Thanks for the clarification.

On 31 Dec 2016, at 13:20, kictanet-request@lists.kictanet.or.ke wrote:

Send kictanet mailing list submissions to kictanet@lists.kictanet.or.ke

To subscribe or unsubscribe via the World Wide Web, visit https://lists.kictanet.or.ke/mailman/listinfo/kictanet or, via email, send a message with subject or body 'help' to kictanet-request@lists.kictanet.or.ke

You can reach the person managing the list at kictanet-owner@lists.kictanet.or.ke

When replying, please edit your Subject line so it is more specific than "Re: Contents of kictanet digest..."

Today's Topics:

1. Re: Manual Backup and Elections 2017: Is the CS ICT Honest (Collins Areba)

----------------------------------------------------------------------

Message: 1 Date: Sat, 31 Dec 2016 13:18:35 +0300 From: Collins Areba <arebacollins@gmail.com> To: Waithaka Ngigi <ngigi@at.co.ke> Cc: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke>, JImmy Gitonga <jimmygitts@gmail.com> Subject: Re: [kictanet] Manual Backup and Elections 2017: Is the CS ICT Honest Message-ID: <CAFb6RxBu3x2jTrk8FYeyNA2=13EOaVB3R3ohzjm_WvomV6d6QA@mail.gmail.com> Content-Type: text/plain; charset="utf-8"

Listers, Allow me to share these wise words from a friend, Ben Ngumi Chege, who has had extensive on the field doing exactly this kind of work in more places than I can remember. Will paste the long text after the link in case its not visible to everyone.

https://web.facebook.com/notes/ben-chege/manual-vs-electronic-elections/1015...

?Manual? vs ?Electronic? Elections

...

BEN CHEGE <https://web.facebook.com/masukuma>?FRIDAY, 30 DECEMBER 2016 <https://web.facebook.com/notes/ben-chege/manual-vs-electronic-elections/10154910551733923> Every 5 years Kenyans queue to vote, this is an exercise that we have engaged in passionately for as long as I can remember and when each round of elections is done and dusted we as a nation learn a couple of lessons which we then reuse in succeeding election cycles in an attempt to make them better. However, looking at the current debate on the use of technology and witnessing what is happening, I suspect that there might have been an important lesson to be learnt in the 2007-08 when compared to the 2013 election cycle that has been missed and this lesson is that Having consensus among all players beforehand regarding the electoral process generally leads to widespread acceptance of the results of the process. Electoral process should be seen as contests, where groups of people with various interests engage willingly in order to not only determine political representation but also wield the power of the state, and just like any reputable contest it has its rules. These rules are well known and understood by all players and are accepted from the onset. These rules are deterministic in that they are predictable and must be seen by all parties to be fair. For a country to have a credible election - we need everyone to feel like they have a chance in this contest since from the onset the rules of the game do not favour their opponent(s). In 2007 ODM did not agree to the way the commissioners were picked after the terms of some expired as they felt it contravened the IPPG agreement and after the contest was done they did not accept the results announced by the commission. When the same commission asked them they refused! We all remember the situation the country found itself after the opposition refused to engage in a process they felt was flawed and disadvantageous to them. The 2017 election process is slowly mirroring the 2007 pre-election period especially when it comes to the role of technology on voting day. We are witnessing an emotive debate regarding the use of technology and the disregard of the voices of political players who hold contrary opinions. If lessons from the past hold true, this threatens the expectation of a peaceful electoral process and at the very least a credible one. On voting day there are 4 core activities that happen within a polling station, these are: 1) Voter identification/Verification ? this answers the question ? ?Are you registered to vote in this polling station?? 2) Voting by secret ballot ? you are given a ballot paper and then you mark it in secret and the cast the said ballot into a transparent ballot box. 3) Counting of results and declaration ? counting of all votes cast in the polling station for each race and the declaration of the votes cast in favour of each candidate. 4) Results transmission ? forwarding these results to the next level namely the constituency tally center for ?tallying? and dispute resolution just in case there were any. The ?Manual? vs ?Electronic? debate is really touching on activities 1) and 4) and therefore at the core of this debate are 2 questions namely: 1) Can we solely verify/identify voters electronically using biometrics that they submitted? 2) Can we solely transmit results to the next level using electronic means? Fortunately, these two are not really new initiatives as the IEBC has been using technology in these two areas over the last 4 years. No one doubts the credibility boost that well executed technology has on elections. An example of this is the by-election in Kibwezi West where the winner won the race by the narrowest of margins - a paltry 175 votes and the loser did not file a petition challenging the results. This was unheard of in previous elections. Why then do we have a debate around it? Previously, the use of technology was not explicitly dictated by the Elections Act but rather the stipulation to use one form of it was found in regulations. Until now the official Electoral process has been manual where technology had been added for efficiency and confidence building. The latest Election Amendment Act 2016 has raised the profile of the said technologies from just being tools to be used in boosting confidence to be the exclusive means of conducting voter identification and results transmission. They say once stung ? twice shy and thus it?s understandable that the IEBC is jittery in embracing technology full throttle without a fallback especially because it had technology failures in the said areas during the 2013 General elections. Technology is playing an increasing role in our lives and for us to move forward on the electoral field - I feel that this discussion needs to be informed by a mindset from big technology companies have when it comes to failure. Companies like Google, Yahoo and Facebook plan for failure more than they plan for success. They have a culture that says ?failure is OK?, a culture where people are encouraged to ask: 1) What do we do if our technology fails? 2) How do we continue fulfilling our core business that is serving our customers and users when the systems around us fail? So as Kenyans we need to ask ourselves the same set of questions and ask how it affects the core business of elections. But for that to happen we need to synthesize what our core business on election day is. It?s said that ?Election Day is still the one day when we strive to give equal voice to every eligible voter; the day when the woman working in the market stall has as much of a say as any wealthy banker, and the illiterate menial laborer has a voice that speaks as eloquently as any university professor. It is our shared responsibility to strive for processes and systems that ensure that every voter is given the opportunity to make their will known, and that every vote is counted.? If we agree that this is the core business of elections and everything on election day must support this, we should ask ourselves a couple of questions, namely: 1) What happens WHEN we place a piece of technology as a prerequisite to the recording of this voice and the said technology fails and thus affects the ?core business?? What are the fallbacks available to us? 2) Since this is a contest, which out of the array of fallbacks available is most acceptable to all players? The issues around the failure of technology have been well documented. The IEBC conducted an internal audit of the March 2013 election and rather candidly highlighted these failures. I will try and address them and possibly give recommendations in question form that should advise our choice of an acceptable fallback or perhaps a list of fallbacks to be executed in when certain scenarios playout. When it came to the identification of voters electronically, the issues fell broadly into 3 categories namely: 1) Technology problems ? some voters could not be found on some EVIDs but were present on the manual register. Some devices run out of power, some even exploded during charging 2) Procurement problems ? getting the wrong device because procurement requirements were not met. 3) Rollout problems ? some devices were not charged, insufficient training due to late delivery and lack of manuals e.t.c. With proper planning and time to go through the procurement procedures most of these can be sorted out. The new Elections amendment act stipulates that the IEBC should have procured and set in place technology 8 months to an election and then have it tested 60 days to an election. Even with this in place some of the problems categorized as ?Technology problems? may not disappear or may only manifest themselves on polling day. In order to address them we need to ask ourselves what are the real risk factors related to technology? If the approach to voter verification is similar to what was employed in 2013 ? then the disruption of telecommunication is not a potential failure point ? why? The devices were self-contained ? the register was loaded on the device and thus the device really had no need to communicate with external systems after rollout. If this is the model envisaged in the new KIEMs Rollout ? we should not concern ourselves with telecommunication availability in the matters of voter verification. What should concern us is the issue of availability of power as the devices will be constantly in use throughout the day. The devices used for verification conduct a one-to-one match of voters against their biometrics ? computationally ? it can be a costly affair especially if a potential voter has to submit multiple fingers to get identified if one fails and so we need to have devices that can work for 18 hours or have capability to accept external power in the form of portable power cells. Can the software be written in such a way that it alerts the users well beforehand that it has X number of hours of charge left and that the clerks at the polling station need to make arrangement to keep the electronic means working? Ghana deployed a solution that utilized dry cells and they put in place an operational plan to replace them within 4 hours. The issue of some voters not being found on the EVIDs yet being found on the manual roll was puzzling, this may be aggravated in 2017 this is because the bulk of the current set of fingerprints were collected in 2013 and it will not be farfetched to expect that the quality of fingerprints submitted for verification in this election cycle by an eligible voter who work with their hands to be lower and thus this may require multiple passes. The current setup is one which a subset of the fingerprints collected is used to verify voters electronically. If we are to go full throttle ? we will need to ensure that all fingerprints are available for matching on polling day to increase the chances of matching. An exercise to get fingerprints resubmitted for persons who fall in this category and also for all those that had their biometrics lost during the mass registration drive when BVR machines crashed and did not have backed up properly. Another reason that could explain why some voters were not found on the EVIDs and were found on the printed register is data corruption during copying polling station data into the SD cards that the devices used. How can we ensure that databases are not corrupted during saving into the machines? I propose that each device should have a way of hashing a file and checking the hash against a verified hash of a working copy and where it differs transferring data to this device should be repeated. Backups of these registers on verified SD cards should also accompany each EVID to the field. We should explore how to keep the logs of the persons who have voted safe when devices get technology issues. There is also an inconvenient reality that in any given population there will always be some persons whose fingerprints are difficult or impossible to capture or verify. This raises a fundamental ideological question of whether a person should be disenfranchised because of limitations of a technology. The issues around the provisional transmission of results were also well documented, these also fell into 3 broad categories namely: 1) Technology problems ? the server?s well documented issue with system logs and it running out of space due to server misconfiguration; The failover issues that followed this. Network coverage issues; Erroneous display of tallied votes due to late integration and limited retesting. 2) Procurement/Acquisition problems ? there was no time to really develop the transmission application. 3) Rollout problems ? late delivery of phones and specially configured simcards; issues with user credentials; versioning issues between server and phone; Lack of proper training. As with electronic voter identification, most of these can be sorted out with proper planning and following procedures, why do I say so? the IEBC has transmitted 100% of the results from all the by-elections that it has conducted since 2013. While in terms of scale these by-elections pale when compared to the general election, it?s my considered opinion that there have been numerous lessons learnt ? these can be documented and used to inform the training and rollout process. What should happen in the event that result transmission fails for whatever reason? The IEBC still needs to have a fallback for electronic results transmission. Can some other technology offer a fallback? e.g. If results transmission from a primary device fails, should we have an electronic fallback using a different technology? Can the current election transmission system be used as a backup of whatever fancy results transmission system the IEBC procures? The IEBC has used satellite phones with success to transmit results for the Kalolol and Mosiro by-elections, why can this be used as a fallback on the telecommunication side. I think we can have all these fallbacks in place and these would be totally acceptable to all stakeholders. These questions are by no means comprehensive but should act as a starting point in deciding what the fallback(s) should be and when to fallback. It has always been my opinion that leaving the determination of important electoral matters at the polling station level to the discretion of people there without a trail of documentation that guides their decision making and a trail of accountability to why they took the action they did exposes the election operation to credibility questions. In 2012 Ghana went into their election with the NVNV (No [biometric] Verification, No Voting) mantra and they had to extend the voting period and also had many people disenfranchised because of the inadequacies of the technology they rolled out. In 2015 they rolled back and then introduced a manual verification fallback. The manual verification process required the presiding officer fill a manual verification form for each voter who is manually verified. The only way we can come up with this list of scenarios is if we carried out a proper and candid risk assessment and management process. This process should inform the IEBC on what to do to ensure that the ?core business? on election day remains unaffected. From my perspective, human beings should always play the role of final "exception handlers" to ensure that during electronic voter identification no voter is ever disenfranchised by technology malfunction or it?s limitation. Indeed, if the electoral process must err, then it must err on the side of inclusion. However, these errors must be accounted for and thus the most appropriate role of technology is to ensure a level of transparency and accountability that allows for review of any of those human decisions on how to handle exceptions. As noted earlier on this paper, the process used for verification involves a one-to-one match of voters against their biometrics. The voter gets his ID No. captured by the verification device in a bid to ?identify? them and once their records are loaded on the screen of the device an additional fingerprint scan is required to ?verify? this person. i.e. answering the question ? are you really the person who you claim to be? So, for example, if the validation device is unable to verify the fingerprint of a voter who the presiding officer knows or strongly believes to be a legitimate voter, and his/her particulars are on the voter register, the presiding officer should have the authority to override the device and allow the person to vote. In order to trigger the manual verification process, the presiding officer should collect as much information about the person being excluded from being electronically verified as possible. This information should include a photo of this person and the Serial Number not ID No. found on their National Identity card. Manual verification should not be misconstrued to mean manual verification using the physically printed out register or green books. This process should be endorsed by all party agents present at the polling station. It is important to have this information both in physical and electronic form. At the end of the day, any final reconciliation should include the number of decisions the presiding officer made contrary to the technology. This allows for review of the decisions of the presiding officer, and provides a deterrent since that officer knows that there will be an accounting of how many decisions he made of this nature. It also allows for reporting on anomalies where a polling station or ward has an inordinately high number of human exceptions. This information can be transmitted periodically so that during the course of the day to all stakeholders and thus all players are able to identify polling stations that have inordinately high numbers of human exceptions and vigilance can be increased to ensure only legitimate cases are excluded from electronic verification. Once this discussion has been held and we have a product that this has the blessing of all players contesting in the election. When accepted by all stakeholders the post-election process of massaging bruised egos and selling peace i.e. the 'accept and move on' message will be much easier.