Source: Polls: Transparency and right to privacy | The Sunday Mail July 1, 2018
Dr Samuel Chindaro
Recent demands by stakeholders in the upcoming elections for copies of the voters roll have brought about interesting dimensions of transparency, data protection and the right to privacy.
When a person registers to vote, the registration record becomes public.
Voter registration data that the Zimbabwe Electoral Commission holds includes personal identifying information such as home address, age and gender. In the biometric voter registration programme that the country undertook, sensitive biometric information which includes fingerprints and facial images was also captured by ZEC.
The conflict between privacy and transparency has emerged and can be clearly seen in the exchanges that have taken place between different political parties.
Questions have emerged.
Are the rights to transparency and privacy incompatible? Do we have to sacrifice one right to enforce another?
What is apparent is that the right to privacy and right to information (transparency) must be balanced and work in tandem. Privacy is a fundamental human right which is central to the protection of human dignity and forms the basis of any democratic society.
The right to privacy embodies the presumption that individuals should have an area free from arbitrary state intervention and from unsolicited intervention by uninvited individuals. Section 57 of Zimbabwe’s Constitution explicitly recognises the right to privacy.
However, Zimbabwe still lacks data protection legislation and is yet to establish a Data Protection Authority or a body of such a nature. This is unfortunate, because advances in information technology have introduced innovative ways of collecting, storing, and sharing personal data which require relevant and up-to-date legislation.
The right to privacy has evolved and now includes state obligations related to protection of personal data. The furore surrounding the publication and availability of the electoral register has brought to fore the need for public debate and reform on issues regarding the legality of the disclosure of full voter registration data online or in electronic format and related ethical issues.
Government and Zec need to rethink how they approaching the Digital Age in a way that respects both the public’s right to access information and simultaneously acknowledges how privacy and security issues have evolved with increased Internet connectivity and electronic data sharing platforms. The potential of open data for electoral processes must be balanced with an understanding of some of the sensitivities and risks related to data release.
Some data pertaining to elections may be sensitive and may need to remain closed, to be shared with only a few parties or to be disclosed only to a certain level. Voter registers contain private information that needs to be managed properly. The release of private information into the public domain carry with it several risks.
These risks are especially important in the context of vulnerable populations.
A full voter file could also be used for harmful purposes, for example when combined with other knowledge, to target individuals in their homes based on party affiliations. Not only is there a risk of individual harm, but the possibility of significant damage to broader public trust in Zec and Government as a custodians of people’s data.
The release of electoral data bears other risks such as misinterpretation or misrepresentation. Misrepresentation of electoral data may occur when the data is taken out of context or falsely attributed.
This may result in misleading news items critical of Zec or distribution of falsehoods. It is, therefore, imperative for Zec to ensure that every effort is taken to provide accurate information to counter misinterpretation, and impose sanctions on those misleading the public.
One of the biggest threats to personal data in the public domain is identity theft; scams in which personal details are stolen. Several illegal activities can be perpetrated by an individual using the stolen identity.
Besides financial fraud, identity thieves can commit crimes, such as drug-trafficking, smuggling and terrorism while posing as other people. While the electoral register is in principle available to anybody, analysing it requires skills, hence data intermediaries such as journalists or other data scientists who turn the data into insights, including visualisations, maps or news stories, reports and analysis should play an important role.
It is important that those receiving and inspecting the voters’ roll understand that no voter register is perfect.
Voter lists represent a “snapshot” of a part of the population at a given moment in time. As changes in civil status or residency occur, the snapshot changes, and time is needed to reflect these events in the registers.
For example, names of deceased persons who have registered may still be on the list, or internal and external migration might also have occurred since registration took place. There are no international standards used to measure the accuracy, or the acceptable margin of error of voter lists; therefore, this issue is subjective.
Given the complications that might arise in interpretation and usage of the electoral register, it might be necessary to restrict full access to the full file only to nominated candidates and people with a demonstrated use of data in the public interest. It is argued here that people with criminal records relating to misuse of public information, interfering with electoral materials (one Morgan Komichi comes to mind) or who have demonstrated their ignorance of the importance of data protection (such as those demanding publications of biometric information, for example Mr Charlton Hwende) should not be allowed possession or access to the full electoral roll.
The responsibility of the government, leadership and institutions as custodians of people’s data cannot be over-emphasised. It is therefore surprising and disappointing at the same time, that those aspiring for leadership and their advisors are clamoring for, and making demands that would compromise people’s privacy and data hiding behind “the law”.
Most surprising was that Mr Nelson Chamisa, a former ICT Minister who should know better, was also caught up in making these dangerous demands.
Demands such as those made for publication of people’s biometrics (facial images) alongside their names and addresses were both unreasonable, reckless and irresponsible from people who are asking the electorate for a mandate to rule the country. It must also be noted that even though the Electoral Act does specify that a photograph of the registrant is required in the register, it does not compel the electoral body to release this as part of the publicised electoral register.
The issue of protection of biometrics is critical in their usage to such an extent that there has been a lot of research in biometric template protection, a process whereby biometric data is encoded such that no one can reconstruct the original biometrics from the code. The issue of privacy in biometrics usage was a show-stopper in the introduction of biometric IDs in the UK.
It should therefore not be treated lightly by those in leadership or aspiring to lead the country. The Electoral Act gives Zec the power to release the electoral register in a format that would not compromise people’s data, but it is argued here that the law does not go far enough.
It, however, does cover issues surrounding the possible misuse, corruption and manipulation of the data from the electoral register. However, once data is in the public domain it is difficult to control in this digital age, therefore measures, supported by the relevant laws should have been in place before the electorate’s data is released.
Ideally, electoral data should not be used for any personal, private, or commercial purpose, including, harassment of any voter or voter’s household, advertising, solicitation, sale, or marketing of products or services to any voter or voter’s household or reproduction in print, broadcast visual or audio, or on the Internet. It brings to the fore a point I have raised before in one article that legislature relevant to biometrics usage in the electoral process should be explicitly put in place.
Carefully calibrated deterrence measures can be implemented to ensure that the negative impacts of election transparency are minimised. This is Zimbabwe’s opportunity to create a modern transparency regime which encapsulates data protection and citizens’ privacy, as well as ensuring public confidence in election outcomes.
Dr Samuel Chindaro is an electronics engineer and ICT and biometrics expert, trained at Nust Zimbabwe (B Eng (Hon) in Electronics), University of Birmingham (MSc in Electronics and IT) and University of Kent (PhD in Computer Vision and Image Processing). Feedback: firstname.lastname@example.org