Source: Biometric voter registration system: A technical synopsis | The Financial Gazette April 13, 2017
By Robert Ndlovu
A LOT has been said by experts about the pros and cons of biometric voter registration (BVR).
I do not intend here to offer a brief lecture about the BVR system that will be used to register eligible voters and build a database from constituency down to ward level.
The voting itself will be via a ballot paper.
The voter’s roll that would be produced after capturing people’s personal details will basically be in electronic form.
Then it can be printed to produce the voter’s roll.
Components of a BVR system include the input and out devices.
The input devices are the fingerprint scanner and the webcam to capture your picture, while the output device is the printer that provides the voter identity card.
So, in essence, what is captured by the input must be the same as that which comes out as the output.
The other components include a laptop that runs the biometric application and other accessories like backup battery and universal serial bus (USB) storage drives.
All these are enclosed in a hardened “briefcase” for secure storage and movement.
This is not a new technology in Zimbabwe.
Several organisations such as the Registrar General’s Office use biometric technology to issue national identity cards.
Some banks and high security buildings use fingerprint scanners for access control.
In short, if your fingerprints were not previously scanned and not stored in the organisation’s database, you will not be able to gain entrance.
So, contrary to popular perception, the BVR system has been around all along, but its application this time around is specific to registration of eligible voters into a database — the voters’ roll.
So what is the fuss?
Certainly, it is not about the technology.
Deployments of BVR are based on the number of polling stations.
If there are say 10 000 polling stations, then that is the minimum number of kits needed and the minimum number of trained personnel to operate them.
But the number can be less given that the kits are mobile and portable. Once your personal details — that is your name, date of birth, address, gender and biometrics — that is your fingerprint and picture — are captured, that data is then uploaded to the “main system” at a central location.
Hopefully, there will be another standby system at the central location in case the primary one fails.
Naturally, a connection with the Registrar General is inevitable so as to check and validate voters against the national registry database.
The USB storage devices will be used to store the data in off line mode and shipped via normal transportation means.
If this is the case, then the question of remote hacking a BVR system falls aside since one cannot remotely access an off line system.
Not entirely true: At least on paper.
The laptops can be preloaded with malware before deployment. It is not possible to predict what the malware programme has been coded to do.
I will give a very extreme example so that you get the picture.
Hard drives in laptops going to region A can have malware that increase registrants by say 50 percent and to region B the registrants are decreased by say 50 percent.
But this is easier said than done. In short, the laptops must be pre-tested for malware, Trojans or any other backdoors.
However, if the data is sent via communications link to the command centre, a few issues may arise.
Unless the location is in an urban area or along a highway, the data connection is likely to be poor.
Most areas in Zimbabwe outside major towns do not have 3G. There are other radio technologies that can be used like microwave, VSAT, air fibre, just to mention a few. Either way, these connections must be secured end to end.
It is standard practice to use VPNs for all connections and avoid public internet. It appears that an opportunity inherently exists for various telecommunications service providers to supply secure and reliable data connections.
I cannot imagine one service provider being able to monopolise these links.
Hacking traffic in transit is not a walk in the park. The bad guy really needs to have a motive, top notch skills, abundant resources and network topology intelligence.
Several inferences about possible hacking of the systems have been raised and understandably so.
Hacking is no plug and play game.
Unless you are familiar with the “man-in-the-middle” attack and also privy to the network layout at a physical, network and even application level, this is not grabbing candy from a three-year old.
In any case this traffic should be encrypted to provide an extra layer of security. If the main system is online in real time, its level of exposure is elevated, more so if public internet is used.
What I mean is that the district offices which are used to aggregate data from constituencies and subsequently wards are online and send data captured directly to the command centre.
A chain is as strong as its weakest link. However, if these systems are kept off line, then any mishaps will be mainly due to human behaviour than failure of technology.
This brings us to the issue of the physical security of the systems. How is the data moved from the polling stations to the main database?
Where are these BVR kits systems kept? How many people have access to them?
These are valid questions.
Most BVR systems do not have any built in GPS functionality. GPS receivers, such as navigation devices are used to calculate the exact position, speed and time at the device under monitor.
My question to the Zimbabwe Electoral Commission (ZEC) is: How are you going to monitor the movement of about 10 000 BVR kits without any GPS capability?
Duplicate entries occur when a record in the database has multiple instances.
This could either be technical or fraudulent. Fraudulent duplicates refer to those registrants who registered on different dates, polling centres, outfits in a form of disguise, different personal details, but with the same face and fingerprints.
Technical duplicates are those registrants who register on the same date, centre, outfits with very close registration serial numbers and with the same personal details.
Given the scenario that a person will only vote at a polling station where she or he is registered brings a sigh of relief.
This assumes that no data manipulation is done when moving data from point A to point B or worse still manipulated where the BVR kits are kept.
The second stage of the process is voter verification and or authentication, which happens on voting day.
You approach your polling stations and produce an ID and your name or your fingerprint capture is compared to what is stored in these mobile voting kits. If there is a match then you are on your way to vote using a ballot paper.
Before the preferred vendor is selected, extensive tests are conducted. This is usually in the form of pilot runs to simulate the real life performance of the system to be sourced.
The tests include environmental effect tests like temperature and humidity, error rate response times, battery life amongst other things.
For example, if during the tests someone else’s picture pops us against your national ID then there is a problem.
Availability of reliable and affordable alternative power sources for the kits cannot be over-stated. Power supplies can be erratic or simply unavailable.
This brings in solar panels into the matrix of the power equation in a country that does not suffer from “sunshine” deficiency.
It is during this testing phase where ZEC can sell BVR technology to the people.
In Kenya, there were a few challenges initially for the rural folks to buy into the new technology because there were rumours that these kits may cause cancer and even impotency.
And this is when questions about the safety and privacy of personal information that has been captured are addressed head on.
Training and support
Lack of adequately trained personnel leads to poor data capture.
Poor data results in corrupt output such as fuzzy looking pictures and fingerprints.
It is critical that clean data is captured right from the first time. Garbage in; garbage out.
While specifications of biometric kits are important, it is also vital to consider the capacity or the implementing abilities of the executing staff to operate the equipment and the process.
The performance of BVR systems is intrinsically linked to the training of personnel and support that the equipment gets.
We hope ZEC has enough support personnel to cover field officers tasked with the registration process.
To this end, it is inevitable that ZEC should engage technical partners to help it get the job done.
It is anyone’s guess what the internal technical readiness and capacity of ZEC is. The GPS oversight underlines this.
In summary, whoever is contracted for the supply and deployment of BVR system must demonstrate the technology’s required throughput and speed with a fingerprint scanner and camera as input and a printer as output.
This throughput determines efficiency. Thorough testing and piloting of both the hardware and software, it is stressed that the system should be able to accommodate upgrades as well as some failures.
Without delving deeper, purchasing of such high end and expensive equipment is guided by quality assurance and purchasing requirements as specified by ISO 9001 provisions.
Given that the United Nations Development Programme has been involved in the procurement of a number of BVR deployments around the world, least of my worries are the technical astuteness of the system.
The challenges that will arise are of a human origin than technical one. No amount of technology or lack thereof can fill in for political voids and vacuums.
Robert Ndlovu is contactable at Ymail.com or WhatsApp +263776002605 or Twitter @robertndlovu