The election period is not always pretty to all, whether for the presidential election, gubernatorial election, senatorial election, or even the local government representative election. Election challenges range from hired thugs who move from one polling unit to the other snatching ballot boxes, to fake ballot papers, and of course, fake votes, and then to violent activities including the killing of innocent voters and even election officials just so the election can be rigged. There is also the challenge of result collation at the local level including logistics problems and human error by incompetent election staff. There have also been delays at the National collation center because every collation officer from all 36 states has to travel down to Abuja, to submit their result.
Well, I have both good news and not-so-bad news for you, which would you like to hear first? The good news then! The President of the Federal Republic of Nigeria has approved the electoral act amendment bill. The good news is that this new act has made provision for the use of technology during the election. Electronic voting is now an option for the electoral process. This does not entirely rule out the use of ballot paper, the use of ballot paper will be dependent on the commission’s decision on whether they want electronic voting or ballot paper. What am I trying to say? A section of the law has given INEC the mandate to provide suitable ballot boxes, electronic voting machines, or any voting device (source: Channelstv). If/When electronic voting is used, every vote will be unique such that no two persons can vote. This will reduce the rigging of the election by a very high percentage.
Another amendment is that voters’ accreditation is only going to be by electronic means. The use of smart cards and any other electronic devices are allowed. Any polling unit that contradicts this law renders its election result null. This law will help ensure that there is no overvoting which is an example of election malpractice. Another addition is that INEC can now legally transmit election results electronically. Election results will be transmitted in real-time. This solves the issue of collation as everyone will see the result. We talked about the past system already, so you understand why this is going to allow for an easy and fast way of determining election results.
Now the not-so-bad news! Cybersecurity ‘complication’
As much as technological advancement is a good thing, there are threat actors who are just looking for a way to get into the system. Remember we are talking politics here, some elements want to be a winner by whatever means necessary. In what way can the system be attacked?
The electronic voting machine: The integrity of the e-voting system can be compromised, changing the functionality of the system. Imagine an instance where you voted for candidate A and the vote was counted for candidate B. Its availability can be affected and the whole system packs up, nobody can use the system and angry citizens go back home without voting. This can be done when candidate A knows that the supporters of candidate B are more at a polling unit.
Voters’ accreditation: The integrity of the system can be compromised by causing a malfunction, not bringing out the details of the user for confirmation, or displaying the wrong details. The system could also be sabotaged such that a polling center will not be able to accredit the voters and this discourages the voters.
Electronic transmission of result: Since the result is going to be central, every system in all polling units will be sending their data to a central system, this central system can be hacked into such that the votes for candidate A don’t increase even though there are votes that have been cast for him or her. Also, the whole process of result transmission can be hijacked through man-in-the-middle attack and manipulated if the voting system is connected via unapproved Wi-Fi or networks.
How do we respond to the not-so-bad news which if left untreated will lead to chaos and further polarize the nation?
Security: As much as securing the software is good, sometimes the most damage is done physically. Physical security should be made of utmost priority. Connections to INEC servers via the Internet must go through secure VPNs. The INEC should employ agents of unquestionable traits to be in charge of security. Since they need to go hand in hand, INEC should also be tasked with employing cybersecurity professionals who will be in charge of the system CIA (confidentiality, integrity, and availability).
Access controls: Least privilege should be enforced. An ad hoc staff has no business being an administrator on the system.
System testing and patches: Months before the election, there should be a series of system testing. This is why cybersecurity professionals are to be engaged, they will work with the system programmers to develop a secured system and also test for vulnerabilities to avoid zero-day attacks.
The zero trust ideology should be employed. The system designers and programmers should trust no software or device, most especially if they are third-party software or if the devices use third-party software.
Building a decentralized voting system: this will not only ensure the integrity of citizens’ votes but will also enforce availability throughout the voting process.
The advent of technology has made things easier and ironically also made processes sensitive. That being said, we cannot because of the cons ignore the use of technology. With the Electoral Act Amendment, the Electoral Commission needs to set balls rolling early, implementing security in a system is not an overnight job. We must think ahead of threat actors for a free and fair election as perceived by citizens.
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.