Dear Barrack & team, As regards IEBC, my first comment is an expression of disappointment at the lack of transparency and or openly sharing of important information with the public as regards the technological infrastructure they will utilize. More so as the last Presidential elections were nullified by our Supreme Court essentially due to technological issues, making Kenya the 3rd country in the world to have this happen, a position we should never return to especially as our nation can not afford the socio-economic repercussions of such a scenario. Additionally, technology is reliable if all the supporting factors are in place but in my opinion I have concerns about the technological preparedness of IEBC for the forthcoming General Elections (GE). My concerns I recognize may be due to lack of information, which loops back to my first comment about the IEBC granting the public access to information. Some of my concerns include: *INTEGRATION & SYSTEM TESTING*: In the last election both the software and hardware were from a similar provider but we still had issues which resulted in many votes not being counted. This time round there are two different providers i.e. the old one and a new one and such scenarios can raise challenges. Have they tested the effectiveness of the integration of the two systems? And if they did test how was this done as we voters are custodians of our biometrics, which would be required for said testing? If they did use voters to test the system for example, during the voter registration process then they should be transparent and gazette or share with the public particulars of where such testing was done and size of the test group. Or are they waiting to test the effectiveness at the GE which can be highly problematic with no room to resolve challenges in a timely manner. *VOTER DATA*: It has been alleged that the last "custodian" locked us out due to non payment of monies owed for services provided. If this is the case then how was the data migrated? Even if IEBC did have access to said data then the issue still remains that in accordance with our Data Protection Act, what is the status of the residual data held by the other party, as this raises data privacy & protection concerns as regards citizens data? *TECHNICAL AUDIT*: KPMG carried out an audit but unless they facilitated a technical audit that I am not privy to, then its imperative that a technical audit is done so that we are cognizant of the true nature of the technical preparedness of the IEBC systems before the elections. The results of such an audit should be made public to enhance public confidence in the transparency of our electoral system. This in turn denies politicians ammunition to "incite" the public as they are informed, and ensures public peace during our pre and post GE periods. *SERVERS*: Our servers are more than 3 years old and so would need an upgrade as a norm. Has such an upgrade been effected? The voter numbers have increased and so will the current servers have adequate capacity? If they lack capacity then at this eleventh hour when it is too late to order in others, then perhaps we need to look for other solutions as a matter of urgency for example, taking into account Data Protection considerations, IEBC can look into borrowing capacity from other major government servers that hold sensitive information as a norm, assuming they have extra capacity, like KRA or CBK? *KIEMS KITS & AUDITOR GENERALS REPORT*: Earlier this year the Auditor General's report indicated that nearly four thousand KIEMS kits, plus laptops, drives etc. were stolen from IEBC. What is the status of this? Have they been recovered? This raises major concerns especially as the KIEMS kits are not geo locked so if malicious actors have access to KEIMS kits and data they can manipulate the integrity of the GE in August. What steps has IEBC taken to address this concern? Additionally, albeit the SD cards and or flash drives are geo locked there is still potential for mischief as the KIEMS kits are not geo locked so a malicious player can insert another SD card. What is IEBC doing to curb potential mischief on this front? *POLLING STATIONS WITHOUT NETWORK COVERAGE*: There are approximately 1100 polling stations that allegedly still do not have access to 3G or 4G network coverage. The standard response from IEBC when this issue is raised is that they will utilize satellites. Have the said satellites been identified and or deployed and tested for effectiveness before the GE or will they be tested on election day? Why can't IEBC Gazette the said polling stations so that the public are aware of them and to enhance transparency and trust in the electoral process. *OCR (OPTICAL CHARACTER RECOGNITION) TECHNOLOGY*: As far as I am aware IEBC does not have OCR technology or do they? If they do not then for aggregation purposes this will have to be done manually and human error can arise (both accidental or intentional), as this is always a risk where the human factor is a component. If this is the status quo then what measures has IEBC put in place to secure this process? *BIOMETRIC RECOGNITION CHALLENGES*: As a norm the elderly have issues with their biometrics being recognized as do those who have suffered injuries after giving said biometrics etc. In the last election this was problematic and as such would like to know what steps has IEBC taken to address this issue. While it is arguable people can use their Identification Documents as an alternative however, due to the concern of the mischief that can arise from KIEMS kits that are not geo locked and the Auditors General's report concerns, discussed above, malicious actors can use as this as a work around to avoid presenting biometrics and relying only on their "identification documents". What steps has IEBC put in place to curb this? *CIVIC EDUCATION AND REGULAR UPDATES EVEN ON THE IEBC WEBSITES*: IEBC has not been aggressive in much needed civic education to sensitize and update the public on the GE and even their website can be better utilized. In all of this accessibility of information to the differently abled is an important factor and their democratic right. How has IEBC addressed this? Even on election day what steps have been put in place to protect the privacy of the differently abled but enable them to exercise their democratic right fairly? *CYBER HYGIENE AWARENESS TRAINING FOR IEBC STAFF*: 95% of cyber incidents are due to the human factor i.e. both malicious or accidental factors. As such, what cyber hygiene training have the IEBC staff been given, as for example, even charging devices at known polling stations by plugging them into the available power sockets can be vectors to upload malware pre installed by malicious actors. Perhaps KICTANet as you have recently been part of a project that developed a cyber hygiene curriculum can train the IEBC staff virtually and take them over the basics to secure the electoral systems in even a 2 hour session. People can only secure themselves and their systems from risks and dangers they are cognizant of. *BACKUP POWER*: What backup power does IEBC have at each polling station i.e. both generators and or solar? IEBC needs to realize that with great power like they have, comes great responsibility to uphold the democratic rights of Kenyans to fair and free elections, and not allow technological issues that are resolvable to curtail this right again. Stay happy, *Mutheu Khimulu* *LLM. Cybersecurity, Counter Terrorism & Crisis Management* *https://www.linkedin.com/in/mutheu-khimulu-law/ <https://www.linkedin.com/in/mutheu-khimulu-law/> * On Wed, Jul 13, 2022 at 9:03 PM Barrack Otieno via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Listers,
Earlier today, KICTANet held a consultative meeting with IEBC Commissioners led by Chairman Wafula Chebukati and the Secretariat represented by CEO Marjan Hussein and ICT Manager Mr. Michael Ouma. This follows KICTANets participation in the IEBC National Elections Conference yesterday. The need for greater engagement between KICTANets Stakeholders and IEBC featured prominently in the deliberations.
As part of the engagement process , KICTANet will be hosting a ''Talk to IEBC'' discussion which will culminate in a Webinar that will address Technology concerns in Kenya's electoral process.
We would like to invite listers to contribute to the online discussion that will serve as a precursor to webinar.
To contribute we would like to hear from you the following:
1. What issues do you have in so far as Tech and elections is concern in Kenya? 2. What recommendations do you have in so far as the use of Tech and elections is concerned in Kenya? The discussion will take place on Thursday 14th July 2022 and Friday 15th July 2022
Thank you
Best Regards
--
*Barrack Otieno* *Trustee* *Kenya ICT Action Network (KICTAnet)* *Skype:barrack.otieno* *+254721325277*
*https://www.linkedin.com/in/barrack-otieno-2101262b/ <https://www.linkedin.com/in/barrack-otieno-2101262b/>* *www.kictanet.or.ke <http://www.kictanet.or.ke>* _______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/mutheu%40khimulu.com
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.