Letter To The Electoral Commissioner: New Biometric Management System And New Register

The Commissioner,

Electoral Commission of Ghana,

Accra, Ghana.

Dear Madam,

NEW BIOMETRIC MANAGEMENT SYSTEM AND NEW REGISTER

Your commission’s decision to compile a new voters register is entirely premature and is mostly based on inaccurate and unscientific recommendations by your consultants. This conclusion is supported by a report on an assessment of the challenges the commission faces with regards to the current voters register as contained in your earlier presentation.

It is my recommendation that you abandon the idea of compiling a new voters’ register or in the least suspend the process until after the 2020 election to allow the commission enough time to open for more technical discussions into the current register.

In the meantime, the commission should focus its energy and resources on solving the logistical and human resource challenges to achieve a successful general election.

A copy of the report is attached to this letter for your study.

My regards.

Hamidu Ahmed

Team Lead

Project2002001

[email protected]

Cc:

1. Eminent Advisory Committer (Electoral Commission)
2. All political parties
3. IMANI AFRICA (for coalition of CSOs against new voters’ register)
4. Inter-party resistance against new register.
5. The media

---

REPORT ON ASSESSMENT OF CHALLENGES FACING GHANA’S ELECTORAL COMMISSION REGARDING THE CURRENT VOTERS’ REGISTER

---

INTRODUCTION

Early this year, the Ghana chapter of an international youth movement (name withheld) decided to contribute its voice to the ongoing discussions about abandoning the current voters’ register.

After several discussions, the movement agreed that instead of supporting an already expressed opinion, the movement will conduct its own assessment of the facts on the ground so as to express an original opinion based on the outcome of this assessment.

The movement then commissioned an assessment into the challenges facing the Electoral Commission with regards to the current voters’ register. I was made the team lead on the project.

Shortly after, I submitted a seven-page summary report to the movement. Although the report was enough for the movement to form an opinion on the subject, it had not explained the technical terms contained in the Electoral Commission’s document. The summary report was deemed not fit for the general public so the movement had to wait for the final report.

Midway into the preparation of the final report, it appeared that the movement will not be able to continue with the processes regarding the matter due to structural and operational challenges. The movement was no longer interested in the final report.

Having noticed the value of the report and the good the report could do in shaping opinions regarding the voter register debate and ultimately influencing decisions on the challenges confronting the commission, I decided to see to the finish and distribution of the report.

ASSESSMENT OF THE CHALLENGES FACING THE COMMISSION

This is the procedure used for assessment:

1. Take a challenge mentioned by the Electoral Commission.
2. Assess the possible effects of the challenge.
3. Determine if there are possible solutions to this challenge.
4. Determine if this challenge has compromised or is likely to compromise the integrity of the current Voters’ register.

Below is the outcome of the assessment:

CHALLENGES OF THE CURRENT SYSTEM – BVR KIT:

BVR Kit is a collection of tools used in the acquisition of data of qualified persons unto the Voter Roll. This may consist of laptop, printer, fingerprint scanner and more.

Challenge 1: The kit had been in use since 2011, last purchase was in 2013 (500):

Assessment: Whilst this information is believed to be true, it does not speak to any particular challenge with the BVR Kit.

Challenge 2: All other costs associated with BVR kits was for refurbishment.

Assessment: Whilst this information is believed to be true, it is exactly as expected. After acquisition, all other cost related to a hardware are for installation, operation, refurbishment and insurance purposes. It is therefore not misplaced or unexpected that all cost related to BVR kits is for refurbishment.

However, at some point in the life of a hardware it becomes much more cost effective to replace than to repair.

Challenge 3: A large quantity of the kits had many faulty component parts that were difficult to replace (keyboard, mouse, screen, camera).

Assessment: Whilst this information is not verified, it is hard to believe that there is a difficulty in replacing faulty parts since the technology is readily available. Again, the whole idea of incurring cost on refurbishment (as mentioned in Challenge 2 above) is to repair or replace faulty equipment and parts.

Challenge 4: For 2016, 47% failure rate was noticed during the preparation for registration.

Assessment: This information is not verified. However, detecting failures before starting any of the processes (like registration, exhibition, voting) is expected. This is the main reason why testing is undertaken so as to determine which equipment may require repairs or replacement.

Storage conditions may also contribute to equipment malfunction. For electoral activities, it is advisable to test all equipment and not perform sample testing. This may require lot time and personnel but it will avoid challenges during the actual processes.

Challenge 5: The battery packs had worn out and therefore the decreased battery autonomy could not guarantee continuous use of the BVR.

Assessment: Whilst this information is believed to be true, it is expected. In general, a continuous use of electronic devices is expected to result in wear and tear. This is why all components of the equipment are tested before use. Moreover, new equipment may not have the capacity to perform the entire period without recharge or backup support.

This challenge can be resolved by:

1. Providing electricity source for recharge.
2. Make provision for backup batteries.
3. Replace defective batteries altogether.

Challenge 6: The image quality obtained from the fingerprint scanner were increasingly deteriorating leading to repeated image acquisition prolonging the registration process.

Assessment: This information is not verified. However, poor image quality may not necessarily be caused by faulty equipment. In fact, since fingerprint scanners use modern technology, it is more likely that this challenge is caused by other factors such as:

1. Poor finger placement: when the placement of the subject’s finger does not provide for complete capture of the ridge pattern. This can be resolved by operator training.
2. Humidity/ Temperature: This can cause dry or wet fingers which will lead to extremely light or extremely dark capture respectively. This can be resolved by finger preparation.
3. Worn ridge structure due to occupation, burns or skin problems such as eczema. This can be resolved through finger preparation
4. Dry fingers due to aging: this may lead to light capture and can be resolved through finger preparation.

Image Credit: wovois.com

Challenge 7: The inkjet printers were failing at a frequent rate.

Assessment: Inkjet, LaserJet and Dot matrix all have their challenges. Frequent failing of the printer may not necessarily be due to the type of printer in use. This may be caused by other factors such as:

1. Driver issue: a device driver is a software that facilitates communication between the operating system and device. If the driver malfunctions, or no driver is installed, the printer will fail. This can be resolved by updating/installing drivers.
2. Poor handling: improper handling may cause failure. Handling become a greater factor when the equipment is frequently moved or reassigned to different users like in the case of the Electoral Commission. This can be resolved by proper handling and storage.

These problems should be detected and repaired or replaced during the preparation for registration stage (as mentioned in Challenge 4 above)

On the challenges relating to the BVR Kit as outlined from Challenge 1 to Challenge 7 above, it is worth noting that none of these challenges, whether resolved or unresolved, affects the integrity of the current voters’ register.

CHALLENGES OF THE CURRENT SYSTEM – BVD:

Biometric Verification Devices or Machines are devices that have the ability to perform independent data search using biometric data. They have a storage component that stores information (say database of people) and an acquisition component to collect fresh biometric data. It then searches the database with the fresh capture to find a match which can return a true or false.

Challenge 8: Purpose built device for EC had been in operation since 2011

Assessment: Whilst this information is believed to be true, it does not speak to any particular challenge with the BVD.

Challenge 9: In 2013, an additional 500 of same BVD was purchased

Assessment: Whilst this information is believed to be true, it does not speak to any particular challenge with the BVD.

Challenge 10: Since then cost associated with BVD was for refurbishment

Assessment: Whilst this information is believed to be true, it is exactly as expected. After acquisition, all other cost related to a hardware are for installation, refurbishment and insurance purposes. It is therefore not misplaced or unexpected that all cost related to BVD is for refurbishment.

Challenge 11: High failure rate of the BVD

Assessment:

This information is not verified. However, equipment are supposed to be assessed during the preparation stage before deployment to the field. Generally, BVDs are not expected to produce 100% output. Performance is measured based on industry standards. More so, failure of BVDs may not necessarily arise out of faulty equipment as stipulated earlier in the assessment of Challenge 6.

Also, since this equipment also have their own storage, failure may be caused by faulty storage systems like SD Cards. This can be resolved by replacing storage components.

Why wont a storage malfunction lead to data loss in the voters’ register?

Despite having the capacity to store and actually storing data, failure of this equipment will not cause any data loss to the register.

1. The Register is stored safely in the datacenter and can be accessed from anywhere in the world by authorized personnel only.
2. When needed, a portion of the register is copied and temporarily stored in the BVD whilst the original register is still intact.
3. If the data on the BVD is lost, the register still contain the original copy of that portion of data lost.
4. A backup of the register is available just in case the datacenter is compromised.

Challenge 12: A lot of money had to be spent refurbishing them for use for the various elections.

Assessment: BVDs, much like any other hardware, are expected to undergo wear and tear. This is why users budget for repairs and maintenance of these hardware. At some point in the life of a hardware, it may become more reasonable to replace than to repair it. That decision is more financial than it is technological.

Challenge 13: Worn out sensors meant poor image acquisition leading to repeated attempts on verification

Assessment: This information is not verified. However, poor image quality may not necessarily be caused by faulty equipment. In fact, since fingerprint scanners use laser technology, it is more likely that this is caused by other factors as spelt out in the assessment of Challenge 6 above.

Challenge 14: Manual verification had been an increasing trend due to failure of the BVDs to electronically verify voters.

Assessment: This information is not verified. However, the fact that manual verification is allowed as a backup to BVDs is progressive enough since we do not expect a 100% rate even if we replace all of the current BVDs with completely new ones. The National Identification Authority, which has relatively newer, reported instances of failures in the ongoing NIA nationwide registration.

Also, capturing multiple fingers during registration increases the success rate for fingerprint scanners. A study from US National Institute of Standards and Technology suggests that capturing two fingers increases the success rate by 1 percent from 98.6% to 99.6% and capturing above 4 fingers increases the success rate by 1.3 percent from 98.6% to 99.9%.

On the challenges relating to the BVD (which is a part of the BVR kit) as outlined from Challenge 8 to Challenge 14 above, it is worth noting that none of them, whether resolved or unresolved, affects the integrity of the current voters’ register.

Sample Biometric Verification Device. Photo credit: Citinewsroom.com

NETWORK CHALLENGES

Challenge 15: Very Small Aperture Terminal (VSAT) technology

1. Has low bandwidth, very high latency and was susceptible to changes in weather such as cloud cover and rain.
2. Limited registration exercise experienced low utilization of online VMS

Assessment:

Very Small Aperture Terminal (VSAT):

It is a two-way satellite ground station with antenna that is less than 3.8 meters. VSATs are used for transmission of narrowband data (for example POS transactions or polling) and broadband for satellite internet access or video.

Advantages of using VSAT technology include:

1. Global coverage: voice, video and data can be accessed anywhere in the world.
2. Reliability: enterprises can maintain business continuity with built-in redundancy and automatic backup service.
3. Security: VSAT already provide private network and adding encryption technology makes it more secure than terrestrial networks.
4. Fast deployment: Satellite technology is an ideal solution for quick deployment, immune to the challenges posed by difficult terrain, remote locations, harsh weather, and terrestrial obstacles. In this rapidly expanding market, satellite allows a service provider to get to market quickly and efficiently and provide immediate connectivity in disaster and emergency relief scenarios.

The alternatives to VSAT are Wireline Terrestrial Services (WTS). Whilst WTS may have their advantages including faster data transfer, they will not be of any help to the Electoral Commission.

Consider a landline telephone. It is connected to a hard line that travelled from far. It doesn’t not provide much room for movement.

Now consider a situation where every single registration centre will have a hardline providing connectivity. This situation will provide for the following challenges:

1. Unreasonably high cost for unreasonably low returns. Even if the EC is to partner will an existing cable provider, there is still the need to extend the cable to areas in the country which currently do not have cable connection.
2. Then more cables will be extended from far above or from the ground to all registration centers.
3. Since registration centres are mostly open spaces, we may have to hire a security to look after this extension throughout the night until registration resumes the following morning.
4. When registration ends what happens to cable the next one year that we are not conducting registration.
5. In the event of rain when we will have to continue the registration at the chief’s palace or at the church premises where we can enjoy cover what happens to the cable?
6. Other technical challenges like bad disaster recovery.

It is due to these and more that VSAT technology is the best for the work of the EC.

VMS (Assuming VMS stands for Virtual Memory Services)

In practice, VMS provide support to the actual resources when the need arises. Assuming your computer does not have enough Random-Access Memory (RAM) to process all the tasks that are currently running, it will temporarily transfer some of these tasks to disk storage providing for enough RAM to increase processing speed.

In database management, databases come with a similar technology called persistence. If a payload is submitted at a time that there is a temporary loss of connectivity, the user will get a “successful” notification indicating the data has been submitted. When connectivity is reestablished, the payload will be sent to the database.

In this case, low utilization of the VMS will actually mean that more of the payload were successfully submitted without hindrance which is a positive outcome.

Challenge 16: Network Design Limitations

1. The network design is rigid and does not allow for integration of newer technologies.
2. The network design was poorly documented

Assessment:

Network Design Limitations are the factors that cannot be easily altered, often impacting architecture and functional requirements. The most familiar of them are cost, experience staff and expensive staff, expertise of staff, location, time and in the case of the EC, the infrastructure.

Modern networks are designed to be progressive. In other words, they are designed with the capability to function sufficiently in the future. For this reason, developers of newer technologies often make provision for these technologies to be integrated into existing systems. For example, manufactures build new technologies with ports that accessible by the ethernet cable which was first introduced in the early 80s.

In some cases, new technologies may come with entirely new designs. These technologies are often accompanied by supporting peripherals to enable them integrate with existing technologies.

In the case of the Electoral Commission, we might have to get more information with regards to the particular new technology that the current configuration is failing to integrate wants to integrate into the network.

Poor documentation:

Documentation is a fancy word for a User Manual. They contain helpful information regarding installation, handling, usage and quick fixes for new technology. This often help users of new technology to get familiar with these technologies. Poor documentation will cause a lot of challenges for users especially at the early stages of the life of a new technology.

However, it is a little bit confusing that after several years of use of the technology, suddenly the issue of documentation becomes a major challenge for the Electoral Commission. I think this is more of expertise and efficiency of personnel than the network.

Challenge 17: Network not secured

Assessment:

Network security is about taking steps to prevent a network infrastructure from unauthorized access. It involves taking physical and software preventive measures to protect the underlying network. There are a lot of ways one can protect a network. These include:

1. Access control: block unauthorized users and limit user access.
2. Anti-malware: prevent initial infection by viruses, worms and trojans (which are bad for the network)
3. Application security: use only applications from trusted service providers and block insecure apps from running on the network.
4. Behavioral analytics: monitoring behavior pattern of the network and investigate all changes.

However, the weakest link in network security is the user (human). A report from Kaspersky Lab revealed that about Ninety percent (90%) of security incidents are caused by the actions and inactions of employees (authorized users). The network security is astronomically improved if the EC trains its employees in network security.

On the challenges relating to Network as outlined from Challenge 15 to Challenge 17 above, it is worth noting that none of them affects the integrity of the current voters’ register.

CHALLENGES OF THE CURRENT SYSTEM – DATACENTRE:

A datacenter is a centralized location setup for the purpose of collecting, storing, processing, distributing and allowing access to large amounts of data.

Challenge 18: Large number of equipment within the DC were either EOL or EOS

Assessment:

Short for end-of-life, EOL is a label used by software and computer and hardware manufacturers to describe a product that has reached the end of its life cycle . When a product reaches EOL, the following happens:

1. End of Support: the developer or manufacturer no longer support the product or may offer paid support. For example, Windows 7 recently attained EOL but Microsoft still provide support for an annual fee of 20 Dollars.
2. No longer updated: in the case of software, they no longer get updates and may open systems to security vulnerabilities.
3. No replacement parts: in the case of hardware, they will not have replacement parts manufactured.

In most cases EOL is always announced in advance for system administrators to make the necessary adjustments. Microsoft ended mainstream support for Windows 7 in 2015, five clear years before EOL in January 2020.

For software, enthusiasts sometimes provide patches for continues support.

Announcement of EOL in most cases is because the developer or manufacturer is offering a newer and better alternative to the existing one. Getting users to migrate to the newer technology has its benefits but most often it is so that developers can concentrate fully on support and upgrades.

In the case of the Electoral Commission, the most prudent and secure option will be to upgrade to newer technologies.

Challenge 19: Some of the equipment did not have an active warranty since 2014

Assessment:

Warranty: a guarantee issued to the purchaser of an article by its manufacturer, promising to repair or replace it within a specified period of time.

The terms of a warranty may differ from products but all warranties are expected to expire at some point. An expired warranty does not render the product defective and does not prevent the user from accessing services from the vendor or its authorized dealers.

For risk management purposes, users with precious equipment will sometimes opt in for insurance of these equipment to cater for repairs or replacement.

Challenge 20: Most of the software licenses had expired

Assessment:

A software license is a document that provide legally binding guidelines for the use and distribution of software. Licenses typically provide users with the right to one or more copies without violating the copyrights.

Licenses of proprietary software usually provide for period of use which specifies the length of time a user is allowed to use the software. When the period of use is exhausted, the license is considered expired.

Users are often informed and reminded to update or renew their licenses within a reasonable time before the actual expiry date. Even when the license is expired, it can still be renewed with ease. There are other terms contained in a software license.

Challenge 21: The Storage Array System were running on 1G iSCSI which made for very slow processing.

Assessment:

A Storage Array System is a data storage system used for block-based storage, file-based storage or object storage. They combine a series of drives into one system that can store large amounts of data under a central management system.

Briefly, iSCSI is a transport layer that works on top of the Transport Control Protocol (TCP). It enables block-level SCSI data transport between the initiator and the storage target. ISCSI SAN range of storage are scalable to One (1) Petabyte (1,000,000 Gigabytes) just by adding DAS.

A lot of factors affect the processing speed in a datacenter and among them is the Ethernet connection. The Electoral Commission’s network will successful run on a 1GbE without compromising speed unlike large enterprise networks like those used by banks.

For a storage array, the processing power of the disk controller and the RAID (Redundant Array of Independent Disks) level will improve processing speed.

The types of drives used can also improve processing power. For example, Solid-State Drives have more power than Hard Disk Drives.

Challenge 22: Disks in the array were a combination of 10k and 7.2k RPM HDD

Assessment:

This combination of drives provides enough data throughput for the Storage Array System used by the Electoral Commission.

Throughput is the speed at which data can be transferred from the spinning media (platters) through the read/write head and passed to a host computer. In more technical terms, throughput is measured by areal density and RPM.

Revolutions Per Minute (RPM) is the number of times a platter in the drive performs a 360-degree rotation every minute. A drive with a higher RPM will perform faster than a drive with a lower RPM if they both have the same areal density.

HDDs (drives) today pack between a range of 1,200 (1.2k) rpms to 15,000 (15k) rpms. Today’s most common RPMs are 5.4k and 7.2 k with the latter performing 33 percent faster than the former.

With the current Storage Array System configurations, the speed provided by 10k and 7.2k is enough (perhaps more than adequate) for the work of the EC.

However, if the EC still finds the need to improve speed, they can consider a using a combination of Hard Disk Drives (HDDs) and Solid-State Drives (SSDs) rather than replacing the current drives with 15k RPM drives.

Challenge 23: The rest of the network within the DC were a mixture of 100Mbit/s and 1G connectivity.

Assessment:

This combination is adequate for the possible needs of the Electoral Commission.

At 25Mbs, data transfer is considered as high speed. At this speed, data is transferred at 25 megabytes (25,000 kilobytes) every second. This means that a user can download a 100-megabyte video in just 4 seconds.

The minimum of 100Mbs in the EC datacenter is 4 times faster than the rate that is considered high speed and the maximum of 1Gbs is 40 times faster than highspeed connectivity.

But is this adequate for the EC?

To answer this question, we will estimate the connectivity needs of the EC conservatively and compare it with the output of the current setup.

Assuming during registration (when connectivity requirements are at peak), the average time used by a data entry office to register one person is 2 minutes (120 sec) and the estimated payload per submission is 266Kb.

For every registration cycle, the connectivity output of the data center, using the minimum of 100Mbs, is:

100 multiplied by 120 which evaluates to 12,000Mb (12,000,000Kb)

Now, to get the number of persons this output can serve without delay, we will take the net output and spread it over the payload per officer per submission cycle which is:

12,000,000Kb divided by 266Kb evaluating to 45,112 officers.

Let us now consider using the average connectivity:

100Mbs plus 1,000Mbs (1Gbs) divided by 2 evaluates to 550Mbs or 5.5 times the minimum connectivity. So, at average connectivity, 45,112 multiplied by 5.5 is the output.

In conclusion, this connectivity can serve 248,120 data entry officers or registration centers seamlessly.

Challenge 24: The combination of the above could not deliver the performance that was required to meet the demands of the system.

Assessment:

From the data above, we can see that this conclusion arrived at is not supported by the data. The connectivity capacity of the datacenter can cater for the needs of the EC today and for any future expansions.

On the challenges relating to Datacenter as outlined from Challenge 18 to Challenge 24 above, it is worth noting that none of them affects the integrity of the current voters’ register.

BIOMETRIC VERIFICATION MANAGEMENT SYSTEM

Application Components Challenges

Challenge 25: Source code challenges:

1. Source code is not available to EC
2. Biometric template is being kept in a proprietary format

Assessment:

Source code

Source code is a set of instructions and statements written by a programmer using a computer programming language. There are two categories of source code: open-source and closed-source popularly referred to as proprietary.

Open-source codes are released under a license in which the copyright holder grants users the right to study, change, and distribute the software to anyone or for any purpose.

Proprietary software is any software that is copyrighted and bears limits against use, distribution and modification that are imposed by its publisher, vendor or developer. Proprietary software remains the property of its owner/creator and is used by end-users/organizations under predefined conditions. Proprietary software may also be called closed-source software or commercial software.

There is no commercial software where the source code is made available to the end user. The source code serves as a guarantee of ownership and if it is made available to the user, the user can resell the software to any number of persons he wants.

Are there situations where a developer (programmer) makes the source code available to the client?

Yes. When the client is actually the owner of the application. If a company engages a developer to build a company specific tool or say a website, the application will be owned by the company. It is highly likely that this application cannot be resold since the components are built to satisfy a very specific structure.

In any case, users not having access to the source code of commercial applications does not render these applications any less effective. In fact, it is more likely that having access to these codes will pose functionality and security challenges to these applications.

Biometric template (Fingerprint)

A fingerprint is made of a series of ridges and grooves. Once a fingerprint is captured the system locates the minutia points. These minutia points occur where the lines of the ridges begin, end, branch off and merge with other ridge lines. These points are then mapped and a line is drawn between each point. This creates a map of how each point relates to the other points. The map is then stored as a data stream called a minutia template in a database for future comparison with other presented fingerprints. It is important to note that during the entire process no fingerprint images are stored on the system and a fingerprint image cannot be recreated from the minutia template.

Photo credit: Identityone.net

Since no images are taken throughout this process, this provides for adequate security by removing or limiting human interference. The data is encrypted so that it can only be read and understood by other biometric machines.

For registrants, this process is the only actual guarantee of security of fingerprint data. Imagine for a second that this data is not encrypted. This means that persons who keep these data or, in the case of data breach, people who steal these data can actually reverse engineer the process and get hold of the fingerprints of the people in the system. These fingerprints can be used to access door locks, safes or in extreme cases they can be used to set up a person for crimes they do not commit.

Any form of biometric regime that data managers have access to decrypted formats of these minutia templates is unsafe and probably illegal.

In short, the current regime of encryption is in line with industry standards and fall well within Sections 17, 18, 19 and 28 of the Data Protection Act of 2012, ACT 843.

Challenge 26: Challenges with vendors

1. The BVMS application modules were built by different vendors and is poorly documented
2. Troubleshooting and problem isolation takes days since it involves coordinating with several vendors located in different time zones.
3. Vendor never committed to any service level agreements.

Assessment:

Application modules

There are two types of biometric verifications:

1. Authentication: imagine a work place where employees access the facilities by key cards and fingerprint. The employee will swipe the card to generate his details from the system and then fingerprint to confirm it is really him. In this instance the print will only be matched with the file copies of the card swiped. This is called 1:1.
2. Identification: this is where a print is used to look up the presence of a person in a database. This is the type used by the EC.

Troubleshooting

Since all machines of the EC perform Identification, it is expected that they all follow the same processes to achieve results despite the possibility that they may come from different manufactures and carry different speeds. In this case, troubleshooting is expected to be relatively simpler.

Manufactures and developers often leave tutorials on how to perform troubleshoots on their business sites.

The EC can also instead engage local hardware engineers to perform these functions.

Service level agreement (SLA)

SLA is a commitment between a service provider and a client.

Licenses actually pass for service level agreements. Once a client is given a license to use the product, a service level agreement is said to be in place. A product’s “terms of use” agreement may also spell out rights and responsibilities of clients and vendors alike.

On the challenges relating to Source code and vendors as outlined in Challenges 25 and 26 above, it is worth noting that none of them affects the integrity of the current voters’ register.

Operational Challenges

Challenge 27: Lack of training:

1. None of the EC IT staff were trained on the BVMS
2. The EC was complete reliant on the vendor for the management of the system

Assessment:

It is not unusual to for an organization to cede management of its systems to third parties. The organization can, at any time, take back management of its systems by simply scheduling a training and handing over.

These are a few factors to consider when deciding on systems management:

1. Cost for employing a full-time team compared to cost for using a management service.
2. Expertise of staff compared to expertise of a management service provider.
3. Staff turnover.
4. Response time of service provider.
5. Security of information.

Challenge 28: Limited Application Server:

1. The application server used for the online VMS was limited by allowing only 200 concurrent connections.
2. The EC has some 260 district offices nationwide each with at least 2 VMS machines.

Assessment:

Concurrent connections mean the maximum number of connections a server can handle at any one time. This can be managed in the server “settings” by either setting the limit to “0” which is unlimited or by setting any other number as a limit (say 200).

In an “unlimited” setting, concurrent connections are allowed to the maximum capacity of the server.

In theory, a TCP server has the capacity of 65,535 connections per IP per server port. This simply means with just one server port, 65,535 people can work on the voters’ register application at the same time.

So, for the 260 offices by 2 VMS machines, a concurrent connection capacity of 520 is required.

What this means is that with just one port, the server provides capacity of 126:1 concurrent connection. That is 126 times more power than is actually required by the EC.

Challenge 29: No Disaster Management Plan:

1. There was no business continuity
2. There is no IT disaster recovery plan
3. The backup strategy was such that the best recovery point objective (RPO) attainable was about 1 month and the best recovery time object (RTO) was about 1 week.
4. Full back up of the Oracle DBMS took at least 72 hours and this is with the system quashed
5. Application system design was such that there was no insight into the quality of data being egested

Assessment:

Business continuity

Business continuity planning is the process a company undergoes to create a prevention and recovery system from potential threats such as natural disasters or cyber-attacks. BCP is designed to protect personnel and assets and make sure they can function quickly when disaster strikes.

From the data above as captured in “points c and d”, we can see that there is a business continuity plan.

Disaster recovery plan

Disaster recovery plan is a documented process or set of procedures to execute an organization's disaster recovery processes and recover and protect a business IT infrastructure in the event of a disaster.

From the data above as captured in “points c and d”, we can see that there is a disaster recovery plan.

RPO and RTO

Recovery point objective: is an important component of a disaster recovery plan. is the age of files that must be recovered from backup storage for normal operations to resume if a computer, system, or network goes down as a result of a hardware, program, or communications failure. The RPO is expressed backward in time (that is, into the past) from the instant at which the failure occurs, and can be specified in seconds, minutes, hours, or days.

In a retail shop for instance, the data needed to resume operations will be the last known quantities of the products available and their prices. In this case recovered data from the last hour will be sufficient to resume operations.

Recovery Timer Objective: is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity. In the example above, RTO will be how much time can be used to recover the data from the last hour.

RPO and RTO differ from operation to another. For example, these metrics will be much better in a banking setup than in a warehousing setup.

For the work of the EC, the current RPO and RTO metrics are sufficient for the work of the EC. They can however be improved.

Backup

Backup refers to the copying of physical or virtual files or databases to a secondary location for preservation in case of equipment failure or catastrophe. The process of backing up data is pivotal to a successful disaster recovery plan (DRP).

There are three types of backup namely, full, incremental and differential backups.

For the work of the EC regarding the voters’ register, a full back is performed at a convenient time. For example, during registration exercises when the data changes frequently, it is only reasonable to perform either incremental or differential backups. This takes a relatively shorter time to do.

When the registration exercise is finished and the data is not in use, which is the case most of the times, then a full backup can be performed.

Quality of data

Data validation is an essential part of application programming. This allows for applications to measure input data against some predefined requirements before admission. For example, data validation will ensure that a column earmarked for entering date or birth of registrants only accepts data in date format. Data validation will even go a step further to set cut-off points for date of birth. This and many more factors ensure quality of data.

However, the concept of Garbage-In-Garbage-Out still apply. If “John Doe” was initially misspelt as “Jhon Doe” at the point of capture, this will be accepted by the system. To counter the effects of GIGO, several measures can be employed. The ultimate measure being the exhibition exercises the EC conducts before elections.

Challenge 30: No check and balances in the system

1. No way to determine if some records were missing
2. This process had to be manually done and is susceptible to human error

Assessment:

There are several ways to determine if records are missing and these can always be built into the application.

On the challenges relating to Operations as outlined from Challenge 27 to Challenge 30 above, it is worth noting that none of them affects the integrity of the current voters’ register.

COST IMPLICATIONS

The research work conducted by the coalition of CSOs against new voters’ register took an in-depth look into the cost analysis done by the EC and came out pretty informative recommendations. This report will not look at that.

However, the costs that actually matter to the average voter are those that have a direct impact in their daily lives and should not be underestimated. These costs include:

1. Transportation of potential registrants to registration centres. Some people will travel intercity to get registered. This comes with costs such as financial, time and risk.
2. Time spent in queues to get registered and its attendant challenges. Many people who did not register during the ongoing NIA registration says it is due to the spent in the long queues.

These two costs have the potential to create voter apathy and prevent a lot of qualified voters from taking part in the national exercise.

Bringing many people to participate in the democratic process, which is the EC’s core function by the way (Article 45 of the 1992 Constitution), should be more important to the Electoral Commission than cost saving.

CONCLUSION

From the above, the following conclusions are arrived at:

1. Challenges 1, 2, 8, 9, 10, 15, and 19 as mentioned by the Electoral Commission are just information about the BVR kits, BVDs, Network, Datacentre and the applications and do not necessarily constitute valid challenges.
2. Challenges 3, 5, 7, 11, 13, 16, 18, 20, if not resolved may affect the processes by causing delays.
3. Challenges 2, 5, 10, 12, 18, 19, and 20 are expected and are often planned for.
4. While challenge 15 may have its own limitations, it is the best alternative for the work of the electoral commission.
5. All valid challenges can be fixed

1. Most importantly, NONE of the challenges above indicates that the integrity of the current Voters’ register is compromised in any way.

RECOMMENDATIONS

1. The Electoral Commission should spend its time and resources working to fix the structural challenges the systems face.
2. The Electoral Commission should put more efforts in training of its permanent and temporal staff alike as this will do away with most of the challenges in the system.
3. The Electoral Commission should focus more on its core function of enrolling more qualified persons onto the current register in preparation for the general elections and focus less about saving cost.
4. The Electoral Commission should open a national dialogue on whether the to add additional layers of verification like facial recognition within its medium-term plans.

BY: HAMIDU AHMED

PROJECT NAME: PROJECT2002001

EMAIL: [email protected]

FEBRUARY, 2020