Advertise Here!Call +234 (0) 8035007778
Electronic Voting Machine, Which Way?
The increasing use of technology has significantly impacted the world today. A more interactive has emerged through the Internet usage and, which in-turn has exposed individuals to security issues. In lieu of this, securing and protecting data has become an area of great concern, which we can't afford to overlook.
Independent National Electoral Commission (INEC) in their decision to use the Electronic Voting Machine (EVM) in the forth-coming general election in Nigeria has failed to convince the member of the public on the essentials of compliance, focusing on the specific policies and procedures legislative requires and the security and privacy measures that are in place.
Political parties should be interested in the review of basics of Local Area Network (LANs), Wide Area Network (WANs), Client/Server and other forms of distributed computing architectures concerning the Electronic Voting Machine (EVM). Has Independent National Electoral Commission (INEC) examined the vulnerabilities that open the door for unauthorized entry, which may results on their system in favour of one political party against the other, or illegal voting?
Independent National Electoral Commission (INEC) should let the political parties be aware whether the Electronic voting Machine (EVM) or Point of Voting (POV) machine i.e. the one that will be taken to the polling station, are networked to a local area network, as part of a Wide Area Network or attached to the internet. It is necessary for the political parties or even members of the public to understand all functions and platforms in the network architecture, including all the servers, in Independent National Electoral Commission (INEC) offices, the connection, and the Point Of Voting (POV) machine.
Independent National Electoral commission (INEC) in conjunction with at least all the political parties must be able to effectively assess system, processing and the risk assessment to triage a test plan and not just take the machine to political Confab for what I see as ill conceived testing arrangement.
We don't want last minute test, leaving little or no time to implement findings. As a result, many systems have bugs or processing problems from the start, leading to embarrassing failures of security availability and functioning during voting periods. There is need for voters to be assured that adequate security and control exist.
Testing of the Electronic Voting Machine (EVM) should be designed to be used by three distinguish audiences; they are Independent National Electoral Commission (INEC), Political Parties and the members of the public.
On the part of Independent National Electoral Commission (INEC), the testing is to help them balance risk of and control investment in an often unpredictable Information Technology (IT) environment. Political Parties are to substantiate their opinions and/or provide advice to Independent National Electoral Commission (INEC) on the management of internal controls. Inorder to ensure that voting requirement is met, adequate control measures need to be defined, implemented and monitored over these resources. How then can Independent National Electoral Commission (INEC) satisfy the control objectives are to ensure Effectiveness, Efficiency, Confidentiality, Integrity, Availability, Compliance, and Reliability. Voters are only to obtain assurance on the security and controls of Electronic Voting Machine (EVM) provided by Independent National Electoral Commission (INEC).
Independent National Electoral Commission (INEC) will agree with me that control over the Electronic Voting Machine (EVM) that satisfies the voting requirement to meet the voters requirements or expectations is enabled by the planning, implementing and maintaining of quality management standards and takes into considerations
System development life cycle methodology
Programme and system testing documentation
Quality assurance reviews and reporting
My expectation on the voting days is that since the information individuals have on their voters' card includes Polling unit, Registration Area, Local Govt. Area, States Codes, Voters' name and right thumbprint impression then the system should be BIOMETRIC AUTHENTICATION TYPE, anything short of this, is totally unacceptable.
Biometrics uses automated "physiological" or behavioural characteristics to determine or verify identity. Physiological Biometrics is based on measurements and data derived from direct measurements of a part of human body. i.e. fingerprints, facial characteristics, iris, retina, and hands are example of physiological biometrics.
Since the right thumbprint impression on the Independent National Electoral Commission (INEC) copy of the voters register should have been scanned and stored.
Fingerprint scanners captures an image of the fingerprint, an algorithm is used to connect them into a string. I.e. a numbers stored on a template to be used in the matching process.
Fingerprint scanning device has quick verification time, the device locates the match and verifies the voter in approximately one to three seconds.
Independent National Electoral Commission (INEC) has a matter of fact should have obtained understanding of how biometrics system works. For example
Independent National Electoral Commission (INEC) needs to know what a biometrics system is, what it does, and why a particular device was chosen. The procedures fro enrollment, verification/identification and storage of templates; the potential risks associated with the biometrics system and all its overall security.
Its ease of use may provide valuable insights as to how they may be circumventing the biometrics system. Substantive tests must be performed to determine its reliability.
Example of controls pertaining to the creation of the template is that, the biometric system should not generate templates for two voters with the same name and same biometrics data nor should it generate templates for two voters with the same biometric data and different names.
Controls also must be in place to protect the data as well as the template from modification during transmission (voting exercise).
A fingerprint is one of the unique aspects of the human body. The chances of two people, having the same print are less than one in a billion.
After accepting or rejecting the voter, the device must record a secure audit trail with respect to Electronic Voting Machine (EVM) use. This is a good control to have in place.
The performance level of fingerprint scanning devices becomes complicated causing it to reject authorized voter and accept unauthorized voters. The only way to guide against this, is to clean the scanner periodically.
With respect to ergonomics aspect, fingerprint scanning devices are fairly convenient to use because all the voters have to do is, place his/her finger on the scanner and wait for verification within a second.
On the election day, the voting should start with the presentation of your voters card to the polling station, then the next step is for the polling station, then the next step is for the polling clerk to allow you to place your right thumb on the Electronic Voting Machine (EVM) or Point Of Voting (POV) Machine or whatever the device is called. The device would verify with the scanned image of the thumbprint already stored on the Electronic Voting Machine (EVM) and confirm if it matches, then the voting will be allowed by the device automatically and if not, error should be displayed.
Alarms and detection systems also are necessary to alert the polling officials of unauthorized voters masquerading the machine. The device should also be protected from power shortages/failures.
Mukaila Apata is a System Auditor and Security Administrator with over 18years
of experience in banking systems, programming and system analysis. In addition
to his System Audit expertise, he has a strong background in Unix, Relational
database management software and Globus banking software.
Drop him a line.
Do you Have to Say? Post
Your Comments about this content resource Here.
November 22, 2005
Raises fundamental issues about the use of e-voting. Will we get it right this time?
DISRUPT THE STATUS QUO!
Ideas are not enough. You must be action oriented to improve your future.
Don't just think but act. You get results not only from thinking but from acting.
You have ideas. You want to achieve. You want opportunity.
But what are you still doing in your comfort zone? The comfort zone is a dangerous place.
"I wanted to", "I was going to" cannot put on a light bulb, not to talk of moving you forward.
Aren't you tired of hoping and criticizing? Stop defending status quo that locks you down.
GO on the offensive now with IT Education and Empowerment.
What is the use of ideas without action?
Start becoming the achiever you deserve to be.
MAKE SURE THERE IS NO STANDING ROOM FOR EXCUSES.