The “information security regulator” (presumably the FSB or FSTEC) banned the publication of the source code of the remote electronic voting system (DEG) until the end of the vote count. This was stated by the organizer of the DEG, an employee of the Moscow City Hall Artem Kostyrko to candidates Alisa Filyukova and Nikita Ilyin, despite the fact that this information should be published. An audio recording of the meeting is available to The Insider. Programmer Petr Zhizhin, who studied the voting code last year, argues that without this data, it will be impossible to draw independent results.
The mayor's office said that the immediate release of the source code is considered unsafe by "information security regulators." Candidates filed a complaint with the Moscow City Electoral Commission (MGIK) because of the refusal to provide them with information.
Filyukova and Ilyin came to the Public Headquarters demanding to receive the source code for deciphering the public database. At the same time, they requested a code without the keys themselves, which, according to the rules, are published after the end of the voting. Candidates demanded smart contracts, a voting form and a ballot, as well as cryptographic libraries that are responsible for generating encryption keys.
Kostyrko refused to provide all this and said that the authorities could not upload data to the Github service for hosting IT projects, since the files posted there had changed, and they did not know of another service where they could be published. At the same time, the source codes of the Federal DEG system were published in advance in the CEC Github account, where Kostyrko refused to publish the data. Kostyrko also refused to write down the program on a flash card and promised that at the end of the voting, the public headquarters would agree on where to post the information.
Programmer Petr Zhizhin, who studied the code last year, explained that it is important to have access to the source codes of the DEG system. According to him, last year he discovered that the summing up was used the second "secret" blockchain, which stored the results of the "votes". In addition, some schemes were used to violate the secrecy of the vote. Due to the fact that the authorities refuse to publish the code, such an analysis remains almost impossible this year, says Zhizhin.
“We have a hypothesis that the secrecy of the vote will be violated due to a new way to encrypt candidate IDs. We see that the system has changed a lot, but we cannot understand exactly how. We will not be able to independently sum up the results of the vote and make sure that the votes were not, for example, rewritten to some other ones.”
In addition, Zhizhin told The Insider that the attackers could not use the source code even if they wanted to. He explained that last year, even with the source codes, everything went without hacks:
“Even if you decide to try to hack something, then you should not have any necessary keys and accesses. Observers don’t even have network access to the systems they need, only secure APIs.”
According to him, a large number of systems that we rely on in everyday life are open source systems. These include browsers and the Linux operating system.
IT specialist Petr Losev also claims that the test version of the DEG is fundamentally different from the final one, because independent observers will not be able to decipher the final one. Voting stalled at least twice, he said, and during one such problem, "suddenly 7,000 votes popped up." The analyst clarified that no one will be able to find out how many people voted for a particular candidate, this became known on the voting day.
In a conversation with The Insider, Losev said that if you build a minute-by-minute schedule for the operation of electronic voting, you can find "holes" – that is, at that time the system worked, but no operations took place.
“One of these failures was on September 9 from 15:52 to 16:15 – it was simply impossible to vote. That is, you could vote, but your transaction was not recorded on the blockchain, and when work was restored, he recorded all the votes at 16:15. Most likely, it was just a technical glitch, the voices have not changed, but this needs to be checked.”
The second failure, according to the analyst, occurred on September 11 at 13:41, when about 7,000 votes arose. He explained that all votes are recorded in multiples of 100 so that the voter cannot be "de-anonymized": "People vote, and if the number of votes becomes a multiple of 100, then the system selects a block that is a multiple of 100 and records it." So, if 550 people voted, then the system writes: “500 people voted this minute”, and transfers the next 50 votes to the next minute and writes it down in the next multiple of one hundred.
“And then all of a sudden the bloc formed something like this. The votes are always a multiple of a hundred, you can see it on the DIT showcase, and then suddenly at 13:42 a block appeared in 6921, in my opinion, which is not a multiple of a hundred, and I don’t understand how this is technically possible. Perhaps it was a glitch, but not clear. There is some trick here."
Due to the fact that there is no open source blockchain, it is impossible to check what kind of failures were at this time, Losev adds. He suggested that the failure at 15:45 could be technical, but the analyst does not know how to explain another problem.
“I can’t say that it was a stuffing, but I have no evidence that this is a technical glitch. This is some kind of anomaly, and how to interpret it – we need to dig further. ”
On the morning of September 12, it became known that the incumbent heads of regions representing United Russia won the gubernatorial elections in almost all subjects of the Russian Federation. Before the September elections in Russia, criminal and administrative cases were launched massively against independent candidates. Most of them are charged with articles on the demonstration of prohibited symbols (part 1 of article 20.3 of the Code of Administrative Offenses). After the institution of criminal cases, candidates are deprived of the right to run for elections for the next year. So, in August, a candidate for municipal deputies Nikolai Kasyan was detained , for similar reasons, charges were brought against Marina Litvinovich, Mikhail Menshikov, Vadim Korovin. and Tatyana Kasimova .