IEBC ICT SYSTEM: FAILURE IS A FEATURE NOT A BUG
Our government has embraced ICT so pathologically because of its inability to deal with the material world. In cyberspace, so very little effort is needed to do things. Kenya favours the world of electrons not that of atoms.
So, we have delivery portals, e-citizenry, digital-this, cyber that and our reality is now virtual. The real world of overextended sewerage systems, crumbling healthcare systems and congested roads are just too messy and complex. We are the Silicon Savannah where e-diocy reigns. The internet will save us if only we make it fast enough.
Kenya was the first country is sub-Saharan Africa to embrace the Open Data Initiave and we lead in the regional connectivity league tables. We are good at putting government data in computers for all to see.
Why though is the one place where all this e-literacy actually needed, the IEBC, so backward?
The laptops used to register voters are running an obsolete, error ridden version of Windows, one that Microsoft withdrew support for years ago. Windows XP is now older than most programmers working at Microsoft yet IEBC still clings to it.
There are tutorials online showing how to break into the Windows XP system without use of a password in under a minute. But you would hardly need to bother to exert yourself like that. In several cases IFA field teams found that the password used on IEBC computers were written on masking tape stuck to the machine.
Anyone with access to the computer can log in and make entries into the system. IFA found several computers unattended during the MVR II, and in some cases clerks were allowed to take the registration kits home rather than leave them at a police station.
Computers will always insecure, but the deterrence put in place by IEBC is insultingly low. What’s the point of having passwords if they are then written on the actual machine?
We can therefore never be 100 per cent sure of the integrity of the data entered. We never know whether or not the voters registered are real or made up by unscrupulous clerks. The shambles of a registration may be part of the reason that IEBC is so reticent to produce the voters roll for public scrutiny ahead of polling day.
The actual database of voters is a joke. There doesn’t seem to be a chronological order in issuance of Identity card numbers. There are youth born in 1995 whose IDs are lower in number than those born in 1935. Retired politicians lay claim to the ID number 0000001. People share IDs on the IEBC system. This is either sabotage or the work of the most incompetent database creator in the world.
We have almost 40 million telephone numbers and each seems unique. I have never heard of persons sharing bank account numbers. However in five years of trying and more than Sh50 billion IEBC has been unable to faithfully produce a database that is error free.
The KPMG audit of the Register of Voters makes for a worrying read. First clue that everything isn’t as it should be is that the entire chapter on the database is missing. Fortunately IEBC forgot to delete the section on databases on the executive summary of the document. Here we find out that there are administrator accounts that can make changes to the voters register that cannot be traced.
IEBC can conduct an audit of how those with access to the database exercise that responsibility but has never bothered to. Even after complaints of names missing in the voters roll it has never occurred for IEBC to look into the matter.
Maybe the administrators delete names, maybe they add names. Maybe they will delete my biometric details before election day, maybe they will change your gender. IEBC isn’t bothered. The logs auditing administrators had not been activated as late as June 2017. This isn’t an accident, now is it? If you find out that the guards have turned off the CCTV cameras outside your office you should prepare for a robbery.
The KPMG report attributed hundreds of thousands of errors in the database to the clerks. Some clerks hired by IEBC can’t spell names correctly, or enter details correctly. They also can’t tell the date. There are more than 4000 voters in the system who were registered after 8 August 2017. There are voters registered before registrations officially began in November 2012. We can only hope that the IEBC training and selection of clerks has improved since MVR II as we head to the election. Let us also hope that none of them turn up for work after election day given their clear challenges reading a calendar.
Databases are now apocalypse-proof. The databases amassed by the banks and the telecommunication companies seem to tick on without issue due to multiple backups.
The report says that IEBC lacked backups to data on the Register of Voters outside Anniversary towers. They had no plans in place in case data at the headquarters gets destroyed. The data centre isn’t adequately protected from fire, the auxiliary power systems are faulty and the air conditioning meant to cool the servers failed during the audit. Does it look like they are trying to keep the systems going in case of a disaster?
Furthermore, IEBC refused to let KPMG conduct a simulated attack on their computer systems. This is even after their own servers were attacked on Election Day 2013 to display a false result they wouldn’t allow hackers to attempt to breach the system to find out weaknesses. In the world of hacking poachers will always strive to be ahead of the gatekeepers but IEBC refuses to have their systems stress-tested.
The ground work for failure of the ICT system has already been laid. We can neither trust the data inside it nor the results coming out of it.
“IEBC Preparedness” is a contradiction in terms. Failure of the IEBC ICT system is a built-in feature and not a bug. That is what it was designed to do.