ICT boss denies the intrusion of IEBC portal by third parties

The ICT chief stated that they implemented a digital electoral system proposed by a parliamentary committee led by former Siaya Governor James Orengo, which received 380 million visits to its website.

Simple and transparent system

In his affidavit to the Supreme Court last Saturday, Ouma said Orengo and former Meru Governor Kiraitu Murungi, co-chaired the Joint Parliamentary Select Committee on proposed amendments to the Elections Laws contained in the Election Laws (Amendment) Act, 2016, to allow the use of an Integrated Electronic Electoral System (Kiems).

"The commission adopted a simple and transparent system in the use of technology. As relates to an allegation of the staging of results, I state the same is not true as all the forms 34A have a date and time stamp which can be verified from the public portal," he said.

He explained that at each polling station, votes were counted, tabulated, and the results were announced promptly by the presiding officer.

The ICT chief insisted that the IEBC provided details on the 86,889 voters who voted in the 229 polling stations, which were manually entered.

He explained that voters were identified using a biometric search, using finger identification on the public Kiems kit.

According to Ouma, the original Forms 34A had security features such as UV-sensitive security features, micro text, tapered serialisation, anti-copy features, and a watermark.

"The commission undertook a series of tests on the Kiems system, including a public test carried out on June 9, sixty days before the election, and a simulation carried out on July 15 before the deployment," he said.

He said IEBC developed a robust training manual and schedule to build the capacity and competence of all candidates, agents, and staff on its systems.

"Only authorised tablets (Kiems) are configured to transmit results directly into the commission servers. All the tablets used were polling station specific, meaning the information could be traced from the source, and even then, the transmission was under constant round-the-clock automated monitoring," he said.

The ICT boss explained that the entire network spectrum was secured with twin (external and internal) high-level perimeter firewalls to filter information and allow authorised transmission through these filters.

He said IEBC unveiled a robust database management solution which included pre-encryption of results before transmission and having the transmission over a secure Virtual Private Network (VPN) provided by mobile network operators.

"The database was set up in clusters to assure its availability," he said.

Ouma said the commission deployed a four-tier security measure, granular role-based access control and user management for the entire transmission system application, which meant only authorised users could access the system.

Authenticated users have distinct but interdependent roles at different levels. This means that not a single person could perform an end-to-end operation in the system.

"If the voter is not identified after three attempts, the system will prompt to carry out an alphanumeric search. The voter is then identified by a biometric verification if successful and then the voter is allowed to cast his/her vote," he said.

"If the voter cannot be verified using biometrics at the second stage, the system allows verification using face ID."

He said the original Form 34A, ballot box, and other election-related forms, materials, and equipment were physically delivered to the constituency Returning Officer.

"That for the August 9 General Election, 28 polling stations did not transmit and 46,201 polling stations transmitted using Kiems, which translates to a 99.94 per cent transmission success rate," he said.

The ICT boss explained that the role of the Presidential Returning Officer (Commission Chairperson Wafula Chebukati) was to receive Forms 34A and 34B from the Constituency Returning Officer, verify and announce the results for each of the presidential candidates for each county.

He said the commission published all the systems deployed in line with the Election Act.

"The Kiems kit comprises a tablet, an SD memory card, a power bank battery pack, and a multi-charge unit. The tablet is based on IMS (Identity Management System) and VIU (Voter Information Unit), which captures biographical and biometric information and digitizes official documents," he said.

The Biometric Voter Registration (BVR) system is used for registering voters and comprises a laptop, a fingerprint scanner, and a camera. It records a voter's face, fingerprints, and Personally Identifiable Information (PII).

Use of technology

"The Krigler report proposed the use of technology in future elections. The report enabled the Commission to deploy the BVR, Electronic Voter Verification (EVV), Electronic Voter Identification (EVI), the Candidate Registration Management System (CRMS); and the Result Transmission System(RTS)," he said.

He said Kiems relayed the presidential election results from the polling stations to the National Tallying Centre (NTC) and the public portal.

"Kiems deployed in the conduct and administration was successful to enable the commission to verify the biometric data by the public during the May 4 to June 2 verification exercise as required by Section 6A of the Elections Act 2011, successfully identify voters on polling day and successfully transmit the Presidential results of the General Election from the polling stations to an online public portal maintained by the Commission," he said.

Ouma said the register of voters' data is stored on a secure data card that is encrypted and is part of the evidence in court.

Ouma said technical safeguards were introduced to ensure the integrity of the process after IEBC outsourced network provisioning services from the mobile network operators (MNOs).

"These safeguards included the use of unique specialised SIM cards configured on secured Access Point Network (APN) for result transmission from Kiems devices; static Internet Protocol addresses for use in specific gadgets where the SIM cards could only be used within the commission's APN; and the specialised SIM cards Mobile Station International Subscriber Directory Number (MSISDN) to stop duplications," he said.

Other features include disabling SIM card cloning, voice or text messaging services, ensuring a unique internet mobile subscriber identity (IMSI), and a unique identifying number within the network, which is the primary identifier of the subscriber.

"All the SIM cards were placed under constant monitoring and periodic reports were generated confirming that the cards were active throughout the electoral period and therefore transmitting data and that no intrusion or compromise was noted in the system," he said.

Ouma further said that the electronic result transmission system was configured to detect any SIM card that was not on the list of those assigned by the MNOs.

The SIM cards transmitted the results in the form of HTTP (Hyper Text Transfer Protocol) packets encrypted with SSL (Secure Socket Layer) technology to conceal the protocol used by the internet to define how messages are formatted and transmitted.

"The link secured all the data by securing it with a code which was not available to any of the MNOs. This meant that the sole duty and obligation of the MNOs was to transmit the data and monitor the continuous flow of such data through the respective networks," he said.

A monitoring and control tool, the MNOs generated and provided Call Data Records (CDRs) which were forwarded to the commission at intervals.

"I have studied and ascertained that the CDRs show no stoppage in the transmission of data or intrusion by any strange unidentified number," he said.

The CDRs also contain useful information about the serial numbers of each SIM card, the SIM card calling number (MSISDN), SIM static and active Internet Protocol addresses, the Internet data volume generated by the SIM card, the time of last connection, and the specific type of network.

System Integrity

The ICT boss said the cyber security procedures ensured the integrity of the transmission and also had a third layer of a series of firewalls to filter all incoming and outgoing data while restricting any third party or unauthorised access.

These firewalls had an inbuilt report back and alert mechanism in case of any unauthorized attempted access or unusual activity in the system and was continuously monitored for such.

"That at the polling station, the Presiding Officer was required to input the QR Code into the Kiems machine upon which the machine becomes polling station specific in terms of data and usage.

"The Kiems is also designed to block more voters than those provided for in the specific polling station from voting. "The allegation that in certain stations more voters than those registered were recorded is therefore untrue," he said.

IEBC said 14,239,862 voters were successfully identified by the electronic voter identification system and 46,201 out of 46,229 Kiems kits transmitted the presidential election results from the polling stations.