The BVAS device in that election performed its role. BVAS is just an accreditation device; it was developed to ensure that only accredited voters can vote during an election.
If you examine the election, you will notice we are not discussing incidences of over-voting. Also, the device was able to remove the issue of using incidence forms. In the past, when we were using card readers, people that could not thumbprint had to fill out incidence forms. Politicians used incidence forms to do a lot of things.
One good thing about this year’s election has been accreditation. When we were using card readers, accreditation and voting could not happen simultaneously. First people would get accredited, then wait until they can vote. But during this election, voters could vote immediately after accreditation.
In that regard, BVAS achieved its aim. The issue we had with the election was with the transmission of results, i.e., from the polling unit to INEC’s result viewing portal.
One interesting thing is that I participated in the election as a returning officer. So, I am not only speaking as a technology expert. I was a returning officer, who was in a local government. I monitored some of the events.
Some of the polling officers and corps members that could not complete the transmission of results in their various polling units came to the LGA and they were trying to transmit those results. The issue was with the transmission of results.
Before the elections, the Nigeria Computer Society approached INEC. Tech is good, but if you do not follow the right process, and do all the necessary things, you might not achieve your aim.
We need to investigate the operations and activities before the election. Before this election, INEC had trial elections, but how did that go? Who designed it? What method was employed? At the time, the NCS asked if the people that were involved in the mock election would be part of the main election so that they can gain experience.
But no one knows how the people involved in the trial elections were selected.
During the mock election, they transmitted dummy results. The question then would be, if they were able to assess the robustness of the platform. There were so many issues around the use of that tech. Tech on its own will not solve a problem. People use tech. If we are talking about digital innovation, since it is tech, people and the process must be in sync before people can appreciate the dividend of tech.
During the process of transmitting results, we heard that INEC’s server was down. Why did this happen? INEC should be able to answer that. They should have adopted stress testing, reliability testing, robust testing, and integrity testing before the elections.
The result portal is up now. But it is an issue that they could not keep to the promise that they gave Nigerians. INEC needs to be thorough. If you are using technology, you need to put a lot of things in place. The NCS tried to meet with INEC before the elections. We were able to meet with INEC, but not with the chairman. We gave the commission about 16 recommendations on what they need to do towards the elections. After submitting our proposal to INEC, we did not hear from them again.
One of our proposals was to serve as technology observers. We asked to monitor how the tech will be used and see how we can assist in ensuring that BVAS and the transmission of results were done effectively and efficiently. But nothing was done before the elections.
Some of the things we mentioned in our proposal had to do with testing for efficiency, penetration testing of the system, vulnerability analysis, ensuring that the platform was robust and ensuring that they conduct trial elections.
The budget was not enough and it made INEC to be modest in its spending. Even with the trial elections they held, we were thinking they would take more samples, but the cost was a factor.
Apart from that, the issue of having to put so many things in place before the election was difficult. Training of ad hoc staff was done about a week or so before the elections. The NCS got to know INEC spent a lot of money on trying to ensure the system was safe and secure but some other things needed to have done, but INEC was managing its fund.
It needed to have involved technology experts for the election, engage them and secure the support and assistance of these experts. It could not do that because of the cost implications. But what I know is that with that kind of money, they should have asked for more. But we should also be aware that INEC had other issues with election preparation. I think the budget was not enough.
INEC is moving towards technology. It needs to understand how to set up technological systems. It needs to know all the other things involved such as operations activity and more.
There was a time when INEC invited organisations that will provide tech services for it, but it didn’t invite stakeholders to see monitor the process.
Experts challenged them at the time. We stated the danger in engaging with organisations that would provide IT services without the presence of stakeholders to monitor and observe.
If the commission is blaming capacity today, the question is what was done to ensure that it was able to get capacity? What did it do to ensure that the people involved gave candid opinions? Business people, rendering these services, prioritise profit making. But if there were checks, stakeholders would be able to engage these businesses and advise too.
What was the plan for capacity? How did INEC do what it did? It cannot say that it was not forewarned, because a body like the NCS submitted a proposal. And merely going through the proposal would have offered growth opportunities for INEC.
In the proposal, we stated the importance and need to evaluate the platform that would be used for the election up to a day before the election.
In preparing for cyber-attacks, we asked INEC to continue to run vulnerability analysis up to a day before the election.
Cybercriminals do not rest, they learn every day. So, if you can curtail them today and do not do anything afterwards, you might not be able to curtail them tomorrow. And that is why the cyber analysis processes must be continuous, must be dynamic.
As a tech expert, I cannot base my assertion on hearsay. There could have been sabotage, but INEC has stated that it was not cyberattacks, it could have been.
What do we call a cyberattack? It is something someone will do on your system and your sister system will not be able to continue to provide the services.
If something is done on your platform that impedes your ability to operate as you should, it is a cyberattack. If they are saying it is not a cyberattack, there should be evidence. And we cannot also say there was sabotage because we have not studied their system.
There are some things that we need to do to confirm if the system was subjected to an attack or not. We cannot conclude what we have not examined. We must be careful.
When I heard this, I called the director of ICT at INEC and he said he would call me back. We have not been able to talk yet.
To reconfigure has a lot of meaning. Is INEC going to update the software? Is this going to affect the data on the platform already? I don’t know the essence of reconfiguring because the information that is on BVAS is not going to change. The same set of voters that voted during the presidential election is the same that will vote for the governorship. So, it is not about changing data, except INEC has discovered that the current application that is running on BVAS is causing a problem and they want to upgrade it to enable it to support the transmission of results easily. I don’t see why it wants to reconfigure the servers.
We need clarity from INEC as regards if the reconfiguring does not mean we might lose data. It depends on the extent of the reconfiguration it wants to do. Reconfiguration might just mean that it wants to change some parameters on the system, so it depends.
The challenges with the last election were obvious. If INEC has been able to transmit results from the polling units and people could see the results live, the dispute we have over this election will be to the barest minimum.
People are concerned that the commission promised to do something but didn’t do it, which is bringing a lot of suspicions. It needs to ensure that no polling officer leaves the location without uploading results to the server. If this is done, the controversy would be solved.
Transmitting results is not a difficult thing. Even if results cannot be transmitted immediately, the polling officer can move to a location where they can do it.