The implementation of a Biometric Voter Registration (BVR) system in Zimbabwe has been accepted by the majority of stakeholders as a welcome development towards the improvement of the electoral process. Most importantly because it will get rid of the old re-cycled voters’ roll which has been the centre of most electoral disputes, but also because it introduces technological advancement into the process which should make it more accurate, efficient, robust and transparent. However, technology is as good as it is deployed, and the BVR project in Zimbabwe is at serious risk of failure going by reports regarding the nature at which ZEC is approaching the process.
BVR is a registration process whereby in addition to details such as a person’s name and address being taken; the fingerprints and a picture (facial image) are also captured and stored on a computer. These are then stored in a central system and used in an automatic way to eliminate multiple voters (people who are registered more than once) among other procedures. This process is used to create a “clean” voters roll. The images (face and fingerprints) can also be used on voting day to automatically verify the person who is voting (that is, to confirm that the person is indeed who he/she is claiming to be). ZEC (Zimbabwe Electoral Commission) has said that it is not going to use biometrics automatically on voting day. It will use biometrics to create a new voters roll, and may use the pictures manually on voting day (that is to visually compare the person voting and the picture stored on the computer when the person was registered).
As with any major technological project, the introduction of a BVR, especially in the challenging Zimbabwean environment must be done with a full understanding and overview of the requirements and the risks involved. Fundamental to the success of such a project is an appreciation of the procurement and running costs, and thereafter the sustainability of the technology.
Procurement for BVR systems is complex and requires the involvement of experienced biometric experts. There is need to stick to a wide range of requirements failure of which the implementation and effectiveness of the exercise can easily be derailed. It may even result in total failure of the project. There are minimum standards to be adhered to. In addition security issues and data recovery issues need to be addressed in advance. The cost-effectiveness and sustainability of solutions to be implemented require careful analysis before embarking on the BVR exercise. If these are not carefully and expertly considered the whole BVR exercise will be disastrous politically and economically as it will undermine the integrity of the electoral process.
The issues which have been raised in the procurement process of the BVR system in Zimbabwe raise some concern regarding the fundamental requirements of the system. There are reports regarding serious shortfalls in the technical specifications of the basic equipment required for scanning and capturing photos which would make the process less efficient and prone to failure. Data presented to a system is as good as the capturing process and if this fundamental aspect is not done in the right way, the whole process is bound to fail. There are standards to be adhered to regarding acquisition of biometric data which will make it easier to process and make it compatible with other systems both locally and internationally. It is therefore imperative that this decision is not just cost or politically based, but value-based and guided by sound technical advice.
The frequent/unpredictable power cuts which take place in Zimbabwe and the complete absence of electricity in remote areas make it imperative that contingency planning is prioritised by ZEC for the implementation of the BVR. Alternative power supply sources such as standby generators or Uninterruptable Supplies (UPS) and solar panels should be prioritised. An accurate specification of these requirements is vital as any discrepancies/shortfalls can compromise the process. Associated with power cut risks are data loss, data corruption and equipment loss which will require appropriate back-up servers and disaster recovery strategies. ZEC should not compromise these fundamental power and back-up requirements.
The sustainability of the BVR system is a very important aspect when choosing and acquiring the technology. The system should be re-usable and be able to be sustained locally without relying on external experts, technicians and vendors. There are high risks related to lack of local technical expertise, service, backup support and spares for high-end technological solutions. Maximising on local expertise will ensure that the technology survives beyond one election cycle and can also potentially be expanded to other institutions other than ZEC. For this to be achieved, certain specifications need to be met in regards to the equipment and acquisition process. Alongside, recruitment of appropriate local staff, it is vital that the BVR acquired should be one meeting specific standardisation of practices and processes to avoid the process being locked to one vendor, which additionally, minimises competition and drives up costs through monopolisation.
These specifications require the input and knowledge of experts in the field and should not be falsely based on political or non-evaluated costs which ignore the long-term value and benefits. The same system should be able to be expanded and utilised for other civil applications such as passports, diver licences, birth/death certificates etc. including future elections. Currently, ZEC is planning to use biometrics for registration only, which even though in itself is inadequate, should be used as a stepping stone to future biometric voter verification (when biometrics system is used on Election Day). Therefore the system in place should be adaptable to achieve voter verification in the future. ZEC is therefore called upon to consider long term sustainability of the system based on specialist advice, especially taking into account the amount of resources being poured into the project. It would be an unfortunate mis-use of public funds if such a plan, as being reported, is not in place.
A complete BVR system comprises amongst other equipment, BVR kits (cameras, scanners, laptops, power supplies etc) and a central storage system which is fully backed up. Field staff acquire biometrics information (register voters all over the country) and this information is stored in a central system. These are the most basic components of the system (BVR kits and a central storage system with back-up).
One of the most important benefits of a BVR system is the ability to be used for de-duplication (removal of multiple registrants) to produce a “clean” voters roll. In order for this to be achieved the data has to be compiled centrally and processed using software systems such as Automated Fingerprint Identification System (AFIS). This process provides automated fingerprint search capabilities, electronic image storage, and if required electronic exchange of fingerprints. This is therefore a very sensitive component and the “heart” of the whole system. It is therefore imperative that this storage system is put in place with appropriate back-up before the BVR kits are even deployed.
It is also vital that the system put in place is compatible with the BVR kits and acquisition process as any discrepancies might result in data loss or corruption. It is therefore expected that the BVR kits provider will also supply the storage and back-up system which is compatible with the data they acquire. Failure to do this may result in serious system risks and may result in a complete failure of the BVR process.
Associated with acquisition of biometric data is the issue of data protection and right to privacy. While there is a need for electoral data to be in the public domain, the balance between, on one hand, the reasonable demands for transparency in electoral processes and the right to privacy of the citizen on the other is a delicate exercise which requires careful handling. Introducing multiple handlers in the data acquisition, transfer and storage process exposes the data to high security risks.
The issue of accountability arises, and experience has shown serious objections from BVR system providers (and rightly so) to separation of data acquisition and storage processes. BVR system providers have their own data encryption (coding of the data so that it is useless without an appropriate decoder) software which they use to protect the data, which is compatible with their own devices. They also provide their own IT auditor with special skills to detect tampering and or manipulation of the database itself. The auditor should work with compatriots from all stakeholders.
The process that might be involved in integrating devices from multiple vendors can also be time consuming and costly and is not justifiable. It is therefore imperative that ZEC abandons their reported idea of separating the processes which is raising eyebrows; or the project will become highly risky with the possibility of being a complete failure.
All these issues raised require a clear, transparent response and explanation by ZEC to all stakeholders. ZEC, through its consultation process with all stakeholders should address these issues to ensure that the BVR system is acceptable and reliable. It is also important to provide sufficient information to users to enable them to feel included in the process, engender a sense of ownership and therefore increase the likelihood that the technology will be successfully accepted and implemented.
It is however important to be realistic about the associated risks and their sources. ZEC is implored to act on these reports, and work hard to dispel the perception that some of these risks are developing because there are participants who want the process to fail for their own selfish reasons, or that there are some sinister reasons for introducing impediments and unnecessary risks. This is crucial, given the history of Zimbabwe elections.
This article was authored by Dr. Samuel Chindaro, an Electronics Engineer, biometrics expert and researcher, trained at NUST in Zimbabwe, the University of Birmingham and the University of Kent in the UK. At Kent, he was part of a specialist research group on biometrics technology. He can be contacted at S.Chindaro@gmail.com.