Listers,

Here is my ideal vision of how the election process should run which may also serve as a summary to this discussion:

Step

Event

Description

1

Voter Registration

Technology

Biometric data is collected. These systems are off-grid hence no network connectivity is required.

2

Register Clean Up and Distribution

Technology

After registration, all data should be collated by IEBC to check for redundancies and irregularities. Voters with problematic details should be contacted.

 

Before the election, the complete voter register should be split per-polling station and each chunk copied onto a device. For now, let us call and picture this device as an “external hard disk”.

 

The “hard disk” shall contain the biometric data required to identify a voter at only one polling station – where they registered. After copying, the data on the disk should be hashed and compared with the hash on IEBC servers for integrity purposes. This will be useful on election day.

3

Verify Voters on Election Day

Technology

Before election day, these “hard disks” should be securely distributed to their respective locations.

 

Before the start of voting, the data on the disk should again be hashed and compared with the hash on IEBC servers. If the hashes are the same, the register is clean and voter verification can begin. If the hashes differ, they should try a backup disk. If the hashes still differ, that polling station will be on hold as they await a fresh voter register to be transmitted from IEBC HQ.

4

Cast Vote

Manual

Voters pick ballot papers for the different posts and cast their secret ballot for each.

5

Count Votes

Manual

The key here is that the total number of votes cast should not exceed the number of voters that the biometric devices verified.

6

Transmission of Results

Technology

After all parties and agents agree on the results, they should be manually entered onto the “hard disk” for transmission. Again, once entered, this data should be hashed.

If the polling station has network connectivity, the results should immediately be sent together with the hash. IEBC then verify the hash with the data received and if they match, they approve the results.

If the polling station lacks network connectivity, the “hard disk” should be physically and securely transported to the nearest point with network connectivity for transmission from there. After all, the constitution speaks of polling station > constituency > county-level. Agents should be involved until they see “Successfully transmitted” on the screen confirming receipt of results by IEBC.


With proper testing (load testing, penetration testing, etc) staff training and sufficient voter education, the above should work seamlessly to deliver a free, fair and credible election. The most effective way to test is by carrying out at least two mock elections/simulations with dummy data to prepare all parties for any eventuality and equip them with the knowledge of how to react.

I wish you all a prosperous new year.


Regards,

Emmanuel Chebukati 


On Fri, Dec 30, 2016 at 11:30 AM, Odhiambo Washington via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Dear Listers,

I am at that position where I feel very lost. In fact, I feel like I am quite detached from the reality.

All along, I have keenly considered this matter that seems to have divided the country down the middle: Manual Backup during the 2017 voting process. From the Jubilee/govt side this is a do or die and so it must be there. This govt side seems hell-bent on confusing the masses, as well as the experts like the ICT Community. From the Opposition side, the agenda seems to be very clear - that of ensuring integrity of the Voters Register and stopping 'ghost voters' from ever casting their votes.

That brings us to the famous acronyms - BVI (Biometric Voter Register) / BVI (Biometric Voter Identification).
Having been to a Voter Registration Centre (later to become a Polling Station) to register as a voter, I did look at the equipment in use for the registration process. I saw the laptop which was fitted with a camera and fingerprints scanner. All these require power to run. I did not dwell on how they were powered, but probably there was a battery backup somewhere (besides the electricity) given that they needed to run for a whole day for several days during the voter registration process. When it comes to the Elections, they only need to run for about 11 hours. My point here is that of Backup Power should it be that there's electricity blackout and the built-in batteries can't last the whole day. That backup is very important.

However, I did not see any piece of equipment which could suggest that the equipment in use required any form of connectivity back to some central server in order to function! Which now brings me to the currently national debate - Manual Backup during the Poll Day. What is it? Was the CS honest with his presentation before the Senate/Amos Wako committee yesterday? Does the CS himself really believe in the content of his presentation? I am asking that because I watched him and I don't believe him. I actually think he mislead the committee, and hence the nation at large.

Someone please prove me wrong. I am at that point where I believe that the BVR/BVI does NOT require any form of connectivity and so this Manual Backup being touted by the ruling coalition side, strongly supported by  the ICT CS is a big lie. WHY?

My very first answer: Simply put, when there was no requirement for a manual backup during voter registration, it goes without saying that there is NO NEED for on the polling day.


1. For the issue that is in contention - BVR (used for BVI during polling) - this is a database that can be (and should be) statically stored on the equipment for each polling station. We are not supposed to rely on the Mobile Network to access this voters database. And every polling station can have two/three laptops/Biometrics scanner/Backup batteries to ensure that the voter identification doesn't fail.
Some excuse has been fronted about some voters being mechanics, such that their fingerprints wouldn't be recognized by the BVI systems hence need for manual identification. My take on that is that every voter must carry their voter's card on that day. The clerks can check that card number against the electronic system - enter it, and it will bring the person's picture, ID number, etc and let him cast his ballot.

2. For electronics results transmission (ERT), this is not even necessary in the first place. We can have the results collated/announced at the tallying centres after being certified - forms 36A, and such. However, if the ERT must be done, the data footprint is so tiny that a 2G network can be used. Besides, it can be an SMS based system, which doesn't require 3G or VSAT. The results data isn't that large - it can't be in Megabytes to be sincere. Well, VSAT can be used if they MUST, but this is after the voting process itself is complete, has nothing to do with BVI.

The ERT and the BVR/BVI are two distinct systems. That is what I want to believe. The ERT gets feedback from a manual process - of voters casting their vote, clerks/agents counting, verifying, and certifying, filling requisite forms then communicating the same via some customized phones which are programmed to communicate to a backend system. Am I right on that??

Now the big question here is, where do we need this much touted manual backup where network connectivity is being used as the major reason???

(a) Citing terrorism and the possibility of Al Shabaab knocking off base stations seems like well thought out lie meant to cover our eyes! If they attacked an area, I doubt there will be voting in the 1st place.
     And even so, the network connectivity is not required for BVI so there is no disenfranchising anyone if there is no manual backup (whatever that is).

(b) Citing hacking is neither here nor there for a BVR/BVI system because it's not being accessed live during the voting. It's a static database, unique to the polling station, resident on the laptop used by the clerks. The only hacking that can be done then can only be by an "insider". Quoting Victor Kapiyo from Social Media, "I guess it's a question of trust. Trust in systems and in trustworthy people to do the right thing. For M-Pesa, or KCSE results, we trust both. For IEBC, I guess the jury is still out."

The main issue is not allowing the dead voters to rise again to vote in the presidential vote, then disappear. So the important component here is the BVR/BVI, the credibility of the register and hence the vote.

At what point does the BVI system require this connectivity they are talking about, which then necessitates the so called "manual backup"? 

Did the CS ICT lie to the Senate?? Did the CAK lie to the Senate in supporting the lie from the CS??

There is insincerity in this whole debate about 'manual backup' and the ICT community seems to either support it or is simply lost in the pool of confusion being peddled by politicians.



 

--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/echebukati%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.