IMANI: The Dangerous Games Of The Electoral Commission

Highlights

• The EC has blatantly and consistently lied about the true facts of the current biometric system and its ongoing effort to procure a new one.
• The EC's claims that it will cost just $56 million to procure a new system whilst the cost of refreshing and maintaining the existing one would cost $74 million are dangerous untruths.
• A sham tender recently completed by the EC has revealed that the EC plans to spend $72 million on hardware alone. IMANI believes that by the time software and services are added the total costs for technology alone will amount to $85 million.
• Compared to a limited registration to capture just those not on the voters' register, a fresh mass registration shall cost $50 million. Refreshing the existing technology at competitive prices will cost just about $15 million.
• Hence the total loss to Ghana of the EC's actions amount to $150 million, if one factor in contingency. If the fact that thousands of perfectly good equipment shall be thrown away is also considered, the total loss rises.
• But economic cost is not the only thing to be worried about. The EC also bungled the procurement process, leaving a trail of evidence suggesting tender-rigging. This has opened the process to litigation and delay.
• The EC used one day to disqualify well-qualified bidders, claiming that they had reputational problems, when the vendor it awarded the tender to, after the one day of evaluation, Thales (and its Gemalto unit) has even bigger scandals hanging over its head. In fact, it was once globally blacklisted by the World Bank.
• The EC's tender processes were so bad that the Chairman of the technical evaluation panel dissociated himself from the results forcing the EC to discard a 4-month process and compress it into a one-week evaluation.
• At any rate, the timeframe for negotiating a proper contract; designing better specifications to correct the many things the EC claims are wrong with the existing system; securing procurement approvals; integrating disparate software and hardware systems from different vendors; and deploying and testing the platform cannot be fitted within the EC's artificial timeline of April 18^th 2020 for the commencement of registration.
• If the EC goes ahead and throws caution to the wind to maintain the shambolic April 18^th timeline, the credibility of the new system shall suffer.
• The proposed mediation process by Gamey & Co Alternate Dispute Resolution Center is wise and must be considered by all parties.

Whilst the nation's attention was firmly elsewhere, the Electoral Commission (EC) continued to dig its heels in over requests to review its problematic decision to compile a new voters' register and, on top of that, procure an entirely new biometric voters' platform.

It continued working on consummating its sham tender and on executing the multimillion-dollar datacentre project, configuring and reconfiguring servers to deploy the yet to be specified biometric system.

This brief paper is a timely alert to the general public and the political class that the danger of the EC's gamesmanship is escalating. The ongoing procurement activity has been riddled with serious defects that, if not remedied thoughtfully, would worsen an already bad situation.

Before we discuss the problems with the tender, let us recap the main reasons why a brand new system needn't have been procured in the first place.

Part 1: A Redundant Tender The EC's case for a new voters' register and biometric voters platform is essentially three-fold: the existing system is hopelessly obsolete;

A simple equation governs this debate: Total Cost = Cost of Technology + Cost of Registration. Two variants of the equation sum up the case of the EC and that of its opponents.

For the EC:
Cost of New Technology + Cost of Full Registration < Cost of Refreshed Technology + Cost of Partial Registration.

For the opponents of the EC, such as IMANI:
Cost of Refreshed Technology + Cost of Partial Registration < Cost of New Technology + Cost of Partial Registration.

There is another dimension to the debate besides Cost, and that is the dimension of Risk.

For the EC:
Risk from a New Platform + Risk from Full Registration < Risk from a Refreshed System + Risk from Migrated Data.

For the opponents of the EC:
Risk from a New Platform + Risk from Full Registration > Risk from a Refreshed System + Risk from Migrated Data.

This is a highly empirical debate that in any serious society ought to be settled on the basis of sound data and analysis.

Using data from the Office of the Auditor General and appropriations documents from the Ministry of Finance, IMANI has established conclusively that the charge of equipment obsolescence is completely unfounded. It is so unfounded that despite much taunting, the EC adamantly refuses to release its asset registers and recent, independent, audits into the state of the biometric platform.

There are four main classes of equipment involved in defining the current electoral technology platform in Ghana: BVDs + BVRs + Satellite Discs + Servers. In addition to this hardware are three main software systems: the ABIS + Administrative System + Distributed Device Software (on the BVDs and BVRs).

Since this integrated platform was first procured in 2011 and deployed in 2012, more than $60 million has been spent on refreshment, by which we mean the purchase of brand new devices and the refurbishment of worn down ones. More than 70% of the BVDs in use were bought new or have been refurbished since 2016. The same is the case with the BVRs, of which a whopping 40% was procured in 2018.

An equivalent proportion of satellite dishes (VSATs) and datacentre servers is in this same condition. Because new devices come bundled with software, many of the new devices already have contemporary software editions installed, and at any rate the software on even the devices dating from 2012 is fully supported. We have provided referenced extracts in this document here: https://imaniafrica.org/wp-content/uploads/2020/01/IMANI_New_EC_Biometric_Register_CSO_Opposed_2020_Jan-19.pdf.

It is extremely dangerous for a state institution of the calibre of the EC to be lying so blatantly about the status of its assets when official information and records exist.

The EC's case falls completely on the failure to sustain the charge of obsolescence. The original vendors of the EC's system and the subsequent replacements for major parts of it are fully compliant with the highest quality standards. HSB International and Genkey are Dutch companies with impeccable technical standards who have deployed biometric systems in many countries around the world. Evidence for the quality of the existing refreshed system is to be found in the improving performance recorded in Ghanaian elections, data about which is amply supplied in this IMANI statement: https://imaniafrica.org/2020/01/26/imani-moving-beyond-electoral-commissions-self-serving-vendors-posing-as-objective-experts/

Data from the most experienced elections observers in Ghana, such as CODEO and the EU's elections monitoring teams, show that the worst incidence of biometric system breakdowns across polling stations, 33%, occurred in 2012, when the biometric system was fresh. In 2016, there was a dramatic improvement as the failure rate declined to 7.5%. In the 2019 district elections, only 5% of polling stations recorded breakdowns. A system that is getting better over time due to considerable investment cannot be described as obsolete.

With this context, we can return to the original equations and plug in the deceitful numbers the EC has relied on in a very misguided attempt to push its will at all cost:

New Technology + Full Registration < Refreshed Technology + Partial Registration

Summary: According to the EC, a new system will cost $126m whilst refreshing the system will cost $164m.*

This elementary mathematical model has been at the heart of the EC's cost argument.

*(for simplicity, we will leave the datacentre and communications components out of these deliberations as the money has already been spent.)

Were the EC's facts, as reproduced above, correct, the economic argument for a new system would be a no-brainer. But as we have already hinted above, none of the EC's numbers are actually true. In fact, they are the product of shameless, reckless and irresponsible propaganda by the EC and its conflicted and self-serving consultants.

We know from the ongoing sham tender that the EC's propaganda that the new system shall only cost $56 million is a pure lie. The system will cost considerably more than this amount. More on that later.

We know that the full costs of mass registration and the deployment of a complex new technology requires a contingency allowance of at least 20%. Consequently, we shall shortly, in this brief paper, provide the updated estimates of the costs of the EC's reckless gamble with our voting system.

But even if we take the EC's $126 million total cost for a brand new system at face value, its argument still does not hold. The $74 million indicated as the cost of refreshing the new system by replacing or refurbishing truly worn out hardware and updating the software is wholly flawed on account of the following:

A presumption that every BVD and BVR needs replacement is complete nonsense given how infrequently the machines have been used (there are thousands of equipment that have been used only for a few weeks in 2019). Furthermore, the fact that a considerable proportion, as much as 70% of the EC's biometric portfolio, dates from 2016 and 2018, not 2012 and 2013 as the EC claims, renders any calculation based on the need to replace all 77,500 devices nonsense.

A presumption that price quotations the EC purportedly received from a local intermediary, STL, for refurbishment would be the same ones it would receive were it to run a special tender for original vendors to replace the truly worn out machines is completely unjustified.

Should only the truly out of date equipment (15000 BVDs + 2000 BVRs) be replaced or refurbished at competitive prices, $15 million shall be sufficient for the purpose as we have shown in previous commentary on the subject cited above.

D. Likewise, it is wholly and patently illogical to claim that the cost of a partial or limited registration would outstrip the costs of a full registration. There is no means by which the cost of registering more than 17 million voters afresh can be lower than the cost of registering the 1.2 million voters who failed to register less than a year ago. In fact, the historical data shows that the costs of registration the latter class of voters will not exceed $20 million.

E. The end result of the above analysis is the need to reset the numbers in the original equation and change the direction of the inequality as follows:

Cost of Refreshed Technology + Cost of Partial Registration < Cost of New Technology + Cost of Partial Registration.

$15m + $20m < (at least) $56m + $70m
$35m < $126m
That is to say, refreshing the system will cost $35 million whereas buying a brand new system will cost at least $126 million.

F. If the costs of the depreciated value of the existing equipment that are in perfectly usable condition (many of them having been used for only a few days during the 2019 limited registration only) amounting to about $40 million is added to the financial implications of the EC's decision to opt for a completely brand new system and register, (i.e. $126m + $40m = $166m) the total amount of wasted resources arising from the EC's decision to buy afresh rather than to refresh is at least $131 million (i.e. $166m - $35m)

G. But as we shall show in the subsequent section, the amount is considerably higher than this amount owing to a spate of recent and ongoing reckless decision-making by the EC in the sham tender it is currently closing.

Part 2: A Sham Tender
At the outset, we explained to readers that the primary lens through which to assess the EC's decision-making and its dangerous implications is to reduce all of it to a simple model: Cost + Risk. We have so far only discussed cost.

Obviously, an important decision such as the safeguarding of the integrity of our precious democracy cannot be evaluated on the basis of cost alone. Risk is a critical dimension. This is the section where we discuss the risk aspect. We intend to explain very carefully, but also very simply, why the EC's most recent conduct, much of it occurring even while the debate about its decisions was heating up, has seriously exacerbated an already difficult situation. Let us, first, remind you of the elementary equations at the heart of this debate:

Cost of Refreshed Technology + Cost of Partial Registration < Cost of New Technology + Cost of Partial Registration.

Risk from a New Platform + Risk from Full Registration > Risk from a Refreshed System + Risk from Migrated Data.

Replacing the dummies with real numbers gave us:
$15m + $20m < (at least) $56m + $70m
$35m < $126m
The $56 million new technology cost was widely peddled by the EC's propagandists in the course of the debate. In fact, in a now notorious presentation deck, the phantom savings from paying this amount instead of the alleged quote from STL (which was merely a middleman in any final transaction) were emblazoned across the sheet in bold red font. We reproduce this for effect:

Table 1. EC's Phantom savings numbers
The latest information we have from the EC's sham tender is that these figures were deceptive in that they did not include any of the engineering, installation, commissioning, peripherals and auxiliary costs that one should expect in a brand-new deployment.

We have it on very good authority that the tender to supply the hardware component alone has been awarded to Thales (a French conglomerate that recently bought Gemalto, a player in the biometric authentication industry, which shall be the actual unit handling the deployment). In a tender technical evaluation report submitted to the EC's hierarchy exactly a month ago (20^th January 2020), Thales, which bid $70.3 million to supply the BVDs and BVRs, plus accessories, peripherals and auxiliaries, was favoured on account of purported technical superiority over Smartmatic (the same company that lost out in the 2011 tender awarded to the STL consortium) which bid $69.93 million.

Based on the re-evaluated tender price, the EC must pay out $72 million to Thales for just the hardware. The software tender is apparently still underway and will add several million dollars to the cost. In short, we estimate that by the time the EC is through, the cost of new technology shall not be $56 million but instead anywhere between $75 million to ~$85 million (i.e. hardware costs of $72 million plus software and services costs of up to $13 million).

Consider that the EC has known all along that these were the numbers its shambolic tender was producing, and yet it BLATANTLY LIED TO THE MEDIA AND TO GHANAIANS THAT A NEW SYSTEM WILL COST $56 million.

Why do we call the ongoing tender a sham? For many reasons. Firstly, it has been shrouded in the kind of secrecy that is completely unbefitting of a public tender of such consequence. Secondly, the EC cancelled the first published tender on 16th April 2019 but failed to produce any sensible reasons or even announce that it had done so to the public through the media. Thirdly, it published another tender on 21^st August 2019, conducted a demonstration among vendors on the 10^th of December 2019, and obtained results that the top hierarchy of the EC decided it did not like. On 18^th December 2019, the EC Chairperson wrote to the Entity Tender Committee and literally instructed them to change the report to suit the views of the top hierarchy which had not participated in the gruelling 4-month review process.

Fourthly, there is considerable evidence of tender rigging in view of the EC's top hierarchy's strong intent to strong-arm the technical experts it assembled itself to review the application. In the 18^th December 2019 correspondence from the EC Chairperson to the technical committee, the intent to muscle out the two companies with the deepest and most extensive track record in the biometric voter management space, Idemia and Smartmatic was blatant. In fact, the EC bosses simply told the committee to pass the other three companies: Miru, with scant track record in this space, Buck Press, with no track record at all, and Thales, the favourite from the outset.

Thinking that they have finally had their way, the EC's top hierarchy then communicated their preferred outcome to the Public Procurement Authority (PPA). Unfortunately for them, the Chairman of the technical committee, mindful of posterity, wrote to the PPA to dissociate himself from the rancid mess. The EC then dissolved the technical committee on January 10^th, 2019, rapidly assembled a pliant group chaired by a EC commissioner, Rebecca Kabukie Adjalo, a lawyer with zero track record in information and computer technology. The group's first meeting was on 13^th January 2019. Its primary sessions were on 17^th January 2020 and 19^th January 2020.

On 18^th January 2020, the awam (controversial) technical evaluation committee recalled all the four companies (Smartmatic had finally been allowed to proceed but Idemia stayed disqualified) to demonstrate their technology. The next day, it prepared its report selecting Thales's bid as the winner, forwarded same to the EC's top hierarchy, after which much merrymaking must have ensued, complete with a live band ensemble.

In case, it is not entirely clear, let us repeat: after ditching a four-month process, the EC assembled a new committee in a week that took ONE DAY to work on a fresh evaluation and come to a definite conclusion on a $72 million contract. Let that sink in, dear reader.

But why do we argue that this shambolic tender has heightened the risks facing Ghana? For a number of alarming reasons. Firstly, given what we have seen with the hardware tender, the software tender is bound to be even more shambolic. The total opacity means that there shall be no multistakeholder oversight to ensure sound conduct.

This is a EC that has been misconducting itself so often it is safe to say its modus operandi is obfuscation. Unfortunately, once the hardware has been specified, considerable efforts are required for the integration activity. The EC announced to the world that it has now decided to opt for an option in which it would own the source code of the software packages installed across the Biometric Voters Management System (BVMS) that it is procuring. Unfortunately, this was a blatant lie as none of the tendering companies have committed to this. And indeed, they cannot offer this seeing as they are proprietary systems developers. In short, detailed integration work is required to ensure a seamless operation. Yet the disorganised nature of the tender and the artificial timelines the EC has set seriously undermines a proper weighing of the risks of integration.

The EC has set an artificial timeline of April 18^th, 2020 (barely two months away to commence use of the system to conduct the voter registration exercise). As we stated in our previous comment, THIS IS A SERIOUS TIMEBOMB. The EC has not even completed award notices to tenderers for the hardware and software components of the BVMS, much less completed pricing negotiations and PPA approval procedures, not to talk of the gruelling specification and integration design work. Then there is the legal drafting and negotiation phase, plus logistics delivery and testing, not to talk about commissioning and remediation of any bugs uncovered following the review of testing results.

NO ENGINEERING PROJECT (AND THIS IS AN ELABORATE AND COMPLEX ENGINEERING PROJECT) CAN BE MANAGED IN THIS SHAMBOLIC WAY.

Even delaying the commencement of the registration till June carries serious risks because four months is much too short a time to complete all the standard procurement, engineering, commissioning, testing and deployment elements of such a critical and mission-sensitive rollout. The EC is determined to do things without sound engineering standards. If it continues along that path, the spate of unresolved disputes about registration, exhibition and adjudication is likely to impact the credibility of the elections in due course.

Furthermore, it is not as if the shambolic tender results are immune to legal attack. Smartmatic has already given hints of its intent to challenge the results. Just as it did in the 2011 – 2012 cycle. Some of the reasons proffered by the EC's awam committee for reducing its technical eligibility in favour of Thales were preposterous to say the least. For example, a threat by politicians against both the Philippino elections management body and its contractor, Smartmatic, was held up as evidence of business risk. This is despite the fact that politicians make threats all the time and attack the integrity of electoral systems as a matter of course. The awam committee claims that it could not find similar evidence of business risk against Thales, which is laughable. Here is a literal canopy of corruption allegations against Thales, many of them the products of actual investigation, not just random allegations by politicians. See: https://sites.tufts.edu/corruptarmsdeals/tag/thales/

To be clear, Thales' record of corruption is so pungent that in 2005, the World Bank's Integrity Unit blacklisted them from participating in any of their projects because of credible accusations of their use of bribery to win business around the world. Then 5 years later, they were ordered after being found guilty in a serious investigation to repay 630 million euros back to the Government of Taiwan for serious procurement abuse, including the paying of hefty bribes to Taiwanese government officials. The situation stank so badly that the death of the Head of the Taiwanese procurement authority has been connected with the scandal.

The Gemalto unit of Thales that shall be executing the contract is no stranger to corruption investigations. In 2015, many NGOs provided compelling evidence of corruption of elections officials in Gabon in which Gemalto was heavily implicated. (See: https://www.jeuneafrique.com/mag/347427/economie/gabon-gemalto-sellette-a-paris/).

In Benin, a favourite reference in Gemalto's CV, a lawmaker in 2015 provided evidence to show that Gemalto had been transferring tens of millions of CFA to an inactive company founded by a member of the oversight body of the electoral management commission of Benin (COS-LEPI), a scandal that became known as the Ahossi – Karimou Chabi-Sika affair.

The Estonian government was recently embarrassed when ID cards developed by Gemalto were proven defective and had to be recalled amidst great confusion. It sued Gemalto seeking to recover nearly $180 million. (See: https://www.reuters.com/article/estonia-gemalto/estonia-sues-gemalto-for-152-mln-euros-over-id-card-flaws-idUSL8N1WD5JZ).

So, regarding the claims of the awam technical evaluation committee not to have found any information on business risks related to Thales and Gemalto, one can only conclude, considering how widely known these matters are, that the cause of the Committee's blindness is the need to rig the tender in support of Thales and Gemalto. For any sincere researcher to find Smartmatic's needle in the haystack allegations in the Philippines but fail to so much as encounter the more widely discussed and analysed Thales-Gemalto corruption investigations and indictments beggars belief.

Furthermore, some of the technical observations against Smartmatic in the report amount to pure hair-splitting. The BVR associated printer was judged to be A6-incompatible, though paper sizing is a matter of orientation settings in the kind of modern printer proposed by Smartmatic. Their proposed laptop was said to lack screen scratch-resistance, even though such requirements are easily addressed through peripherals. As already mentioned, the “unfavourable risk profile” finding based on unhappy politicians in the Philippines who had threatened not just Smartmatic but also the Electoral Commission in that country (COMELEC) is completely ridiculous, considering the fact that Thales, as the ongoing state capture investigations in South Africa have shown, has a far worse record when it comes to sharp business practices.

The only serious demerit, on the face of it, in the Smartmatic proposal was its insistence that the number of equipment requested by the EC can only be delivered, in full, within 7 months, not the 5 months demanded by the EC. (The BVRs needed at the start of the registration would have taken 4 months) But this point of contention opens a whole new can of worms. Firstly, Smartmatic is so much more experienced in deploying biometric systems for elections than any of the other three bidders. We count 21 major implementations around the world compared to Thales-Gemalto's seven. In fact, with the suspicious disqualification of Idemia on technical grounds, they were the only truly globally experienced biometric voter systems integrator left in the running, having executed projects on virtually every continent. A careful observer would give more credence to their estimate of reasonable delivery timelines than they would to Thales'.

Thales has pointed to Gemalto's record in Benin of delivering 3200 Coesys equipment within an impressive timeframe of two months in 2011. But that implementation was considerably different from the one envisaged in Ghana because of the far smaller scale of the deployment coupled with the absence of polling station and exhibition-time voter authentication.

Secondly, given that the EC has always known that even its preferred vendor, Thales, would need 3 months to deliver the BVRs, and that all of the devices are required to come for testing before the process can commence, why then, in God's name, did it deceive blatantly, the public, that it can commence registration on 18^th April? Surely, if it intends to negotiate a better agreement than the existing ones that it has demonised so thoroughly, then, as any serious corporate lawyer would tell you, at least four months is required. Considering that it has not even completed its tender processes, how can anything less than 6 months be reasonable when planning for the procurement of such a complex system?

Thus, the EC has compounded the risks facing this country in respect of the elections by failing to acknowledge that the dimensions of risk confronting a greenfield IT project are more varied and impactful than the risks confronting a brownfield project. Especially when the EC also claims that it doesn't merely want new versions of the existing system but completely different legal relationships, technical architecture, and support and maintenance arrangements. When such a confluence of novel factors occurred in 2012, Ghana saw its most problematic elections in more than a decade.

All of these areas of concern constitute new risks which require time for a high level of legal and IT consulting skill to be brought to bear. But here is an EC whose main consultant is a gentleman from a company which had been hoping to replace an intermediary contractor and is therefore incentivised to push for totally greenfield systems. An EC tortured by conflicts of interest. An EC that claims that its IT team is hopeless because they agreed to a previous arrangement in which systems were supplied without warranty and licenses were allowed to expire for 5 years without replacement even whilst millions of dollars were being spent on IT every year.

Though the EC has legal autonomy, the judicial authorities have been wise to ensure that in technical matters, its autonomy should be circumscribed. That is why in Ghanaian Elections Manuals, the Head of the Judiciary is always minded to appoint High Court Judges as heads of the review system for any disputes of decisions made by the EC on registration matters. The EC has been shown by successive audits to lack internal systems of sound technical decision making, financial spending, and control and accountability. This country has to compel the EC to come to the table in a spirit of openness, sincerity and good faith to debate the technical matters concerning the rollout of its proposed new system.

It is in light of that simple and urgent fact that IMANI is announcing today that we support the offer made by Gamey & Co ADR Center to pursue a professionally mediated settlement between the EC and its critics. We hope that the EC's Eminent Persons' Advisory Committee and the Peace Council shall impress on the EC to take this offer very seriously.

We at IMANI are always available to bring our research to bear before, during and after any such conciliatory processes and proceedings.

IMANI Ranked 1st in Ghana for Eighth Consecutive Year &3rd in sub-Saharan Africa on the Global Go To Think Tank Index Report (2019)

Please support IMANI today by emailing our finance head, Patrick Stephenson at [email protected] . We are currently seeking financial support for our 2020 political manifesto assessments. Please find previous assessments @ https://imaniafrica.org/category/imanifesto/