Image credit: HybridCluster

Nigeria’s 2019 elections: How prepared is INEC on electronic voting machine security?

Hackers all over the world recently came together in the US city of Las Vagas for just one singular purpose: to attempt to break into the US electronic voting machines. The idea behind this effort was to put the security of the US electronic voting machines (direct recording electronic voting machines) to the test to uncover any inherent flaws. Despite assurances from the authorities and voting machine manufacturers, there have been lingering security concerns about those machines. More than 30 voting machines were setup by the organizers in a manner akin to a real life voting event.

Surprisingly, it turned out that in less than 2 hours virtually every single voting machine there — including popular brands like Diebold, Sequoia, and WinVote were easily hackable. The hackers uncovered fundamental flaws in the US electronic voting machines and demonstrated to the world that e-voting machines are not as secure as the authorities and manufacturers claim.

After the vote counting mess that trailed the George Bush/Al Gore presidential election in 2000, the US embraced electronic voting as a way out of the mess — but for the most part, it made the problems even messier. Electronic voting is failing the western world; most European countries are abandoning it amidst hacking fears. Germany, Ireland, Netherlands and France have in one way or the other discarded e-voting, citing lack of trust. The last US presidential election was a case in point. Here in Africa, Kenya was one of the countries that began experimenting with electronic voting. In their 2013 presidential elections, everything that could go wrong did — ranging from biometric scanner failure, server overload to delayed results. There were also allegations of hacking in the just concluded presidential election.

Nigeria is also considering adopting electronic voting for 2019 general election as a way out of the many challenges associated with past elections. Local and foreign contractors and manufacturers are already trying to outdo each other in a bid to win the contracts. The National Agency for Science and Engineering Infrastructure (NASENI) has also responded to the challenge by developing a home grown e-voting machine and presented same to INEC for possible consideration. Although there were reports INEC allegedly turned down the NASENI e-voting machine without fair consideration.

Electronic voting no doubt has its benefits but it also comes with risks. In the U.S for example, there were documented cases of e-voting machines distorting or swapping the votes for candidates. The machines can be secretly compromised with malicious codes even before being deployed to the polling centres. The malicious codes can be designed to delete itself at the close of polls without leaving any trace. I am not advocating that we abandon it but rather to recognize its limitations and respond accordingly. It’s important that we carefully consider the security implications, especially in the light of the recent demonstrations by hackers in Las Vagas in order to gain the people’s trust in their accuracy. Our goal must be to seek out ways of minimizing voter intimidation, vote buying, ballot stuffing, result forgeries, and pre/post-election violence–which can still happen even within the context of e-voting. This is where the challenge lies.

Fortunately, there are some fundamental attributes that define a good e-voting system. The first is Accuracy. An e-voting system is accurate if it rightly translates voter’s intent into a final result. This means that a validated vote cannot be altered or eliminated from the final tally, and invalid votes cannot be counted in the final tally. This attribute also includes security. The software codes that run on the machines must be open to public scrutiny to uncover any potential flaws. A voting system is undesirable if it fails to satisfy this condition.

The second is Anonymity. Voting systems must be designed to facilitate voter privacy in such a way that no one should be able to link any ballot to the voter and it should be impossible for a voter to prove that he or she voted in a particular way. Secret ballots are essential to free and fair elections. The anonymity factor is important because it helps to prevent vote buying and coercion. Voters can only sell their votes if they are able to prove to the buyer that they actually voted according to the buyer’s requests.

The third is Verifiability. The e-voting machines must come with Voter Verifiable Paper Audit Trail (VVPAT) to enable verification of an election result and to detect vote tempering independent of the voting machine technology. This makes voting machines resilient to security flaws. Voting machines that do not print a voter verifiable paper ballot is actually viewed by the security community as critically flawed. Renowned voting systems expert, Dan Wallach once said that e-voting systems without VVPAT can be compromised without actually being compromised.

Security experts unanimously agree that electronic voting systems cannot be relied on without the use paper ballots either directly marked by the voter or created by the machine and placed in the ballot box by the voter. The machine must be capable of convincing the loser and his supporters that they lost. In order to do that fairly, the results produced by the e-voting machines must be shown to be accurate; and that’s where voter verifiable paper ballot or VVPAT comes into play.

Some have posited that if we can do e-banking where millions of Naira is handled in daily transactions, we should be able to do e-voting. Unfortunately, that argument fails to recognize a vital attribute of voting systems: anonymity. Banking systems identifies customers and links them with transaction but voting system wants to identify voters but not link them with transaction (the vote) in order to protect the secrecy of the vote. Secondly in e-banking, if the machines stop working, customers can try again later, but with e-voting, it’s impracticable because polls have to close.

The truth is, election security ought to be a matter of national security. INEC must not allow itself to be misled by the seemingly worthless pile of obfuscating jargons that marketers usually throw up. The e-voting machines that we choose to use for our elections and the software that run them must be subjected to rigorous security scrutiny following well defined and agreed standards, processes and procedures in order to fully confirm their reliability before deployment. We must put in place the necessary legal and technical policies to effectively support the new voting technology. Do we have national security standards for e-voting machines? Do we have procedures to evaluate and resolve claims of election fraud or hacking? Do we have procedures for auditing the electronic voting systems? To what extent are we at the mercy of the machine manufacturers or software developers? If the machines stop working, are people’s right to vote going to be denied?

INEC needs to take steps to address these concerns decisively before deploying electronic voting machines to polling stations. If we set out to invest on new voting technology for 2019 elections, it makes sense to do so on technology that eases rather than complicates problems. We risk jeopardizing our democracy if the integrity of our elections cannot be guaranteed.

A version of this article appeared on themaiguard