Is auditing the IEBC voter register enough?

What you need to know:

  • In 2013, we had around fourteen million registered voters, which is likely to shoot up towards twenty million in 2017. So auditing twenty million records is likely to be a daunting task unless these are in electronic form.
  • Running the voter register against the persons database, one can easily flag out duplicate and ghost registrations. Drilling further down to the date-of-birth details, one can pick out the under-age registrations within the voter register.
  • When all is said and done, we must still remember that the electronic system is only as good as the personnel who use it. There is absolutely no substitute for hiring people with integrity.

So the recently enacted Election Laws (Amendment) Act allows for the auditing of the voter register as a way of weeding out illegal entries. Will such an audit resolve our perennial suspicions around the integrity of the election results?

Lets take a look at and make conclusions.

The first thing to audit is not the register itself, but the process and procedures around getting voter details into the register. If the procedure is in itself vulnerable to un-authorized changes, then it matters little if we clean the register since it will be un-cleaned sooner or later.

The next step would be to look at the voter register itself. At a minimum, an audit of the voter register would seek to identify and remove duplicate registrations, ghost registration as well as under-age registrations.

In 2013, we had around fourteen million registered voters, which is likely to shoot up towards twenty million in 2017. So auditing twenty million records is likely to be a daunting task unless these are in electronic form.

In 2013, the voter registrations were captured by the BVR (biometric voter registration) kit and so these records were in electronic form. 2017 should be the same.

GHOST REGISTRATIONS

With electronic records, it should be easy to run comparison algorithms between the registered voter database against the immigration and registration of persons database.

The persons database keeps the official list of all national ID and passport details of Kenyan citizens. It also stores records of births and deaths in the country.

Running the voter register against the persons database, one can easily flag out duplicate and ghost registrations. Drilling further down to the date-of-birth details, one can pick out the under-age registrations within the voter register.

Additionally, the deaths register would be used to flag out and block the notorious dead voters who have a habit of resurrecting during election day to cast their vote.

Finally, the IEBC voter register can be triangulated against the population database as published by the Kenya National Bureau of Statistics to see if the numbers add up when drilled down by county.

But even after cleaning up the voter register and its related processes, one must also do some sample physical checks to ascertain the validity of the records.

TWO AUDITS

This is because it is possible that the immigration database may have been poisoned with ghost registrations that are calculated to subsequently positively resonate with the IEBC voter register.

Physical checks would entail reviewing sample voter registration forms and calling up the registered voter to confirm that they actually exist in the real world.

Upon completion of the audit process, the voter register should be agreed upon by all political parties and frozen from additional changes. So we probably need to do two audits, one now and the other after the 2017 voter registration exercise is closed.

Would this exercise guarantee us a credible election?

Not necessarily, but it would be a good start towards a credible election.

For a credible election, the auditing should not be limited to the voter register and its related processes. It should also extend to what is known as a Systems Audit.

This means that the hardware, software and communication systems components of the electoral process must be also be reviewed.

If you recall, in 2013, the results transmission system had an error in tabulating the percentage of spoilt votes that gave a so abnormally high value that it was nicknamed as "candidate number three".

DIGITAL FINGERPRINT

There will therefore be a need to audit and test the software and communication components of the systems, before and after the elections, to minimize the risk of tampering or unauthorized changes.

We have to ensure that the software running on election day is exactly the same one that had been audited and approved prior to elections.

One way to do this is to keep a digital fingerprint (hash function) of the critical software components before elections and compare that with the digital fingerprint of the software that executed the elections.

Any discrepancies would point to unauthorized changes or tampering with the software. Additionally, the internal procedures within IEBC in as far as access to critical IEBC data should also be reviewed.

Provisions for audit trails should be made to allow for the review of access rights of employees, their roles and activities on election-related databases for any given period of time. Such a trail will also capture any hacking or unauthorized incidences of access.

When all is said and done, we must still remember that the electronic system is only as good as the personnel who use it. There is absolutely no substitute for hiring people with integrity.

Mr Walubengo is a lecturer at the Multimedia University of Kenya, Faculty of Computing and IT. Email: [email protected], Twitter: @jwalu