Saturday, 30 May, 2020

2020 ELECTIONS: HOW NBA CAN GET IT RIGHT, BY FORENSIC EXPERT

The Nigerian Bar Association (NBA) National Officers Election has been scheduled to hold in July. Given the controversies that have beset previous NBA elections, several stakeholders have been engaging in initiatives aimed to ensure that this year’s exercise is free, fair and credible.

At a recent round-table organized by “The Legal Torchbearers” online forum to which CITY LAWYER was invited and in which many key stakeholders – including some presidential aspirants – participated actively, a leading consultant, auditor and investigator in Digital Forensic & Open Source Intelligence, Dr. Dominic Ehiwe spoke on the potential challenges facing the NBA elections and how to surmount them.

In 2006, Ehiwe received an upper honours degree in Economics (majoring in Statistics) from Federal University of Abuja. He was at the University of Duisburg-Essen for the Enterprise Resource Planning (SAP) programme, and was in 2014 awarded the Master of Science (MSc) in Computing (with Commendation) by the Birmingham City University, England. Ehiwe’s academic pursuits climaxed in 2019 with the award of a doctoral degree in Management Information Systems by the Babcock University. He is currently pursuing an Advanced Diploma in Forensic Accounting & Criminal Intelligence (FACI). He holds several licences and certifications in forensics.

Below are excerpts from the roundtable.

QUESTION: Is there any difference between internet voting and electronic voting?

ANSWER: Internet voting is same as electronic voting or e-voting.

QUESTION: What are the benefits of online voting over manual voting?

ANSWER: Online voting, generally called e-voting, is good and can be efficient where the integrity of the process and the information systems used for the exercise is guaranteed. E-voting can deliver the following results: Ensure that everyone eligible to vote can vote from any location; remove deliberate human tampering of voting ballot papers to favour a particular candidate or outcome; ensure no manual process is involved in the collation and processing of results, and cut cost by ensuring only relevant stakeholders take part in the process.

By integrity of the process, I mean ensuring that there are rules for participation in the exercise and the rules are followed. It also means having a process to verify and validate all eligible votes. There are ways by which this can be enforced. Integrity of the process also relates to ensuring that the computing infrastructure used for the exercise are secured and cannot be hacked, records falsified and multiple voting restricted.

QUESTION: Is there a system of voting that cannot be hacked?
ANSWER: Not really. All systems can be hacked as long as it involves computing infrastructure and use of internet. E-voting results are stored on computer systems called servers. These are hackable. However, the hack can be investigated and traced.

QUESTION: What are the features of the system that you will recommend to an association of lawyers with strength of about 60,000 to 70,000?

ANSWER: There are several that can be used. Judging anyone as being best is a matter of need. The key to achieving desired result is to ensure the system and process meet the guidelines set. These are the requirements, as organizers, you ensure the service provider meets.

For an association like yours, I would recommend that the voting system can provide the following: (1) Ensure that voting multiple times from a single device or computer is restricted – that means the system must be able to recognize every device that has been utilized; There must be a unique way of verifying every vote. (2) As members to vote, the question is besides email addresses and phone numbers, what is the unique feature by which each member can be identified. The e-voting system must ensure this is utilized for verifying and validating the votes. (3) The system should cater for multiple levels of authorization; by this, I mean checks and balance. No single individual must be able to complete a process end-to-end without higher authority verifying what was done. (4) Recording, collating and processing of results must be done without human interference. Aside from hacking of the system taking place, enforcing the above at a minimum should guarantee that the process is credible.

QUESTION: How does an association determine the above security features? Does it mean it must as a matter of course engage a forensic expert to determine what it needs for the e-voting?

ANSWER: My recommendation is to have an expert be part of the process in defining the security features. These security features must be what the service provider can deliver as part of the process.

QUESTION: Are there any particular risks for allowing voting to run for more than two days, especially as some eligible voters were allegedly disenfranchised during the last exercise?

ANSWER: E-voting allows voting from anywhere but there must be a set timeline. Once this elapses, the system should not recognise the vote. It is a good security measure to do this.

QUESTION: Must all electronic voting system be internet based?

ANSWER: Yes, electronic voting is internet based. It is dependent on internet infrastructure. However, one can explore other digital means that can let people vote offline without being connected to the internet. The question is, are there service providers to render this service? There might be and that will be great but the security must be enforced as described above.

QUESTION: What is the possibility of configuring the electronic voting system to enable the collation of votes on branch-by-branch basis instead of centrally?

ANSWER: This should be possible. The service provider should be able to do the necessary configurations as per your requirements.

QUESTION: How do election managers ensure that anonymity of votes does not imperil the electoral process?

ANSWER: Anonymity can be removed where the system only accounts for votes that have been verified. Recall I mentioned having that unique thing that identifies everyone eligible to vote. Using email and phone numbers may not be sufficient to prevent anonymity of votes.

Another way to prevent anonymity is having the system restrict voting more than once from a single device. All devices have what is known as MAC address. This must be logged and captured for every vote. This key information can be used as part of the auditing process to ensure detection of violations.

QUESTION: In our environment, not many are ICT savvy. Many depend on other members and their ICT devices to vote. If the server recognizes only one vote from a device, will it not block the device from being used by multiple voters? How can the election portal determine that the subsequent votes are not fraudulent?

ANSWER: To further address determining fraudulent votes, if the system allows people to vote multiple times from a single device, then it must ensure that the uniqueness of each vote is enforced. That brings me back to the point of what uniquely verify and validate each person eligible to vote.

This security measure is desired to avoid multiple voting by a single individual. Voting need not be restricted to computer systems only. E-voting requires internet connectivity, and all our smart phones have this capability. It is desired to ensure the exercise is credible. It’s a recommendation, too.

QUESTION: Is it correct that when an online procedure is set up for an election, such system needs to be cross checked/audited by an expert to ensure that system is in an optimal state for a free and fair election?

ANSWER: Yes, you are right. The system is expected to be test run and certified to have met set requirements.

QUESTION: What is the technical possibility of auditing 10,000 e-votes within 24 hours?

ANSWER: It is achievable so long as the process to enforce this is defined and maintained.

QUESTION: An area of concern is verifying the identity of each voter. We know that there is an existing NBA Membership Platform; how do we mitigate against individuals using the Supreme Court number of, for example, deceased lawyers? It is not inconceivable that someone can take-over the identity of a dead Lawyer, pay his/her BPF and Branch Dues, and subsequently participate in the voting process. I am of the opinion that we should use any of the government issued identity cards to verify current members of the NBA on the membership platform; that way, it will become practically impossible to steal the identity of any lawyer dead or alive.

ANSWER: You are right. Thankfully, there are unique means of identity that can be used for validating members eligible to vote. Determine which one is suitable, have a database of those records for future verification where the need arises.

QUESTION: Electronic voting that requires fingerprint may disenfranchise lawyers without limbs. How can this be mitigated?

ANSWER: The requirements are for you to decide as an association. If the use of physical features will lead to anyone being disenfranchised, then it is not a good enough means to use. Also, e-voting should not require people being physically present to vote. Voting should be from anywhere using my device. The system should handle the rest.

QUESTION: Everyone is harping on the ‘integrity of the process’ while discussing e-voting. What does integrity of the process entail in full dimension?

ANSWER: Integrity of the process means ensuring the systems are secure and that only verified and eligible people vote

QUESTION: What processes will you suggest for an effective pre- and post-election auditing of the votes?

ANSWER: As an association, there should be a register of members eligible to participate. This database of people eligible to vote can be utilized to validate the number who voted. This is a pre- and post-election exercise. I like to believe this register existS for each branch or location. If yes, this can be used to validate votes per location or chapter as the need may be.

QUESTION: Investigating hacking takes place after the conclusion of the process. How does the election manager prevent hacking from happening during the voting process?

ANSWER: Investigation takes time and efforts and is a post-election exercise. To avoid hacking, ensure the security features of the system are defined, agreed and provided. Also, recall I mentioned the system should have been test run before the real exercise. By doing this, any shortcomings would have been identified and possibly fixed before the exercise.

QUESTION: Multiple voting, falsification of records and hacking are acts perpetrated by human beings, not the system or tools. Kindly expound on this.

ANSWER: Hacking is interfering with the system that has the voting records. Data can be manipulated or deleted or damaged. These are hack activities done by humans – which can be investigated where it occurs.

QUESTION: Computer is garbage-in garbage-out; it is what is programmed that it processes. Is it not possible that it could be programmed candidate?

ANSWER: Yes, it is garbage-in, garbage-out. That is why there should be a test run. Also, recall the multiple levels of authorization I mentioned earlier.

QUESTION: Is secret voting attainable in e-voting?

ANSWER: Ensuring the secrecy of votes is a requirement that the service provider should be able to provide.

QUESTION: The Electoral Committee plans to conduct verification and voting on the platform at the same time. Does this pose any challenge logistically or to the credibility of the process?

ANSWER: No, it should not. The platform should be able to verify and allow people to vote at same time. The key is ensuring verification is efficient as defined. This is the most important requirement.

QUESTION: One of the requirements set by the Electoral Committee for IT Consultants is “Verification and confirmation of votes cast at the end of voting.” How do you reconcile this with manual interference and the need to avoid delay in releasing the result?

ANSWER: It depends on what the manual interference is required for. The system in use should be capable to do the collection, processing and reporting of results. All these should be configurable and work as designed on the application.

QUESTION: What level of access should be given especially to the key candidates on Election Day to reassure them on the integrity of the voting exercise?

ANSWER: Limited access. This should be on a need-to-have basis. Their representatives, I believe, should be able to represent them as required.

QUESTION: Will it infringe the intellectual property of the consultant if candidates bring experts to assess the efficiency of the programming?

ANSWER: I do not think it does. As there are different stakeholders with varied interest, it should help the process having experts on ground to validate that there is no rigging by any stakeholder.

QUESTION: In an ideal situation, how long before the actual voting should the list of eligible voters have been compiled, verified and certified to be accurate?

ANSWER: This, I believe, should depend on the committee organizing the exercise to decide. The key is to have the records compiled and certified okay for the exercise and validation where required. So timelines should vary based on a number of factors.

QUESTION: What are the options that could be considered for use as the unique identifier. Would a voter’s BVN be an option?

ANSWER: As per options, BVN can be used though this is not 100% guaranteed. NIN can be used also. The key is to correlate these means of identification with details of eligible voters. This should be part of the database that should be maintained.

QUESTION: It is instructive that once results are declared, it may be difficult to overturn them. As a result, all the protocols to secure the integrity of the process must necessarily be done before and during the election, not after. What are these key protocols and to what extent should especially key candidates be involved in that process to reassure all stakeholders?

ANSWER: The grounds for overturning of results should be what has been defined and agreed. There are many. First is to confirm if any of the rules were violated. Second, how many people were eligible to vote, say per chapter? How many people voted? If the records were manipulated, how did this occur, etc? Plenty of loopholes, depending on the scenario.

QUESTION: Should a post-election audit be mandatory before release of results? Is the audit something that can be achieved in 24 hours or less? What level of transparency should the audit entail?

ANSWER: Yes, audit should be before release of results. Audit duration will depend on what it entails but there should be timeline set. Transparency should be total and verifiable to all concerned. However, recall my suggestion on the need-to-know basis.

QUESTION: Would you agree that what is needed is for prospective voters to submit their bio-data details which can be run against any of the government issued identity cards and if this does not “check,” then such a person will not be allowed into system. It will be better that they are not allowed in at that point rather than letting them in first and then verifying their ID at a later date. That could be very risky.

ANSWER: This speaks to the verification process. Verification can be before voting or during voting depending on how the system is set up for the exercise. If done during voting, then the system should ensure the unique identifier constraint rule cannot be violated. For example, if the rule is to identify people with NIN, then anyone else trying to vote with different email or phone number or any other bio-data detail but already used NIN will not be allowed because the NIN has been earlier verified and utilized.
Thankfully, there are unique means of identity that can be used for validating members eligible to vote. Determine which one is suitable, have a database of those records for future verification where the need arise.

QUESTION: Is it possible to avoid the method of allowing someone to vote on your behalf or by proxy even if they are Control Room staff and they have your details? How does the election manager avoid identity theft?

ANSWER: Rather than use codes for elections, verify using unique identifier and records of participants eligible to vote.

QUESTION: What steps can be put in place to ensure that the information of verified voters from the various branches will not be tampered with? We have heard of instances where such information have been altered during the process of transmission to the Service Provider(s). What fail-safe measures can you recommend to stop an Operator who is intent on manipulating the process from the get go?

ANSWER: In forensics, there is a method to validate information. We can validate the integrity of the records generated before it is shared for upload. If it changes by anything as little as a single character, we can determine the change and hence know the record was manipulated.

Please send emails to citylawyermag@gmail.com. Copyright 2018 CITY LAWYER. All materials available on this Website are protected by copyright, trade mark and other proprietary and intellectual property laws. You may not use any of our intellectual property rights without our express written consent or attribution to www.citylawyermag.com. However, you are permitted to print or save to your individual PC, tablet or storage extracts from this Website for your own personal non-commercial use.