[kictanet] Manual Backup and Elections 2017: Is the CS ICT Honest (Collins Areba)

Sat Dec 31 15:12:40 EAT 2016

Thanks for the clarification.

> On 31 Dec 2016, at 13:20, kictanet-request at lists.kictanet.or.ke wrote:
> 
> Send kictanet mailing list submissions to
> 	kictanet at lists.kictanet.or.ke
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> or, via email, send a message with subject or body 'help' to
> 	kictanet-request at lists.kictanet.or.ke
> 
> You can reach the person managing the list at
> 	kictanet-owner at lists.kictanet.or.ke
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of kictanet digest..."
> 
> 
> Today's Topics:
> 
>   1. Re: Manual Backup and Elections 2017: Is the CS ICT Honest
>      (Collins Areba)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Sat, 31 Dec 2016 13:18:35 +0300
> From: Collins Areba <arebacollins at gmail.com>
> To: Waithaka Ngigi <ngigi at at.co.ke>
> Cc: KICTAnet ICT Policy Discussions <kictanet at lists.kictanet.or.ke>,
> 	JImmy Gitonga <jimmygitts at gmail.com>
> Subject: Re: [kictanet] Manual Backup and Elections 2017: Is the CS
> 	ICT Honest
> Message-ID:
> 	<CAFb6RxBu3x2jTrk8FYeyNA2=13EOaVB3R3ohzjm_WvomV6d6QA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> 
> Listers,
> Allow me to share these wise words from a friend, Ben Ngumi Chege, who has
> had extensive on the field doing exactly this kind of work in more places
> than I can remember. Will paste the long text after the link in case its
> not visible to everyone.
> 
> https://web.facebook.com/notes/ben-chege/manual-vs-electronic-elections/10154910551733923?__mref=message_bubble
> 
> ?Manual? vs ?Electronic? Elections
>> BEN CHEGE <https://web.facebook.com/masukuma>?FRIDAY, 30 DECEMBER 2016
>> <https://web.facebook.com/notes/ben-chege/manual-vs-electronic-elections/10154910551733923>
>> Every 5 years Kenyans queue to vote, this is an exercise that we have
>> engaged in passionately for as long as I can remember and when each round
>> of elections is done and dusted we as a nation learn a couple of lessons
>> which we then reuse in succeeding election cycles in an attempt to make
>> them better. However, looking at the current debate on the use of
>> technology and witnessing what is happening, I suspect that there might
>> have been an important lesson to be learnt in the 2007-08 when compared to
>> the 2013 election cycle that has been missed and this lesson is that Having
>> consensus among all players beforehand regarding the electoral process
>> generally leads to widespread acceptance of the results of the process.
>> Electoral process should be seen as contests, where groups of people with
>> various interests engage willingly in order to not only determine political
>> representation but also wield the power of the state, and just like any
>> reputable contest it has its rules. These rules are well known and
>> understood by all players and are accepted from the onset. These rules are
>> deterministic in that they are predictable and must be seen by all parties
>> to be fair. For a country to have a credible election - we need everyone to
>> feel like they have a chance in this contest since from the onset the rules
>> of the game do not favour their opponent(s).
>> In 2007 ODM did not agree to the way the commissioners were picked after
>> the terms of some expired as they felt it contravened the IPPG agreement
>> and after the contest was done they did not accept the results announced by
>> the commission. When the same commission asked them they refused! We all
>> remember the situation the country found itself after the opposition
>> refused to engage in a process they felt was flawed and disadvantageous to
>> them. The 2017 election process is slowly mirroring the 2007 pre-election
>> period especially when it comes to the role of technology on voting day. We
>> are witnessing an emotive debate regarding the use of technology and the
>> disregard of the voices of political players who hold contrary opinions. If
>> lessons from the past hold true, this threatens the expectation of a
>> peaceful electoral process and at the very least a credible one.
>> On voting day there are 4 core activities that happen within a polling
>> station, these are:
>> 1) Voter identification/Verification ? this answers the question ? ?Are
>> you registered to vote in this polling station??
>> 2) Voting by secret ballot ? you are given a ballot paper and then you
>> mark it in secret and the cast the said ballot into a transparent ballot
>> box.
>> 3) Counting of results and declaration ? counting of all votes cast in the
>> polling station for each race and the declaration of the votes cast in
>> favour of each candidate.
>> 4) Results transmission ? forwarding these results to the next level
>> namely the constituency tally center for ?tallying? and dispute resolution
>> just in case there were any.
>> The ?Manual? vs ?Electronic? debate is really touching on activities 1)
>> and 4) and therefore at the core of this debate are 2 questions namely:
>> 1) Can we solely verify/identify voters electronically using biometrics
>> that they submitted?
>> 2) Can we solely transmit results to the next level using electronic means?
>> Fortunately, these two are not really new initiatives as the IEBC has been
>> using technology in these two areas over the last 4 years. No one doubts
>> the credibility boost that well executed technology has on elections. An
>> example of this is the by-election in Kibwezi West where the winner won the
>> race by the narrowest of margins - a paltry 175 votes and the loser did not
>> file a petition challenging the results. This was unheard of in previous
>> elections.
>> Why then do we have a debate around it? Previously, the use of technology
>> was not explicitly dictated by the Elections Act but rather the stipulation
>> to use one form of it was found in regulations. Until now the official
>> Electoral process has been manual where technology had been added for
>> efficiency and confidence building. The latest Election Amendment Act 2016
>> has raised the profile of the said technologies from just being tools to be
>> used in boosting confidence to be the exclusive means of conducting voter
>> identification and results transmission.
>> They say once stung ? twice shy and thus it?s understandable that the IEBC
>> is jittery in embracing technology full throttle without a fallback
>> especially because it had technology failures in the said areas during the
>> 2013 General elections. Technology is playing an increasing role in our
>> lives and for us to move forward on the electoral field - I feel that this
>> discussion needs to be informed by a mindset from big technology companies
>> have when it comes to failure. Companies like Google, Yahoo and Facebook
>> plan for failure more than they plan for success. They have a culture that
>> says ?failure is OK?, a culture where people are encouraged to ask:
>> 1) What do we do if our technology fails?
>> 2) How do we continue fulfilling our core business that is serving our
>> customers and users when the systems around us fail?
>> So as Kenyans we need to ask ourselves the same set of questions and ask
>> how it affects the core business of elections. But for that to happen we
>> need to synthesize what our core business on election day is. It?s said
>> that ?Election Day is still the one day when we strive to give equal
>> voice to every eligible voter; the day when the woman working in the market
>> stall has as much of a say as any wealthy banker, and the illiterate menial
>> laborer has a voice that speaks as eloquently as any university professor.
>> It is our shared responsibility to strive for processes and systems that
>> ensure that every voter is given the opportunity to make their will known,
>> and that every vote is counted.? If we agree that this is the core
>> business of elections and everything on election day must support this, we
>> should ask ourselves a couple of questions, namely:
>> 1) What happens WHEN we place a piece of technology as a prerequisite to
>> the recording of this voice and the said technology fails and thus affects
>> the ?core business?? What are the fallbacks available to us?
>> 2) Since this is a contest, which out of the array of fallbacks available
>> is most acceptable to all players?
>> The issues around the failure of technology have been well documented. The
>> IEBC conducted an internal audit of the March 2013 election and rather
>> candidly highlighted these failures. I will try and address them and
>> possibly give recommendations in question form that should advise our
>> choice of an acceptable fallback or perhaps a list of fallbacks to be
>> executed in when certain scenarios playout. When it came to the
>> identification of voters electronically, the issues fell broadly into 3
>> categories namely:
>> 1) Technology problems ? some voters could not be found on some EVIDs but
>> were present on the manual register. Some devices run out of power, some
>> even exploded during charging
>> 2) Procurement problems ? getting the wrong device because procurement
>> requirements were not met.
>> 3) Rollout problems ? some devices were not charged, insufficient training
>> due to late delivery and lack of manuals e.t.c.
>> With proper planning and time to go through the procurement procedures
>> most of these can be sorted out. The new Elections amendment act stipulates
>> that the IEBC should have procured and set in place technology 8 months to
>> an election and then have it tested 60 days to an election. Even with this
>> in place some of the problems categorized as ?Technology problems? may not
>> disappear or may only manifest themselves on polling day. In order to
>> address them we need to ask ourselves what are the real risk factors
>> related to technology? If the approach to voter verification is similar to
>> what was employed in 2013 ? then the disruption of telecommunication is not
>> a potential failure point ? why? The devices were self-contained ? the
>> register was loaded on the device and thus the device really had no need to
>> communicate with external systems after rollout. If this is the model
>> envisaged in the new KIEMs Rollout ? we should not concern ourselves with
>> telecommunication availability in the matters of voter verification. What
>> should concern us is the issue of availability of power as the devices will
>> be constantly in use throughout the day. The devices used for verification
>> conduct a one-to-one match of voters against their biometrics ?
>> computationally ? it can be a costly affair especially if a potential voter
>> has to submit multiple fingers to get identified if one fails and so we
>> need to have devices that can work for 18 hours or have capability to
>> accept external power in the form of portable power cells. Can the software
>> be written in such a way that it alerts the users well beforehand that it
>> has X number of hours of charge left and that the clerks at the polling
>> station need to make arrangement to keep the electronic means working?
>> Ghana deployed a solution that utilized dry cells and they put in place an
>> operational plan to replace them within 4 hours.
>> The issue of some voters not being found on the EVIDs yet being found on
>> the manual roll was puzzling, this may be aggravated in 2017 this is
>> because the bulk of the current set of fingerprints were collected in 2013
>> and it will not be farfetched to expect that the quality of fingerprints
>> submitted for verification in this election cycle by an eligible voter who
>> work with their hands to be lower and thus this may require multiple
>> passes. The current setup is one which a subset of the fingerprints
>> collected is used to verify voters electronically. If we are to go full
>> throttle ? we will need to ensure that all fingerprints are available for
>> matching on polling day to increase the chances of matching. An exercise to
>> get fingerprints resubmitted for persons who fall in this category and also
>> for all those that had their biometrics lost during the mass registration
>> drive when BVR machines crashed and did not have backed up properly.
>> Another reason that could explain why some voters were not found on the
>> EVIDs and were found on the printed register is data corruption during
>> copying polling station data into the SD cards that the devices used. How
>> can we ensure that databases are not corrupted during saving into the
>> machines? I propose that each device should have a way of hashing a file
>> and checking the hash against a verified hash of a working copy and where
>> it differs transferring data to this device should be repeated. Backups of
>> these registers on verified SD cards should also accompany each EVID to the
>> field. We should explore how to keep the logs of the persons who have voted
>> safe when devices get technology issues. There is also an inconvenient
>> reality that in any given population there will always be some persons
>> whose fingerprints are difficult or impossible to capture or verify. This
>> raises a fundamental ideological question of whether a person should be
>> disenfranchised because of limitations of a technology.
>> The issues around the provisional transmission of results were also well
>> documented, these also fell into 3 broad categories namely:
>> 1) Technology problems ? the server?s well documented issue with system
>> logs and it running out of space due to server misconfiguration; The
>> failover issues that followed this. Network coverage issues; Erroneous
>> display of tallied votes due to late integration and limited retesting.
>> 2) Procurement/Acquisition problems ? there was no time to really develop
>> the transmission application.
>> 3) Rollout problems ? late delivery of phones and specially configured
>> simcards; issues with user credentials; versioning issues between server
>> and phone; Lack of proper training.
>> As with electronic voter identification, most of these can be sorted out
>> with proper planning and following procedures, why do I say so? the IEBC
>> has transmitted 100% of the results from all the by-elections that it has
>> conducted since 2013. While in terms of scale these by-elections pale when
>> compared to the general election, it?s my considered opinion that there
>> have been numerous lessons learnt ? these can be documented and used to
>> inform the training and rollout process.
>> What should happen in the event that result transmission fails for
>> whatever reason? The IEBC still needs to have a fallback for electronic
>> results transmission. Can some other technology offer a fallback? e.g. If
>> results transmission from a primary device fails, should we have an
>> electronic fallback using a different technology? Can the current election
>> transmission system be used as a backup of whatever fancy results
>> transmission system the IEBC procures? The IEBC has used satellite phones
>> with success to transmit results for the Kalolol and Mosiro by-elections,
>> why can this be used as a fallback on the telecommunication side. I think
>> we can have all these fallbacks in place and these would be totally
>> acceptable to all stakeholders.
>> These questions are by no means comprehensive but should act as a starting
>> point in deciding what the fallback(s) should be and when to fallback. It
>> has always been my opinion that leaving the determination of important
>> electoral matters at the polling station level to the discretion of people
>> there without a trail of documentation that guides their decision making
>> and a trail of accountability to why they took the action they did exposes
>> the election operation to credibility questions. In 2012 Ghana went into
>> their election with the NVNV (No [biometric] Verification, No Voting)
>> mantra and they had to extend the voting period and also had many people
>> disenfranchised because of the inadequacies of the technology they rolled
>> out. In 2015 they rolled back and then introduced a manual verification
>> fallback. The manual verification process required the presiding officer
>> fill a manual verification form for each voter who is manually verified.
>> The only way we can come up with this list of scenarios is if we carried
>> out a proper and candid risk assessment and management process. This
>> process should inform the IEBC on what to do to ensure that the ?core
>> business? on election day remains unaffected. From my perspective, human
>> beings should always play the role of final "exception handlers" to ensure
>> that during electronic voter identification no voter is ever
>> disenfranchised by technology malfunction or it?s limitation. Indeed, if
>> the electoral process must err, then it must err on the side of inclusion.
>> However, these errors must be accounted for and thus the most appropriate
>> role of technology is to ensure a level of transparency and accountability
>> that allows for review of any of those human decisions on how to handle
>> exceptions. As noted earlier on this paper, the process used for
>> verification involves a one-to-one match of voters against their
>> biometrics. The voter gets his ID No. captured by the verification device
>> in a bid to ?identify? them and once their records are loaded on the screen
>> of the device an additional fingerprint scan is required to ?verify? this
>> person. i.e. answering the question ? are you really the person who you
>> claim to be? So, for example, if the validation device is unable to verify
>> the fingerprint of a voter who the presiding officer knows or strongly
>> believes to be a legitimate voter, and his/her particulars are on the voter
>> register, the presiding officer should have the authority to override the
>> device and allow the person to vote. In order to trigger the manual
>> verification process, the presiding officer should collect as much
>> information about the person being excluded from being electronically
>> verified as possible. This information should include a photo of this
>> person and the Serial Number not ID No. found on their National Identity
>> card. Manual verification should not be misconstrued to mean manual
>> verification using the physically printed out register or green books. This
>> process should be endorsed by all party agents present at the polling
>> station. It is important to have this information both in physical and
>> electronic form. At the end of the day, any final reconciliation should
>> include the number of decisions the presiding officer made contrary to the
>> technology. This allows for review of the decisions of the presiding
>> officer, and provides a deterrent since that officer knows that there will
>> be an accounting of how many decisions he made of this nature. It also
>> allows for reporting on anomalies where a polling station or ward has an
>> inordinately high number of human exceptions. This information can be
>> transmitted periodically so that during the course of the day to all
>> stakeholders and thus all players are able to identify polling stations
>> that have inordinately high numbers of human exceptions and vigilance can
>> be increased to ensure only legitimate cases are excluded from electronic
>> verification.
>> Once this discussion has been held and we have a product that this has the
>> blessing of all players contesting in the election. When accepted by all
>> stakeholders the post-election process of massaging bruised egos and
>> selling peace i.e. the 'accept and move on' message will be much easier.
>> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20161231/1a48c4c5/attachment.html>
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> 
> 
> ------------------------------
> 
> End of kictanet Digest, Vol 115, Issue 190
> ******************************************

Dennis Muthuri Mburugu
Skype: dennis.muthuri | Tel: +(254)714590654

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20161231/780aaf61/attachment.htm>