Grigory Bakunov


Yandex Technology Distribution Director Grigory bobuk Bakunov on the air Points " to " Echo of Moscow »shared his opinion on the voting system that was used in the elections to the City Duma in 2019 and in the voting on the constitutional amendment in 2020. An interesting analysis of technical details for non-experts was obtained. There was already a good publication on this topic on Habré.


The transcript below is broadcast by Alexander plushev Plushev. His replicas are bold.


- I didn’t do it myself, but I helped another person to participate in this online, so I still watched the whole process, and now I know him.


- So he did not vote secretly? Was the secrecy of the vote violated? I ask you to pay attention to this by the Central Election Commission.


- Of course. And this is also a good indicator, as it seems to me, because, pay attention, nothing prevents children from helping their parents with online voting, and helping children with parents.


- What is not allowed on real sites. If you go into a booth with someone, then observers, and even members of election commissions, will most likely expel you. It should be. I came across this.


- Well, if they themselves didn’t go there first and do not help you vote correctly. So, they say, it also happens. In general, I understood a little how this process works in reality. And I am somewhat disappointed. Because Ilya (Ilya Massukh, head of the headquarters for monitoring the progress of electronic voting in Moscow - approx. Ed.) Told us that everything will be arranged a little differently from what it was during the voting that related to Moscow. Last time it was the Moscow City Duma, it seems. Unfortunately, everything is almost exactly the same.


- So what do you mean? First of all?


- That this is the same, by and large, blockchain, which, in fact, is quite fictitious. That this is a process in which most of what relates to our security is, in fact, done at a completely fictitious level. And it is unfortunate that no one listened to technical specialists here. I specifically went to the Internet to see if there were smart people who wrote before that: “Guys, here’s how it is.” And there are a lot of articles that tell how it should be, how it could be done so that technical specialists believe in all this. But, of course, this is, honestly, no one needs. You can directly analyze. Now let's start from the very beginning. Look, we were told many times in different sources that this is a blockchain. So nothing can be faked. But this is, in fact, a monstrous deception. In this case, a generally good, high-quality implementation of the blockchain is used. This blockchain is called Exonum. This is a pretty cool development, very high quality, in which people have put a lot of effort into it so that really nothing could be faked. If not for one but. There is such a structure in which there are nodes that write data to the blockchain, and there are validators. Such a system, which every time confirms that what is written on the blockchain is recorded correctly. And there is an incredibly complex design that validates all this. It is thought out so that in order to convince the system to write fake data, or to say that some part of the data is fake, you need to take possession of more than two-thirds plus one node. That is, if you have ten of them, then you need to have seven nodes in this system to say that the record that was made on the blockchain is incorrect. But there is one subtle point. I specifically went and specifically checked. All validators are, in fact, state owned. All to one.


- Explain what this means.What is this fraught with?


- At any time, any set of changes can be made to this blockchain. And these same validators, since by and large they belong to one particular state, can be changed, and new data will be written to the blockchain, which, in fact, cannot be rolled back later. It will not be possible to say that this data was not available.


- That is, you now, as an expert, declare that electronic voting may be subject to subsequent changes in its records, right?


- It may be subject to change in the process. What does it look like. Look at the idea of ​​the blockchain. The fact that in each subsequent record there is information about previous records. Thus, if you want to change some record, for example, five from the current moment back, you will have to change not only it, but also the five subsequent ones. So in the current situation with the current blockchain, it is quite easy to do, this is a simple story. We talked about this also during the Moscow elections. Since then, nothing has changed globally, unfortunately. At the same time, look, at the heart of this original blockchain, which is called Exonum, it even provided for this a special feature called Anchoring. Well, how to say, "anchoring." The idea was this: once in a while, write down the checksum, that is, record information about the transactions that went through this blockchain into another blockchain that is not dependent on it. For example, in the Bitcoin blockchain. In a system that is exponentially independent, and therefore you can’t do anything there. Of course, this feature was turned off, drank and not used. Exonum had a separate entity called “audit nodes”. Which cannot write anything, but which can only verify information. And which could be issued, I don’t know, for example, to me or to you, so that you are the leader of this site and can watch what is happening there. But they were not provided either. There was no classic story about a new blockchain called “deployment control”. This is such a practice in which, when a new blockchain is deployed on servers, special people come in to control that there are no fakes in the blockchain at the time of deployment, there are no obscure actions inside. You understand, now the only thing we know about the current blockchain is the current transactions that are going through it right now. But we do not know if a large number of other transactions have been reported there before. We don’t know anything about it. A lot of additional information... Damn, I'm sorry that I say a monologue.


- Come on, interesting.


- I dug a lot of additional information. And here is the article that you threw to me... Thank you very much for it, because of course I would not have taken it myself, but I just checked it. Indeed, it turned out that a fairly simple set of actions can confirm that the vote was arranged... That's how it is now, look. You go to the site. For simplicity, mos.ru. You get, roughly speaking, permission or a ballot for voting. A special line is generated there in your own browser, and after that, attention, this line is sent to a server called elec.moscow. I went specifically to look at the addresses where these wonderful servers are located, which are called elec.moscow. And there, all of a sudden, you know, such strange things: the Moscow Ministry of Health, a thing that, so far, I still don’t know what the Moscow District Council is. Can you tell me? I don’t know.


- District Council?


- Well, probably... I don’t know what it is. Nevertheless, these are all Moscow state organizations. That is, when we were told that this voting site, which will issue this intermediate page, will be on independent sites... Well, that’s how independent they are. That is, they belong to the Moscow government. These are the nodes that I was able to go through. What is the trick here. That you get a really unique identifier, which kind of like mos.ru does not know. But this intermediate site, called elec.moscow, he still gets it. And this, in principle, is enough in time to identify and connect you as a person using mos.ru.


- Look, as a result, you have already found out two things: the first thing is that the vote can be changed, right?


- In the process, you can mix it up, yes. And change as you want, everything is so.


- And the second thing that you can control it.


- You can verify that a particular user mos.ru voted. How exactly he voted - a difficult question, you can find out or not, because... That's the subtlety that we talked about last time. In order to find out what kind of voice it was, in whose favor it was cast, you need to perform this exercise. At the moment when the voting began, at the very beginning, several keys were distributed to various significant persons, including, as far as I remember, one part of the key is located at the general director of the radio station where we are now, if I am not confusing anything. Last time it was like that, I think this time exactly the same.


- The editor in chief, you mean.


- At the editor-in-chief, please forgive me, but why did I say "to the CEO"?


- I don’t know.


- Probably worried. Well, you understand me.


- Yes.


- It seems to me that everyone understood. And in this design there is a thing about which we must exclusively believe: that the separation of this key was not accompanied by any preliminary recording of this key. That is, the key was distributed, but it was not previously glued anywhere. Roughly speaking, we must take a word to believe that this key does not exist right now, and it will exist only at the moment when these N representatives, I don’t remember, I think, their five people will come together, put this together key, and then there will be a common key in order to check the information on the blockchain as it is recorded. I think that, in fact, of course, at least for reliability, in order to be sure that everything works, this key is stored somewhere. And this means that even by itself a voice with a very high degree of probability can be seen. And see exactly how you voted for. It seems very strange to me the whole structure, which was built around the site of the observer, on which it was possible to see the blocks. Firstly, there was a fairly large number of breakdowns on this site. I don’t know about you, but I always have a lot of questions when a site starts to break down, which shows me information about what is happening in the system. If even he breaks, it means that complete chaos occurs in the system. Usually like that.


- Wait, what kind of site do you mean?


- There was a site called observer something there. I don’t really remember. This is such a site - formally for observers - on which you could see how transactions are recorded on the blockchain. It still works, I can open it right now out of interest, somewhere I even recorded it... Well, in general, there is such a site. It is publicly available. And if you look at it, right now you will see that the transactions that are going on in it... This is such a traditional story, there are transactions, blockchain transactions. Very strange fluctuations constantly occur. Here is a blockchain block in which there is one entry, here are zero entries, here is one entry, here are zero entries, here are thirty-five entries out of the blue.


- Do you mean constitution.observer?


- Yes, yes. Something was there. Unfortunately, I don’t really remember.


- No, I'm afraid not that. True, I didn’t even know about this.


- You can see, with you somewhere in the news there was a link to this site. No: observer2020.mos.ru. I'll send you a link now so that you look at it. So, in fact, on this site it is very interesting to watch what is happening. I don’t really understand why such fluctuations occur there, when sometimes zero, sometimes one, and sometimes fifty records fall into one block, but let's say that this is normal. But when it turned out that this site for some reason periodically crashes, breaks down, despite the fact that five disabled people come to it... I’m not talking about specific people now, but in the sense of five people who occasionally click on something. Five, ten, fifteen, several hundred people. This, in general, is all the little things for the website, of course. I have a question about the qualifications of those people who launched this site.And, of course, when it turned out that this site had directly specific problems. For example, there were several hours when data on these same closed blocks were not shown at all, that is, zero files were created, and there was absolutely no way to see their history. And, as far as I know, this story is still not fixed. We can only believe that there were no changes in the blockchain at this moment, because we are not allowed to access the blockchain itself, they only provide us with such a web interface in which we can see that in block number 1452184 - zero transactions. Or one transaction.


- Yes, yes, yes, there is such a thing.


- In general, all this as a whole causes a feeling of wild chaos and... Let me tell you so. If one of the IT specialists in the IT companies suddenly began to make such an interface with such quality, he would not have worked long on this job. It is just a sensation done with the left hind leg without any desire to do well. To be honest, I’m somewhat surprised.


- You know, one thing, done poorly. Well, just because of low qualifications. In the end, it’s even possible to understand, because the competition in your programming market is very high, and you still need to find money not only for lighting the city, not only for changing the border, not only for holidays, but also hiring qualified programmers. And they are not enough due to the above reasons. Here, in general, you can understand. It’s one thing when it’s like that. Another thing is when it is done to one degree or another consciously. In order to be able to somehow influence the results of electronic voting. What do you think about this? Is it sloppiness or conspiracy?


- Well, I often said that one should not try to explain with malicious intent what can be explained by banal patriotism. And in this particular case, I think exactly the same. I'm not sure there was a big conspiracy there. But the fact that there is left the potential to be able to change the current records is absolutely accurate. He is there. Just by the structure of how the project is structured. Does this mean that there were fakes, some stuffing of votes? Unfortunately, I cannot say this. Just like I can’t say the opposite, because, I repeat, we have no way to look at this blockchain.


- Yes, but you say that the possibility that these frauds were left is left.


- I say this. That in the original open source blockchain, which is used in the basis, much has been done in order to prevent the possibility of falsification. All of these things were cut. I do not think this was done for simplicity. No, this was done in order to more control what is happening. I don’t see any other explanation.


- I see. Listen, I also wanted a few pieces... For me it is a very ridiculous situation that the site that we have been advertising for a very long time, 2020og.ru, so it crashed on the morning of the first day of voting and still, most importantly, did not get up. There, in fact, there is an information site, and there is a site on which its voting takes place on its subdomain. Here the information site has fallen and lies. And does not get up. That is, formally, if this were the only place where you can find out about amendments to the constitution, then you would not know anywhere else, because that's it. What did they do. They just made a call forwarding. If you go to 2020og.ru, then you go to vote. And they tell you whether you can vote or not. All. Everything else is over. This is the CEC project, it is no longer a DIT, it was done by the CEC by the Central Election Commission of Russia. And now, apparently, this is from the same series that Grigory Bakunov spoke of about the highest qualification with which all this was done. Well, because, what can I say. What is it, they did not calculate the load and realized that even if it is lifted, is it better and not necessary? Or what, explain.


- Well, I have no explanation. I think the reason here is that the site simply frankly could not withstand the load. Programmers, generally techies who make websites, have such a tradition: we, before starting any service, have such a good word, we fire. We run through it a large stream of fake, as if user-generated, traffic, checking that the site can withstand the load. In this case, apparently, no one bothered.So we got this result. And the fact that errors occurred on this site with the block explorer does not surprise you at all, right? That is, when it became clear, for example, that reports were not being generated that seemed to be promised to us. That there will be directly real voting observers who should look at the reports.


- Are reports something you can download from there?


- Yes. When it just did not form. That is, no, not so, I'm lying. It was being formed. The visibility of the fact that there are reports was. Just the reports were zero length.


- Ah, that’s what Open Media wrote about the failure, which... Listen, why did this failure happen that the Open Media wrote about? Let me just remind you what it was. The main thing is that DIT Moscow admitted that a failure has occurred. “The organizers of the plebiscite did not calculate the size of the files and forgot that with a multi-day vote, not only time, but also date should be indicated. Since the evening of the first day of voting on constitutional amendments, the Moscow Department of Information Technologies has published empty extracts from the blockchain system for monitoring electronic voting for more than 12 hours, Open Media found. As the publication managed to find out, the problem was due to problems related to file size. " But it doesn’t explain why, in fact, the file size turned out to be unpredictable.


- I don’t know, but what size was unpredictable? Odd or what? What is “unpredictable size”? You knew in advance how many people would come to vote. It was known in advance that more than a million people. What file sizes can there be? According to experts and the rare comments of the person who directed all of this, I don’t know whether you can call him a specialist or not, the whole problem was that.


- Are you talking about the head of the smart projects department of the Moscow government Artyom Kostyrko?


- Yes, yes. In the sense that he had a direct speech that they did not have time to take all the data from the blockchain that needed to be laid out in the report. But, I'm sorry, but you could not verify this in advance? Here again... I do not know... Here was the same story with a vote in the Moscow City Duma. This is the second such vote, and it is still just childish mistakes. And now, I repeat again. We techies have a simple rule. Well, let me translate something in a car way. If you are sitting in a car that is supposed to take you, I don’t know, there, a thousand kilometers, and on your dashboard the buttons fall off. Will you ride such a car? I don’t know about you, but I don’t, because I think the same thing in the engine. Buttons do not work either. I mean, nothing works in the engine. God forbid it explodes. And I have the same logic regarding this project. I look at him, I see how he works by external signs, and I think that everything inside is just as terrible.


- I see. I want to say that we called Artyom Kostyrko today. We thought that enough with Ilya Massukh - with all due respect - to speak. We talked before the vote, and now that the system is working, we would like to talk with Artyom Kostyrko. But he could not visit our program today, including remotely. So, maybe you will indirectly hear it either in our other programs or in other mass media.


- I think that just the video files that go through Zoom, they are too big, and they could not go, I think this is the case.


- One of us is mocking the Moscow authorities.


- You know, it’s amazing that it’s not you today, right? But it’s just that I’m on fire... Sorry, it’s on fire. I don’t know... I have a rather warm seat now, which I am sitting on, because, well, really, I did not expect that everything is so bad.

.

Source