The Kenyan March 4, 2013 general election was marred with several irregularities that challenged the credibility of the election. Some people argued that the problem was not technology, but mismanagement of technology. I will support the argument that technology was not a problem but mismanagement of it.
I will explain how an electronic election system works.
An electronic election system has four parts
- Biometric voter registration (BVR) kit that is used to register voters by taking their finger prints, face photos and personal details.
- An electronic voter identification (EVID) kit that is used to verify the details of the electronically registered voters from the electronic register during the voting day.
- A results transmission system (RTS) during tallying.
- A central data server that receives all the transmitted results from the Results Transmission system and displays them on a screen.
For the Kenyan 2013 election, using an electronic election system was a huge milestone towards having a credible election. It was a way to avoid the occurrences of the 2007 general election that led to a disputed election and loss of 1400 lives with thousands of others displaced and property worth millions destroyed.
The electronic voting system was supposed to work like this during the voting day.
The Electronic voter Identification (EVID) kit was meant to verify the details of the voters from the electronic database captured during the voter registration exercise done using the Biometric Voter Registration Kits.
Each of the 33,000 polling stations had a Results Transmission System (RTS) which comprised of a mobile phone installed with an app provided by International Foundation for Electoral Systems (IFES) .Through the Safaricom Network, the RTS remitted the results to the IEBC central server at anniversary towers.
The March 4th 2013 general election did not go without a dispute. The main challenger of President Uhuru Kenyatta former Prime Minister Raila Odinga filed a petition at the Supreme Court challenging the results of the election. The petition asked the court to nullify the election because it lacked credibility and it was rigged! This came up from the fact that the manner in which the electronic voting system was managed was questionable.
To start with,
- The electronic register was not credible because the IEBC had procured 15,894 kits for the 24,614 registration centers, which meant that centers had to share kits that could have led to mixing of data.
CORD has lately alleged that the current kits were availed to the National Youth Service that helped to register voters without their consent therefore compromising the whole register. This could be an issue come the August, 2017 election.
- During Election Day, there were system failures at the polling stations. Some kits could not start; others ran out of power because the three batteries provided by the IEBC were not adequately charged before voting started.
- The Results Transmission System hanged frequently, at some centers the Safaricom network was not sufficient or completely unavailable delaying transmission of results to the national tallying center at Bomas.
- There was immense incompetence from the IEBC staff at the polling stations during the voting day. Staff could not trouble shoot minor technical issues such as voting systems hangs.
- The computer servers at the IEBC national tallying center collapsed. There was a bug that multiplied the results by a factor 8.The CORD coalition termed it as a system hack. IEBC was forced to suspend the electronic tallying and revert to manual tallying. This raised issues of concern.
To run a credible electronic election come August 2017,the IEBC will need to do the following things.
1.Provide political parties and the public with a credible electronic register.
When President Uhuru Kenyatta was declared winner in the March 4, 2013 general election, his main challenger former Prime Minister Raila Odinga filed a petition at the Supreme Court challenging the election. One claim was that the electronic register did not match manual hard copy register. Some names were missing on the electronic register; there were cases of double registration.
To clear such doubts, the IEBC should avail the electronic register which should be the print out of the manual register to political parties and the public. The electronic register data should be uploaded into a public online platform where voters can login and verify their registration. The online platform should have options such as general search, print, search and view registered voters per county, constituencies and polling centers. That way it will be possible to verify double registrations, missing voters, dead voters who are registered and place a dispute about it.
2. Hire competent IEBC staff and train them adequately.
From my technological expertise, if we had experts manning the electronic voting system, the election would have went on to completion without technical problems.
During Election Day, the Results Transmission system failed completely forcing the IEBC to suspend electronic transmission of provisional results to the national tallying center in Nairobi.
IEBC claimed that the shut down resulted from an overload. That could not have been the case since the mobile phones at the polling stations only transmitted small packets of data.
The main problem was with the IEBC staff at the national tallying center and at the polling stations.
The staff at the polling stations could not synchronise the data transmission from the app installed at the phone to the server at IEBC center.
The staff at IEBC central server did not have adequate expertise to run servers. The resources at the server were more than enough. The server had enough space, speed and memory to handle the transmission of the results. The configuration of the server was the mistake.
For IEBC to use the electronic voting system adequately, they should hire competent staff and train them on time.
The staff at the national tallying center should have enough expertise as it pertains to the RTS app and server technologies.
At each of the 33,000 polling stations, there should be at least one I.T expert who has an in depth understanding of using electronic devices, computer systems, mobile applications and in depth trouble shooting skills.
Polling clerks should have adequate training. I would suggest IEBC gives priority to clerks who have background I.T training, then train them on how to use the electronic voting system. That way all the technology problems at the polling stations will have people to handle them adequately.
3.Secure the Electronic Voting System from hackers.
I have been following the United States coming presidential elections closely and observed how the electronic voting system is vulnerable to hacking.
Russia is suspected to hack the U.S presidential electronic voting system and influence the vote.
It is therefore clear that hackers are on the rise. China and Russia hackers have hacked systems that no one thought could be hacked.
From my view, the March 2013 electronic voting system was hacked. Where did that bug that multiplied results by 8 come from? My take is someone introduced a script into the system that could add or multiply results by a certain factor. This script carried out the function upto a certain point then could have crashed at some point and picked the by 8 factor.
The script could have caused the system to malfunction when the staff manning the server tried to control it.
So how will IEBC handle hacking?
There are three requirements for any robust political election security, anonymity and verifiability.
The electronic voting system must be tamperproof, anything that could trigger hardware or software change during the voting process must be prohibited. Monitoring such a process would also help considerably.
Applications used to compute and tabulate votes should be tamperproof.
After system certification, underlying codes, control parameters, procedures and configuration variables must be kept static. Any run time self modifying applications should be prohibited. End to end encryption and configuration control is key. Any booting part of the system must be protected from subversion. Subversion can be used to implant scripts inform of viruses that could hinder transmission of results or manipulation of the results.
All the above can be done by the system vendor after satisfactorily testing the system.
All system administrators must have nontrivial authentication mechanisms, a three level authentication mechanism is ideal. A password alone is not enough to keep a system secure.
There should not be unofficial channels for configuration, maintenance and setup. Such can be avenues for subversion of the system.
4.Provide adequate electronic voting system accountability to political parties’ officials during voting day.
The previous election was marred with suspicion. Some political parties claimed that there was no transparency in results transmission, computation and tabulation.
IEBC can avert these claims by providing political parties officials with adequate tamperproof access to the system.
All internal operations and configurations must be monitored through a screen. Monitoring should include all polling stations registered voters, votes cast, votes recorded, votes transmitted and votes tabulated.
System administrative operations should be monitored in real time. Any attempted or successfully carried out configurations alterations must be noticeable and verifiable with those in violation of the static system integrity requirements.
Finally the system should generate real time reports of the above happenings and avail them to the political parties’ experts.