression of popular will nor the mobilization of the authorities’ supporters based on some set of instructions. Bryukhanova’s campaign argues that the best explanation is centralized online ballot stuffing in favor of Khovanskaya and the authorities’ other preferred candidates.
It should be noted, however, that any manipulation of the ballots submitted on Sunday did not by itself provide candidates with a decisive advantage, given that the ballots at this stage, in absolute numbers, were just a few thousand. That said, if any fraud is confirmed, it would constitute sufficient legal grounds to invalidate all votes submitted to that online polling station.
Meanwhile, the officials who organized Moscow’s DEG system have denied all fraud allegations. In an attempt to debunk criticisms, Public Election Monitoring Committee head Alexey Venediktov shared a graph of electronic voting results in Moscow’s 198th district (where Bryukhanova ran) drawing on data not available to the public that includes revotes.
The graph shows, hour by hour, how many online ballots each candidate in the 198th district won, as well as how many additional ballots each candidate lost in “revotes” (in ballots reassigned to other candidates after voters changed their minds).
Venediktov’s graph shows a sizable group of voters who initially cast online ballots for Galina Khovanskaya but later changed their votes. This is exactly what was expected with revoting, which was designed to protect people from being pressured to vote for certain candidates by their employers. On Saturday evening, however, Moscow’s DEG system registered hundreds of votes for Bryukhanova that were later reassigned to other candidates (the graph makes it impossible to know which). Another burst of revotes appeared on Sunday morning. These spikes occurred at no other time in the 198th district’s voting.
Economist Tatiana Mikhailova argues that it’s unclear why large groups of voters would cast ballots for independent candidate Bryukhanova on Saturday evening and Sunday morning and later change their opinion. The unusual pattern, she says, looks more like someone with administrative access to Moscow’s voting system simply reassigned these ballots to another candidate.
Venediktov’s monitoring committee later published analogous graphs depicting electronic voting results in Moscow’s 14 other districts. In each image, we find the same pattern: sizable groups of voters cast ballots for opposition candidates on Saturday evening and later change their votes to other candidates. This pattern appears in party-list electronic voting for KPRF, as well. Admittedly, the scale of this revoting is not enough to explain all the anomalies found in the DEG’s final results.
Despite all this, there’s little chance of proving fraud and invalidating Moscow’s electronic voting results
The organizers behind Moscow’s remote electronic voting system clearly do not intend to release all the information about votes recorded during the elections. The graphs published by Venediktov’s committee convey just a fraction of the raw electronic data generated during the city’s online voting. Election officials say the reason for this lack of transparency is simply that these data “do not display publicly.” At the same time, the authorities will likely dismiss any circumstantial evidence of fraud (no matter how incriminating it might be).
Whatever happened in the cyberspace between Moscow’s online ballots, we have learned definitively that this particular approach to electronic voting fundamentally lacks the following:
- Ballot secrecy (outside observers still don’t know how the city’s blockchain accommodated revoting);
- Reliable voter registration and verification that everyone receiving a ballot is a real person;
- Public control over voting technology; and
- Public control over the balloting process and counting of votes.
These problems are likely solvable in theory, but it’s unlikely that any fixes are possible in Russia today.
Grigory Golosov, who chairs the European University at St. Petersburg’s political science department, wrote the following plea, a day after the elections:
I hope this will rein in those who advocate “upgrades” to electoral procedures using the Web. It’s a general principle that everything that makes voting easier also makes voter fraud easier.
Translation by Kevin Rothrock