[kictanet] Invitation to Participate in ' Talk to IEBC'

A Mutheu mutheu at khimulu.com
Thu Jul 14 13:30:59 EAT 2022


Dear Barrack & team,

As regards IEBC, my first comment is an expression of disappointment at the
lack of transparency and or openly sharing of important information with
the public as regards the technological infrastructure they will utilize.
More so as the last Presidential elections were nullified by our Supreme
Court essentially due to technological issues, making Kenya the 3rd country
in the world to have this happen, a position we should never return to
especially as our nation can not afford the socio-economic repercussions of
such a scenario. Additionally, technology is reliable if all the supporting
factors are in place but in my opinion I have concerns about the
technological preparedness of IEBC for the forthcoming General Elections
(GE). My concerns I recognize may be due to lack of information, which
loops back to my first comment about the IEBC granting the public access to
information.

Some of my concerns include:

*INTEGRATION & SYSTEM TESTING*:
In the last election both the software and hardware were from a similar
provider but we still had issues which resulted in many votes not being
counted. This time round there are two different providers i.e. the old one
and a new one and such scenarios can raise challenges. Have they tested the
effectiveness of the integration of the two systems? And if they did test
how was this done as we voters are custodians of our biometrics, which
would be required for said testing? If they did use voters to test the
system for example, during the voter registration process then they should
be transparent and gazette or share with the public particulars of where
such testing was done and size of the test group. Or are they waiting to
test the effectiveness at the GE which can be highly problematic with no
room to resolve challenges in a timely manner.

*VOTER DATA*:
It has been alleged that the last "custodian" locked us out due to non
payment of monies owed for services provided. If this is the case then how
was the data migrated? Even if IEBC did have access to said data then the
issue still remains that in accordance with our Data Protection Act, what
is the status of the residual data held by the other party, as this raises
data privacy & protection concerns as regards citizens data?

*TECHNICAL AUDIT*:
KPMG carried out an audit but unless they facilitated a technical audit
that I am not privy to, then its imperative that a technical audit is done
so that we are cognizant of the true nature of the technical preparedness
of the IEBC systems before the elections. The results of such an audit
should be made public to enhance public confidence in the transparency of
our electoral system. This in turn denies politicians ammunition to
"incite" the public as they are informed, and ensures public peace during
our pre and post GE periods.

*SERVERS*:
Our servers are more than 3 years old and so would need an upgrade as a
norm. Has such an upgrade been effected? The voter numbers have increased
and so will the current servers have adequate capacity? If they lack
capacity then at this eleventh hour when it is too late to order in others,
then perhaps we need to look for other solutions as a matter of urgency for
example, taking into account Data Protection considerations, IEBC can look
into borrowing capacity from other major government servers that hold
sensitive information as a norm, assuming they have extra capacity, like
KRA or CBK?

*KIEMS KITS & AUDITOR GENERALS REPORT*:
Earlier this year the Auditor General's report indicated that nearly four
thousand KIEMS kits, plus laptops, drives etc. were stolen from IEBC. What
is the status of this? Have they been recovered? This raises major concerns
especially as the KIEMS kits are not geo locked so if malicious actors have
access to KEIMS kits and data they can manipulate the integrity of the GE
in August. What steps has IEBC taken to address this concern? Additionally,
albeit the SD cards and or flash drives are geo locked there is still
potential for mischief as the KIEMS kits are not geo locked so a malicious
player can insert another SD card. What is IEBC doing to curb potential
mischief on this front?

*POLLING STATIONS WITHOUT NETWORK COVERAGE*:
There are approximately 1100 polling stations that allegedly still do not
have access to 3G or 4G network coverage. The standard response from IEBC
when this issue is raised is that they will utilize satellites. Have the
said satellites been identified and or deployed and tested for
effectiveness before the GE or will they be tested on election day? Why
can't IEBC Gazette the said polling stations so that the public are aware
of them and to enhance transparency and trust in the electoral process.

*OCR (OPTICAL CHARACTER RECOGNITION) TECHNOLOGY*:
As far as I am aware IEBC does not have OCR technology or do they? If
they do not then for aggregation purposes this will have to be done
manually and human error can arise (both accidental or intentional), as
this is always a risk where the human factor is a component. If this is the
status quo then what measures has IEBC put in place to secure this process?

*BIOMETRIC RECOGNITION CHALLENGES*:
As a norm the elderly have issues with their biometrics being recognized as
do those who have suffered injuries after giving said biometrics etc. In
the last election this was problematic and as such would like to know what
steps has IEBC taken to address this issue. While it is arguable people can
use their Identification Documents as an alternative however, due to the
concern of the mischief that can arise from KIEMS kits that are not geo
locked and the Auditors General's report concerns, discussed above,
malicious actors can use as this as a work around to avoid presenting
biometrics and relying only on their "identification documents". What steps
has IEBC put in place to curb this?

*CIVIC EDUCATION AND REGULAR UPDATES EVEN ON THE IEBC WEBSITES*:
IEBC has not been aggressive in much needed civic education to sensitize
and update the public on the GE and even their website can be better
utilized. In all of this accessibility of information to the differently
abled is an important factor and their democratic right. How has IEBC
addressed this? Even on election day what steps have been put in place to
protect the privacy of the differently abled but enable them to exercise
their democratic right fairly?

*CYBER HYGIENE AWARENESS TRAINING FOR IEBC STAFF*:
95% of cyber incidents are due to the human factor i.e. both malicious or
accidental factors. As such, what cyber hygiene training have the IEBC
staff been given, as for example, even charging devices at known polling
stations by plugging them into the available power sockets can be vectors
to upload malware pre installed by malicious actors. Perhaps KICTANet as
you have recently been part of a project that developed a cyber hygiene
curriculum can train the IEBC staff virtually and take them over the basics
to secure the electoral systems in even a 2 hour session. People can only
secure themselves and their systems from risks and dangers they are
cognizant of.

*BACKUP POWER*:
What backup power does IEBC have at each polling station i.e. both
generators and or solar?

IEBC needs to realize that with great power like they have, comes great
responsibility to uphold the democratic rights of Kenyans to fair and free
elections, and not allow technological issues that are resolvable to
curtail this right again.

Stay happy,

*Mutheu Khimulu*
*LLM. Cybersecurity, Counter Terrorism & Crisis Management*
*https://www.linkedin.com/in/mutheu-khimulu-law/
<https://www.linkedin.com/in/mutheu-khimulu-law/>  *





On Wed, Jul 13, 2022 at 9:03 PM Barrack Otieno via KICTANet <
kictanet at lists.kictanet.or.ke> wrote:

> Listers,
>
> Earlier today, KICTANet held a consultative meeting with IEBC
> Commissioners led by Chairman Wafula Chebukati and the Secretariat
> represented by CEO Marjan Hussein and ICT Manager Mr. Michael Ouma. This
> follows KICTANets participation in the IEBC National Elections Conference
> yesterday. The need for greater engagement between KICTANets Stakeholders
> and IEBC featured prominently in the deliberations.
>
> As part of the engagement process , KICTANet will be hosting a ''Talk to
> IEBC'' discussion which will culminate in a Webinar that will address
> Technology concerns in Kenya's electoral process.
>
> We would like to invite listers to contribute to the online discussion
> that will serve as a precursor to webinar.
>
> To contribute we would like to hear from you the following:
>
> 1. What issues do you have in so far as Tech and elections is concern in
> Kenya?
> 2. What recommendations do you have in so far as the use of Tech and
> elections is concerned in Kenya?
> The discussion will take place on Thursday 14th July 2022 and Friday 15th
> July 2022
>
> Thank you
>
> Best Regards
>
> --
>
> *Barrack Otieno*
> *Trustee*
> *Kenya ICT Action Network (KICTAnet)*
> *Skype:barrack.otieno*
> *+254721325277*
>
> *https://www.linkedin.com/in/barrack-otieno-2101262b/
> <https://www.linkedin.com/in/barrack-otieno-2101262b/>*
> *www.kictanet.or.ke <http://www.kictanet.or.ke>*
> _______________________________________________
> KICTANet mailing list
> KICTANet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/mutheu%40khimulu.com
>
>
> KICTANet is a multi-stakeholder Think Tank for people and institutions
> interested and involved in ICT policy and regulation. KICTANet is a
> catalyst for reform in the Information and Communication Technology sector.
> Its work is guided by four pillars of Policy Advocacy, Capacity Building,
> Research, and Stakeholder Engagement.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
> KICTANet - The Power of Communities, is Kenya's premier ICT policy
> engagement platform.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20220714/bd744473/attachment.htm>


More information about the KICTANet mailing list