‘GIVEN WHAT I KNOW, NBA ELECTION LEAVES MUCH TO BE DESIRED’ – FORENSIC EXPERT

  • HOSTING RESULTS ON NBA PORTAL OPENS SYSTEM TO MANIPULATION

  • NUMBER OF UNDELIVERED NOTICES IS STAGGERING BY ANY PARAMETER

  • I DON’T BELIEVE PORTAL CAN SEND 5 NOTICES TO A VOTER

  • IT’S LAUGHABLE TO BLAME DND FOR UNDELIVERED NOTICES

Dr. Dominic Ehiwe is a Consultant in digital forensics & open source intelligence as well as an investigator for software, technology and intellectual rights violations. He works in the domain of information security, project management and quality control and assurance. He is Managing Partner of EON-Peace Consult Limited, a digital forensic investigation, information security consulting and IP rights violation investigation and litigation support services provider. He is also Executive Partner with ENSOPAR Forensic & Partners, a tax, audit and forensic accounting practice.

He is a certified Software Analysis & Forensic Engineering (SAFE, USA) software & tech intellectual property violation investigator, litigation support consultant and expert witness. Ehiwe has an Advanced Diploma in Forensic Accounting & Criminal Intelligence (FACI) from the University of Lagos, Nigeria. A member of Computer Forensic Institute of Nigeria, Ehiwe facilitates part-time a fully hands-on digital forensics investigation training course with the Institute of Advanced Forensics (IAF) in collaboration with the University of Lagos (UNILAG). He also serves as a resource person with the Nigeria Institute of Advanced Legal Studies (NIALS) and presents at conferences.

Ehiwe received a doctorate degree in Computer Science, Management Information Systems specialization (Ph.D MIS) from Babcock University and a Master’s degree in Computing from Birmingham City University, England in 2014. Earlier in 2006, he received a Bachelor’s degree in Economics (Statistics Major) from the University of Abuja. He has participated in many professional trainings and received several certifications in Information technology, project and risk management.

In this interview with EMEKA NWADIOKE, he speaks on the recent NBA Elections and the controversies that have trailed the elections.

Please tell us briefly about yourself.
I am Dr. Dominic Ehiwe. I practice as a Consultant in digital forensics & open source intelligence as well as an investigator for software & technology and intellectual rights violation.

Before the NBA Elections, you had an interactive session with a group of lawyers under the aegis of LEGAL TORCHBEARERS where you set out the key requirements to ensure that the 2020 NBA Election was free, fair, credible and transparent. Can you give us a brief recap of those requirements?
The session was a discussion about online voting and ways to ensure security and guarantee the integrity of the votes cast. We had discussed some key requirements. These measures include:
• Have a unique means of identifying every vote cast.
• Have a stakeholder agreed list of requirements that meets your need as a body and by which you measure the outcome.
• Ensure people do not vote more than once from a single device (This is possible to achieve)
• The system and process should cater for multiple levels of authorization to avoid a single individual hijacking the results.
• There should be mock trial of the election platform so you know what to expect during the real exercise.
• Have a process in place by which the results are auditable.

How would you rate ELECTIONBUDDY an election software provider?
To be candid, I know nothing about the service provider besides what you and I read about them online. Besides, I only knew who the provider was when one of your colleagues told me the election had held and the results published. I learnt it is a company based in the US. Hearing it’s a US based company, I checked to know more about the provider and see what information is available about their services. I did note though there is no form of contact information on their site detailing location information and other basic info one would expect of a service provider located in the US. To me, such businesses can be located anywhere and claim a different geographical location.

At the close of ballot, out of the 29,636 eligible voters, 18,256 or 62% ballots were submitted while 15,234 notices were declared as “undeliverable.” What is your view on this statistics?
I was sent the link to the results via WhatsApp and the first thing I noticed was the figure indicated as undeliverable notices. I recall showing my spouse the details on my phone and her first question was were these phone numbers or email addresses not verified before the votes were cast? That number is staggering by whatever parameter you choose to look at or rate it. Moreover, at that point I didn’t have much information about how verification for the exercise was done but I knew that figure would raise questions about the process.

Given that there were 29,636 eligible voters, will you consider that 28,525 emails and 17,887 SMS are adequate?
My thought is why this disparity between the Email and SMS figures sent to eligible voters? I do not expect members of your community with valid emails not to have valid mobile numbers as well. I do not know if some of you submitted emails only and others phone numbers which may likely account for this disparity. Also, the question is, did those to vote not know the exercise was to hold and have their mobile lines switched on to receive notifications about the exercise? Perhaps, the organizers can provide better answers to these if there is any justification for the differences. In addition, supposing I receive both email and SMS notification as someone eligible to vote, what gets counted for me if I go ahead to vote using both medium? But as I said the service provider or organizers can better explain this.

The results of the election were migrated to NBA server (https://go.nigerianbar.org.ng/Results) at some point in the election. What is your opinion on this?
This is interesting to note. I would expect any form of migration be done after and not during the exercise. Besides, one would need to review the NBA server logs to be able to confirm at what point data was migrated or shared between your systems and that of the service provider. However, from a security perspective, I would expect such migration to be after the exercise. I say this from a data security and assurance perspective. If any foul play was to take place, it could have been achieved when the records are in the systems of the party with ulterior motives. That being said, I would like to leave it at simply saying I perhaps would expect to see more relevant information to make better judgement.

Is the fact that evidence of voting was not received by the voter either via email or SMS of any consequence?
This I believe is part of the requirements that should have been verified before the exercise. In my session with your colleagues on the forum, I had mentioned the need to have a stakeholder agreed list of requirements. I feel strongly this should have been part of the checks and balance criteria to judge the transparency of an exercise like this.

The candidates allege lack of information regarding the Service Provider and the Election portal. Is this a valid charge?
This is a red flag that should have been addressed. Perhaps a mock trial of the election system could have been conducted. I believe the organizing body could have arranged for an exercise like this involving select representatives of all stakeholders. A body like the NBA could work something out, I like to hope. While there are no perfect elections or systems anywhere, more visibility about the service provider and their platform would have helped.

The election management body (ECNBA) did not reveal the election software provider to the candidates. The candidates did not also witness a test run of the election portal. What is your view on this?
To me, this is unacceptable? It paints the picture of something to hide. I leave it at that.

A presidential candidate in the elections alleged that the service provider was unable to deliver 14,000 notices to prospective voters 13 hours after the commencement of the Election. If true, is this sufficient to invalidate the election?
This raises questions about the integrity of the process. It raises concerns about how voters were verified for the exercise and those whose votes are returned as valid? From an observer point of view, I like to know what notices were given to members about the process to carry everyone along. However, about invalidating the election, I had advised your colleagues about having the rules by which invalidating the process is to be done or pursued. My opinion aligns with what your body agreed on this.

There are questions around the authenticity of the voters’ register. However, the Electoral Committee states that the use of a ‘unique identifier’ such as each voter’s Supreme Court Number made manipulation or over voting impossible. How true is this, moreso as the Supreme Court Number is largely in the public domain?
Having a unique identifier is insufficient. What is the essence of a unique identifier if I can vote multiple times? One needs to know in detail the security measures put in place to prevent people from voting more than once or using invalid or non-existing SCN to vote. Are you able to tell that the service provider’s platform validates the SCN of your members? These are questions that should have been asked and answered.

The final voters’ register used for the Election was released by the Electoral Committee about five (5) hours to the election. Is this sufficient to invalidate the register or the election?
This is laughable. If that is the case, I am confident to answer in the affirmative. Five hours? To verify accuracy of the records in 5 hours? For a body like yours?

A case of data diddling has been alleged, as especially the presidential candidates were said to have maintained the same percentage of votes relative to each other and the total votes cast throughout the election. It is alleged that the system was programmed to distribute votes at either +1 or –1, and that statistically, the voting result showed no randomness. What is your view on this?
I believe an independent auditing of the configurations agreed and set on the systems can show the real picture about this. I still like to stress that more visibility of the whole process would have helped. I also recall advising your forum colleagues on the need to have security professionals review the platform of the service provider. Perhaps, the election committee can tell you more about what checks were carried out.

About 38% of eligible voters could not cast their ballots as they did not receive voting links. How significant is this figure in an electronic voting system?
Very significant. This is close to half the number of eligible voters. This is significant enough to skew the results in a particular direction given the circumstances at play or engineered by anyone willing to achieve pre-defined objectives.

The NBA states that the 15,234 “undelivered notices” represent aggregate of undeliverable notices that were sent to each Verified Voter through the two notification channels – SMS and emails. It also represents the aggregate number of blasts of such notices to each of the affected Verified Voter. It states that there was a minimum of 5 blasts of notices to each voter or an aggregate 10 undeliverable notices, made up of 5 SMS and 5 e-mails – but did not represent the number of persons whose notices were not delivered. What is your view on this?
I do not believe the service provider runs an application system capable or configured to do this. I know the standard number of retry notifications application servers or services send is at most 2 to 3 notifications. One would need to see the service level agreement agreed with the provider to confirm this. Also, there are server logs that should show the number of notices sent. But to say five notices for that number of recipients begs for justification.

Do you agree with NBA’s assertion that the inability to deliver notices to voters was not attributable to the Election Platform, but to NBA’s poor database and the activation of DND in some voters’ mobile phones?
It is laughable to mention DND on mobile phones of members of a body looking forward to vote in an election. Did these people stop receiving messages before the election or had DND set for notices from the NBA prior to the exercise? Like I said, what was communicated to members prior to the election? How much sensitization was done about the whole process and what, as stakeholders, everyone had to do to achieve a fair exercise?

Do you agree with NBA’s view that the election was free, fair and credible because the link to each voter was unique and non-transferable, and it was also not possible to vote more than once using a single link?
Besides unique link and non-transferability of the link to vote, can we attest to a case of non-eligible or non-existing members not having participated in the election? The vote records are available somewhere. When in doubt, I believe further review should be possible to clarify the doubts where necessary.

Given what you know about the election, will you consider it as free, fair, credible and transparent, and why?
Based on what I know and have read from your members about the verification process and how the exercise was conducted, it leaves much to be desired in terms of credibility. I believe the organizers know this as well.

What are your suggestions for future NBA elections?
Be better organized and transparent. Involve relevant stakeholders in the process. Thank you.

Copyright 2020 CITY LAWYER. Please send emails to citylawyermag@gmail.com. Join us on Facebook at https://web.facebook.com/City-Lawyer-Magazine-434937936684320 and on TWITTER at https://twitter.com/CityLawyerMag All materials available on this Website are protected by copyright, trade mark and other proprietary and intellectual property laws. You may not use any of our intellectual property rights without our express written consent or attribution to www.citylawyermag.com. However, you are permitted to print or save to your individual PC, tablet or storage extracts from this Website for your own personal non-commercial use.

2020 ELECTIONS: HOW NBA CAN GET IT RIGHT, BY FORENSIC EXPERT

The Nigerian Bar Association (NBA) National Officers Election has been scheduled to hold in July. Given the controversies that have beset previous NBA elections, several stakeholders have been engaging in initiatives aimed to ensure that this year’s exercise is free, fair and credible.

At a recent round-table organized by “The Legal Torchbearers” online forum to which CITY LAWYER was invited and in which many key stakeholders – including some presidential aspirants – participated actively, a leading consultant, auditor and investigator in Digital Forensic & Open Source Intelligence, Dr. Dominic Ehiwe spoke on the potential challenges facing the NBA elections and how to surmount them.

In 2006, Ehiwe received an upper honours degree in Economics (majoring in Statistics) from Federal University of Abuja. He was at the University of Duisburg-Essen for the Enterprise Resource Planning (SAP) programme, and was in 2014 awarded the Master of Science (MSc) in Computing (with Commendation) by the Birmingham City University, England. Ehiwe’s academic pursuits climaxed in 2019 with the award of a doctoral degree in Management Information Systems by the Babcock University. He is currently pursuing an Advanced Diploma in Forensic Accounting & Criminal Intelligence (FACI). He holds several licences and certifications in forensics.

Below are excerpts from the roundtable.

QUESTION: Is there any difference between internet voting and electronic voting?

ANSWER: Internet voting is same as electronic voting or e-voting.

QUESTION: What are the benefits of online voting over manual voting?

ANSWER: Online voting, generally called e-voting, is good and can be efficient where the integrity of the process and the information systems used for the exercise is guaranteed. E-voting can deliver the following results: Ensure that everyone eligible to vote can vote from any location; remove deliberate human tampering of voting ballot papers to favour a particular candidate or outcome; ensure no manual process is involved in the collation and processing of results, and cut cost by ensuring only relevant stakeholders take part in the process.

By integrity of the process, I mean ensuring that there are rules for participation in the exercise and the rules are followed. It also means having a process to verify and validate all eligible votes. There are ways by which this can be enforced. Integrity of the process also relates to ensuring that the computing infrastructure used for the exercise are secured and cannot be hacked, records falsified and multiple voting restricted.

QUESTION: Is there a system of voting that cannot be hacked?
ANSWER: Not really. All systems can be hacked as long as it involves computing infrastructure and use of internet. E-voting results are stored on computer systems called servers. These are hackable. However, the hack can be investigated and traced.

QUESTION: What are the features of the system that you will recommend to an association of lawyers with strength of about 60,000 to 70,000?

ANSWER: There are several that can be used. Judging anyone as being best is a matter of need. The key to achieving desired result is to ensure the system and process meet the guidelines set. These are the requirements, as organizers, you ensure the service provider meets.

For an association like yours, I would recommend that the voting system can provide the following: (1) Ensure that voting multiple times from a single device or computer is restricted – that means the system must be able to recognize every device that has been utilized; There must be a unique way of verifying every vote. (2) As members to vote, the question is besides email addresses and phone numbers, what is the unique feature by which each member can be identified. The e-voting system must ensure this is utilized for verifying and validating the votes. (3) The system should cater for multiple levels of authorization; by this, I mean checks and balance. No single individual must be able to complete a process end-to-end without higher authority verifying what was done. (4) Recording, collating and processing of results must be done without human interference. Aside from hacking of the system taking place, enforcing the above at a minimum should guarantee that the process is credible.

QUESTION: How does an association determine the above security features? Does it mean it must as a matter of course engage a forensic expert to determine what it needs for the e-voting?

ANSWER: My recommendation is to have an expert be part of the process in defining the security features. These security features must be what the service provider can deliver as part of the process.

QUESTION: Are there any particular risks for allowing voting to run for more than two days, especially as some eligible voters were allegedly disenfranchised during the last exercise?

ANSWER: E-voting allows voting from anywhere but there must be a set timeline. Once this elapses, the system should not recognise the vote. It is a good security measure to do this.

QUESTION: Must all electronic voting system be internet based?

ANSWER: Yes, electronic voting is internet based. It is dependent on internet infrastructure. However, one can explore other digital means that can let people vote offline without being connected to the internet. The question is, are there service providers to render this service? There might be and that will be great but the security must be enforced as described above.

QUESTION: What is the possibility of configuring the electronic voting system to enable the collation of votes on branch-by-branch basis instead of centrally?

ANSWER: This should be possible. The service provider should be able to do the necessary configurations as per your requirements.

QUESTION: How do election managers ensure that anonymity of votes does not imperil the electoral process?

ANSWER: Anonymity can be removed where the system only accounts for votes that have been verified. Recall I mentioned having that unique thing that identifies everyone eligible to vote. Using email and phone numbers may not be sufficient to prevent anonymity of votes.

Another way to prevent anonymity is having the system restrict voting more than once from a single device. All devices have what is known as MAC address. This must be logged and captured for every vote. This key information can be used as part of the auditing process to ensure detection of violations.

QUESTION: In our environment, not many are ICT savvy. Many depend on other members and their ICT devices to vote. If the server recognizes only one vote from a device, will it not block the device from being used by multiple voters? How can the election portal determine that the subsequent votes are not fraudulent?

ANSWER: To further address determining fraudulent votes, if the system allows people to vote multiple times from a single device, then it must ensure that the uniqueness of each vote is enforced. That brings me back to the point of what uniquely verify and validate each person eligible to vote.

This security measure is desired to avoid multiple voting by a single individual. Voting need not be restricted to computer systems only. E-voting requires internet connectivity, and all our smart phones have this capability. It is desired to ensure the exercise is credible. It’s a recommendation, too.

QUESTION: Is it correct that when an online procedure is set up for an election, such system needs to be cross checked/audited by an expert to ensure that system is in an optimal state for a free and fair election?

ANSWER: Yes, you are right. The system is expected to be test run and certified to have met set requirements.

QUESTION: What is the technical possibility of auditing 10,000 e-votes within 24 hours?

ANSWER: It is achievable so long as the process to enforce this is defined and maintained.

QUESTION: An area of concern is verifying the identity of each voter. We know that there is an existing NBA Membership Platform; how do we mitigate against individuals using the Supreme Court number of, for example, deceased lawyers? It is not inconceivable that someone can take-over the identity of a dead Lawyer, pay his/her BPF and Branch Dues, and subsequently participate in the voting process. I am of the opinion that we should use any of the government issued identity cards to verify current members of the NBA on the membership platform; that way, it will become practically impossible to steal the identity of any lawyer dead or alive.

ANSWER: You are right. Thankfully, there are unique means of identity that can be used for validating members eligible to vote. Determine which one is suitable, have a database of those records for future verification where the need arises.

QUESTION: Electronic voting that requires fingerprint may disenfranchise lawyers without limbs. How can this be mitigated?

ANSWER: The requirements are for you to decide as an association. If the use of physical features will lead to anyone being disenfranchised, then it is not a good enough means to use. Also, e-voting should not require people being physically present to vote. Voting should be from anywhere using my device. The system should handle the rest.

QUESTION: Everyone is harping on the ‘integrity of the process’ while discussing e-voting. What does integrity of the process entail in full dimension?

ANSWER: Integrity of the process means ensuring the systems are secure and that only verified and eligible people vote

QUESTION: What processes will you suggest for an effective pre- and post-election auditing of the votes?

ANSWER: As an association, there should be a register of members eligible to participate. This database of people eligible to vote can be utilized to validate the number who voted. This is a pre- and post-election exercise. I like to believe this register existS for each branch or location. If yes, this can be used to validate votes per location or chapter as the need may be.

QUESTION: Investigating hacking takes place after the conclusion of the process. How does the election manager prevent hacking from happening during the voting process?

ANSWER: Investigation takes time and efforts and is a post-election exercise. To avoid hacking, ensure the security features of the system are defined, agreed and provided. Also, recall I mentioned the system should have been test run before the real exercise. By doing this, any shortcomings would have been identified and possibly fixed before the exercise.

QUESTION: Multiple voting, falsification of records and hacking are acts perpetrated by human beings, not the system or tools. Kindly expound on this.

ANSWER: Hacking is interfering with the system that has the voting records. Data can be manipulated or deleted or damaged. These are hack activities done by humans – which can be investigated where it occurs.

QUESTION: Computer is garbage-in garbage-out; it is what is programmed that it processes. Is it not possible that it could be programmed candidate?

ANSWER: Yes, it is garbage-in, garbage-out. That is why there should be a test run. Also, recall the multiple levels of authorization I mentioned earlier.

QUESTION: Is secret voting attainable in e-voting?

ANSWER: Ensuring the secrecy of votes is a requirement that the service provider should be able to provide.

QUESTION: The Electoral Committee plans to conduct verification and voting on the platform at the same time. Does this pose any challenge logistically or to the credibility of the process?

ANSWER: No, it should not. The platform should be able to verify and allow people to vote at same time. The key is ensuring verification is efficient as defined. This is the most important requirement.

QUESTION: One of the requirements set by the Electoral Committee for IT Consultants is “Verification and confirmation of votes cast at the end of voting.” How do you reconcile this with manual interference and the need to avoid delay in releasing the result?

ANSWER: It depends on what the manual interference is required for. The system in use should be capable to do the collection, processing and reporting of results. All these should be configurable and work as designed on the application.

QUESTION: What level of access should be given especially to the key candidates on Election Day to reassure them on the integrity of the voting exercise?

ANSWER: Limited access. This should be on a need-to-have basis. Their representatives, I believe, should be able to represent them as required.

QUESTION: Will it infringe the intellectual property of the consultant if candidates bring experts to assess the efficiency of the programming?

ANSWER: I do not think it does. As there are different stakeholders with varied interest, it should help the process having experts on ground to validate that there is no rigging by any stakeholder.

QUESTION: In an ideal situation, how long before the actual voting should the list of eligible voters have been compiled, verified and certified to be accurate?

ANSWER: This, I believe, should depend on the committee organizing the exercise to decide. The key is to have the records compiled and certified okay for the exercise and validation where required. So timelines should vary based on a number of factors.

QUESTION: What are the options that could be considered for use as the unique identifier. Would a voter’s BVN be an option?

ANSWER: As per options, BVN can be used though this is not 100% guaranteed. NIN can be used also. The key is to correlate these means of identification with details of eligible voters. This should be part of the database that should be maintained.

QUESTION: It is instructive that once results are declared, it may be difficult to overturn them. As a result, all the protocols to secure the integrity of the process must necessarily be done before and during the election, not after. What are these key protocols and to what extent should especially key candidates be involved in that process to reassure all stakeholders?

ANSWER: The grounds for overturning of results should be what has been defined and agreed. There are many. First is to confirm if any of the rules were violated. Second, how many people were eligible to vote, say per chapter? How many people voted? If the records were manipulated, how did this occur, etc? Plenty of loopholes, depending on the scenario.

QUESTION: Should a post-election audit be mandatory before release of results? Is the audit something that can be achieved in 24 hours or less? What level of transparency should the audit entail?

ANSWER: Yes, audit should be before release of results. Audit duration will depend on what it entails but there should be timeline set. Transparency should be total and verifiable to all concerned. However, recall my suggestion on the need-to-know basis.

QUESTION: Would you agree that what is needed is for prospective voters to submit their bio-data details which can be run against any of the government issued identity cards and if this does not “check,” then such a person will not be allowed into system. It will be better that they are not allowed in at that point rather than letting them in first and then verifying their ID at a later date. That could be very risky.

ANSWER: This speaks to the verification process. Verification can be before voting or during voting depending on how the system is set up for the exercise. If done during voting, then the system should ensure the unique identifier constraint rule cannot be violated. For example, if the rule is to identify people with NIN, then anyone else trying to vote with different email or phone number or any other bio-data detail but already used NIN will not be allowed because the NIN has been earlier verified and utilized.
Thankfully, there are unique means of identity that can be used for validating members eligible to vote. Determine which one is suitable, have a database of those records for future verification where the need arise.

QUESTION: Is it possible to avoid the method of allowing someone to vote on your behalf or by proxy even if they are Control Room staff and they have your details? How does the election manager avoid identity theft?

ANSWER: Rather than use codes for elections, verify using unique identifier and records of participants eligible to vote.

QUESTION: What steps can be put in place to ensure that the information of verified voters from the various branches will not be tampered with? We have heard of instances where such information have been altered during the process of transmission to the Service Provider(s). What fail-safe measures can you recommend to stop an Operator who is intent on manipulating the process from the get go?

ANSWER: In forensics, there is a method to validate information. We can validate the integrity of the records generated before it is shared for upload. If it changes by anything as little as a single character, we can determine the change and hence know the record was manipulated.

Please send emails to citylawyermag@gmail.com. Copyright 2018 CITY LAWYER. All materials available on this Website are protected by copyright, trade mark and other proprietary and intellectual property laws. You may not use any of our intellectual property rights without our express written consent or attribution to www.citylawyermag.com. However, you are permitted to print or save to your individual PC, tablet or storage extracts from this Website for your own personal non-commercial use.