Of late, the Zimbabwe Electronic Commission (ZEC) has been under pressure from civil society organisations to give the public access to their servers. Turns out ZEC is not too keen to do that.
The Herald today published a response from a ZEC representative, ZEC commissioner Dr Q Moyo which said
Zimbabwe has millions of people and if we open up our servers you can imagine what will happen. But the key thing is that storage of data is purely a security matter between ZEC and the person who is registered. The moment you begin to open that data to anyone else other than the party that has registered, you will be, therefore, compromising the whole issue of secrecy of data,
Okay, so what’s the big fuss over this? Why is it a big deal if they don’t give us access to the the servers? and what’s the big deal if they do?
Why should ZEC give the public access to their servers?
1. It’s a sign of good faith.
At this point, after our presidential elections have been allegedly rigged one too many times, people want extra assurance that this will not happen again. Even better now that our voters’ registration process is much more digital than ever and hence can easily be accessed online. This means that it’s easier for us to ‘monitor’ ZEC hence somehow breeding some accountability on their part.
2. It’s the citizen’s right to know.
In case you didn’t know, the right to access information is a human right protected by law of Zimbabwe. Therefore, denying citizens information that concerns them is an infringement on the constitution and hence a punishable offence.
3. It’s a New Zimbabwe (or at least we hope it is)
In this new Zimbabwe, we don’t expect shady business to continue. We’ve seen a couple of criminals being brought to book and that has somehow set precedence (naive is okay with me). We now expect every issue we ever complained about to be sorted. In this, all we want is transparency, especially following that His Excellency the president promised us free and fair elections in 2018.
Why shouldn’t ZEC give the public access to their servers?
Security issues
The first and probably most important reason, well, let me not say probably since it’s the exact same reason that was given by ZEC, security.
Security however comes in two fold, the security of the registered individuals and that of the system itself. If personal information like ID numbers and addresses are made accessible for anyone and everyone to access, then that could be a problem. Not only can businesses manipulate information for their own interests, but individual can use it to phish or ‘stalk’ people.
I’m not sure how big a deal this is in Zimbabwe at the moment, maybe I’m stretching it but simply brushing it aside would not be wise either. But then again, remember, online has no geographical boundaries. Any other entity from anywhere else could potentially access these files since big data is big money, I already see the likes of Google and Facebook lurking and salivating over the data.
The second security issue would be that of the database, how secure is it if the public has access to it?
ZEC at some point promised us that they are using the most secure systems ever, from temper-proof flash drives to hack-proof databases. However, sorry to show a little faith but I still think being hacked is a possibility, if the cards are not played right that is.
The government’s website has been hacked once before, but that’s a 2013 incident so I can’t say it’s fair to keep bringing it up. But question is how strong is ZEC’s cyber security? By this I don’t just mean in local terms but all around the globe.
So How should ZEC do it?
This part is left for you to fill in, feel free to utilise the comments section.
However, I could just start the discussion with 2 brief suggestions: 1. make use of accounts and 2. adopting the blockchain technology.
1.It could be helpful if having an account becomes a prerequisite for one to access the data. In as much as that system can be cheated, it still helps. It’s better to have one’s activity on the database tracked than not at all.
2. Adopt some properties from block chain technology. One of the things that make blockchain interesting is how every transaction or change recorded and not easily erasable, if at all.
You can’t just delete an entry on the blockchain because all the transactions on the blockchain are stored on all the full nodes that are part of the network so even if you could delete it from a specific node, you would have to then delete it from at least 51% the nodes from the network at once.
Therefore, ZEC could create an open source software which people can use to access the voter’s registration information.
Nonetheless, if it’s already too late to implement this for the 2018 elections, then it can always be implemented in the future elections.
Now over to you…
Share
Home
10 comments
its not a good idea at all
Security cannot be an excuse to deny a citizen their rights. We can implement a less realtime solution by simply exporting a file and placing it on another computer on another network every few minutes/hours/days which would solve the security issue because hacking into that would achieve nothing. Technically this can be done using a DMZ or a cable you physically plug in and out for the export only for a few minutes, or even a flash drive. Implementing this would take less than 1 week, so they can still give us access to a voters role without giving us direct access to their servers
Trycolyn, when we know the level of access they want, then we can start talking.
But currently we go by the default firewall setting: Deny All
In human language, its a big NO until access levels are agreed and personal data remain personal and secure.
The first problem is the definition and limits of “access”. Are we talking about physical access? Access to the database architecture? Access to the raw data? What are the limitations of such access? What is the purpose of such access?
The question of access is too open and far reaching therefore, I agree with ZEC. Access Denied!
IT audit of the election management technology before and after elections to a team of IT experts from opposition parties + they should give us the voters roll in machine readable format
No. Just no.
nuff said
A catch 22 situation…I don’t Zim is secure enough at all to release this data…I think they should release figures instead… So if I see ump has more votes than Harare…. You get the idea… Also if I find the total vote in an area remote area say has 20000…. Alarm bells should ring….
very very bad idea to let the public have access to ZEC Servers. For what purpose would anyone want to have access to that data.#SERIOUS SECURITY RISK.We are talking about my finger prints, name, id number and more to be access by somelse who feels like.Thats crazy.
Hackers and other organisations can do massive data harvest, not cool. I do love my country and fair elections, i suuggest a realtime auto update registers counter and other stats for parties to use for campaings. thats it. Its funny and sad how Some Zimbabweans take cyber security as a joke
Let the Public have access to the servers……you will learn a thing or two about cyber security afterwards
First, ZEC stands for Zimbabwe Electoral (not electronic) Commission)!!
Second, years ago one could load an EXE file (can’t remember its name) and then type their ID number, and if registered to vote, their basic details would be displayed. on the screen. I see nothing wrong with a system that displays minimal data like that – which can be used to simply validate registered voters.