Monday 10 December 2018

Using Biometrics to eliminate “Ghost Workers” in the Civil Service in Zimbabwe


Dr Samuel Chindaro

In his 2019 budget speech, the Minister of Finance Mr Mthuli Ncube lamented the continuous existence of “ghost workers” in the Civil Service and made a proposal to introduce biometric registration to weed them out. According to the Minister, the existence of “ghost workers” is contributing to the “the burgeoning public service wage bill which accounts for over 90% of total revenues.”
The introduction of technology to stamp out economic sabotage, malpractices and corruption is in tandem with the call by President ED Mnangagwa in his maiden speech for the use of “e-government programme not only as a means to keep in step with the ICT revolution, but also to fight corruption.”  It is a refreshing acknowledgement, that when it comes to tackling corruption, we need to critically engage with the role of technology.
Despite Civil Service audits undertaken by Government in 2011 and 2015 which revealed the possible existence of ghost workers, minimal effort has been put towards eliminating this menace in the public service and the practice has remained unabated with millions of tax payer money pumped out annually from the government treasury through salary payments to non-existing employees. While corruption takes different forms in the public service, ghost workers fraud inflates the cost of governance to the detriment of overall development. Not only does the incidence of ghost workers fraud bloat the wage bill, it reduces employment opportunities for qualified applicants.
Ghost workers are people who are on the payroll while not doing any work; this includes people who claim a salary for people who have died, retired civil servants, relatives who do not work for the public service, or even people who never existed in the first place. Therefore, a ghost can be a real person who knowingly or not is placed on the payroll, or a fictitious person invented by the fraudster. This is payroll fraud, the government paying for employees who no longer work for the public service or who were never employed.
Other forms of ghost workers include staff that receive unearned salaries through false means; for example, staff who have multiple jobs in the civil service, receives multiple salaries using different names, staff who collect pay or allowances that is above their entitled right, staff who still receive full salary while on leave of absence, and employees who have been transferred or retired yet their names are in the payroll.  There are also workers who are duly employed but have absconded and never report to work. Many of them have other means of livelihood outside their workplace, but still collect their government salaries and allowances by working with other corrupt “insiders”.
Another fraudulent activity similar to ghost workers is “time theft”. Time theft at works occurs when an employee accepts pay from their employer for time they have not actually put in. It occurs in different ways such as “buddy punching” (your friend clocks you in), over extended breaks and excessive personal time. On a small scale, this might seem insignificant, but once you look at the big picture attendance fraud can have serious repercussions on government expenditure.
The high occurrence of ghost workers’ syndrome in Zimbabwe is obviously a worrisome situation in which cost of governance is high and annually, budgetary provision for government’s recurrent expenditure is excessive. This leads to paucity of fund which is required by State and Local Government for provision of critical infrastructure in education, health, power, water, roads etc.
Ghost workers’ fraud impact government and governance negatively by compensating idleness; that is government is paying for inactivity. It is a form of economic sabotage and drain to scarce resources of different tiers of government. Funds lost to this fraud are potentially huge and capable of derailing and distorting government’s developmental plans.
As the technology world evolves, challenges to implement secure personal identification protocols with biometric technology are increasing and the need for accurate human identification is higher than ever. As more governments around the world try to figure out a solution to the ghost worker issue, many are adopting biometrics for identification of employees. Biometric technology isolates and captures unique human physiological characteristics to identify a person. The main advantages of using a biometric system is that it identifies a person by who the person is rather than what the person has, unlike most traditional authorization systems such as personal identification numbers or ID cards. Unlike these solutions that rely on “what you have,” biometric credentials such as a fingerprint or facial image cannot be lost, forgotten, guessed, or easily cloned. It thus eliminates fake employee registration into the payroll system.
In Kenya biometric registration of employees uncovered 12,500 ‘ghost workers’.  In Nigeria the government used fingerprint based biometric identification to eliminate an astonishing 43,000 ghost workers from the public payroll, for a saving more than $75 million dollars. In India, within a week of introducing the system, employee attendance rose from 60 to 96 per cent. These examples prove the effectiveness of implementing biometric technology to establish accountability and punctuality.
The Zimbabwe government should therefore be commended for their plan to adopt biometrics to
establish accountability and eliminate ghost worker fraud. The country is already using biometrics ID and voter registration (to eliminate among others “ghost voters”); so its implementation for eliminating ghost workers should not present major challenges. Zimbabwe should draw lessons from these various experiences and take advantage of the latest biometric technological advances to improve efficiency and obtain higher rates of success.
If biometric attendance is implemented, the chance of fake time sheets or clocking for a friend will be reduced to zero. Also, during salary and benefit distribution, biometric identification will ensure accurate disbursement to the right employee and additionally create clear audit trails for employee punctuality which will in turn, improve service quality.
Biometric identification technology should also be embedded in the government workplaces’ practice to combat time theft and increase productivity of the workforce. A biometric attendance solution integrated with a workforce management system improves the efficiency and accuracy of timekeeping systems while saving payroll costs.
It is acknowledged that technology by itself cannot eliminate corruption. It would therefore be folly to conclude that the issue of ghost workers can be eliminated by biometric technology alone. In a multi-faceted issue like corruption technology alone cannot be a panacea. It is political will and transparency, rather than biometrics, that will exorcise corruption in general and ghost workers in particular.  However, adopting biometric registration for civil servants will go a long way in eliminating this vice.  
Dr Samuel Chindaro is an Electronics Engineer, biometrics expert and researcher, trained at NUST in Zimbabwe, the University of Birmingham and the University of Kent in the UK. At Kent, he was part of a specialist research group on biometrics technology. He can be contacted at S.Chindaro@gmail.com

Social Media and Zimbabwe Politics


By Dr Samuel Chindaro


The 2018  Zimbabwe elections saw an unprecedented use of social media for political campaigns, debates, discussions, disseminating of information, and news provision.  The internet and social media, supported by the revitalised democratic approach by the new dispensation, created a level of transparency in the election process that has never existed in Zimbabwe before. It was evident that social media will continue to play an important role in the future political discourse of the country.

Zimbabwe’s political landscape has changed significantly in the last year with the exit from the political field of the two main actors, Mugabe and Tsvangirai, and the fresh approach by President Mnangagwa; and the internet has played a significant role in this transformation. Social media is now a serious factor in political campaigns in the country and in the way people think about issues.

Taking the lead, in an unprecedented move by a Zimbabwean President, was the President himself who interacted directly with people via his official Facebook page and Twitter handle. He took time to respond to questions posted on his page; providing previously unimaginable access to the country’s leadership.  The opposition leader, Nelson Chamisa was also active in this respect, using the platforms to mobilise his support.

Zimbabweans embraced the opportunity to interact more easily with candidates and officials without attending live events which were streamed live by different online media outlets, individuals and organisations. Some politicians availed themselves temporarily on various Whatssupp groups in question-and-answer sessions. It was proof that the availability of alternative ways to ensure coverage of political parties have evolved so much that access to “state media” as a judgement of election fairness is not only retrogressive and unreasonable, but also irrelevant in this digital age!

For political leaders, it was an incredibly efficient way to quickly explain events, ideals and plans. Unfortunately, at the same time, social media offered false comfort to some politicians; as evidenced by events that unfolded. Several candidates were lured into a false sense of comfort and popularity by the number of followers, number of re-tweets and ‘likes’ neglecting the high likelihood that most these were from either diasporans, people outside their constituencies or simply unregistered voters, and got the shock of their lives when elections came around! Additionally; there were also several politicians and activists who were caught “offside” by the unforgiving digital footprint; as their previous posts came back to haunt them when they shifted positions or contradicted themselves.

The unprecedented attention given to the Zimbabwe elections under the new dispensation brought with it a mixture of participants which included international observers, self-exiled politicians and self-appointed political commentators, experts and armchair critics, most of whom were very active in social media. It was apparent that even though social media platforms are extremely powerful with a huge reach, they also have the potential to be used by political mis-contents and criminals to cause political harm and social disturbances.

Even though social media can enrich the political process, it also comes with dangerous possibilities. Following in the footsteps of the Trump-Russia-Facebook fake news scandal; it was evident that political and social harm could be inflicted on Zimbabwe by the misuse of social media to spread fake news. The election process witnessed a flurry of fake news, sensationalisation of issues and incitement of violence among other vices. It was proof that Facebook and Twitter are no longer just social networks, but information media that is dangerously easy to use as a weapon.

The platforms offered a rich environment for those who wanted to increase polarisation and incite violence; with self-exiled politicians who had fallen out with the new dispensation, and opposition activists playing a prominent role. For example, social media activists; whilst hiding behind their keyboards and/or their diaspora bases, were able to abet the incitement of some people to start violent protests in the guise of “defending their vote” even though the election results had not yet been announced.

Nothing online is always exactly as it seems and Whatssupp, Facebook and Twitter platforms were the most prevalent source of fake news before, during and after the elections in Zimbabwe. Like accusations of witchcraft, some of the fake stories got repeated often enough that they appeared to be legitimate. It was often difficult to distinguish articles that were misinformed from those that had been carefully researched on fact. The constant stream of links and rumours about political leaders and candidates was a mixture of truth, lies, satire and speculation with several of them being based on pure fabrications.

Typical examples of fake news were a video purporting to prove ballot stuffing, which was letter identified to be one from Kenya; and another one which was being promoted to prove post-election violence which was letter discovered to have originated from Nigeria! A lot of fake pictures and videos were also circulated and shared with the various observers and organisations through tagging, mostly of violent scenes from incidents far away from Zimbabwe, which formulated opinions of some of the gullible individuals, especially those that had pre-conceived perceptions of Zimbabwe. The opposition were caught in this web of fake news and fabrications to an extent that they tried to unwisely use it as evidence in their election challenge!

This brings us to one of the hidden forces that operated on social media; which was “confirmation bias”.  “Confirmation bias” is defined as the tendency of people to seek out only information they agree with. It limits people’s ability to question information that confirms or upholds their beliefs and people are inclined to interpret new evidence in light of beliefs associated with their social groups.

Listening to one Georgina Godwin on Sky News presenting opinions based on her Twitter feed as facts reinforced the “confirmation bias” phenomenon. Some of the observer reports were also based on unverified reports from their Twitter feeds which they accepted as facts most likely based on the “confirmation bias” syndrome. They became part of small, deeply polarised groups of individuals who tended to believe everything they heard, no matter how divorced from reality. Surely how would you expect an observer from a country that had pre-judged the elections by imposing sanctions on the country before the elections not to suffer from “confirmation bias”?  

The majority of followers on social media probably share common outlooks with the majority of feeds within these groups tending to express the same point of view. Inevitably some people became fuelled by the belief that only their views existed as they were never exposed to contradictory ones. Confirmation bias limited people’s ability to question information that confirmed or upheld their beliefs, unfriending and blocking people who posted contradictory opinions, creating an echo chamber.   It was common to be told “to go and play with your friends” if you did not echo the views of the group. It is this pre-selection and confirmation bias that fake news exploited with precision!

For this reason, social media reinforced opinions and made it more difficult for people to entertain
alternative points of view. It helped to make people more opinionated and less tolerant of others. The result was social media with a political discourse that was devoid of real ideas and broken into several polarised groups, which were deeply divided on partisan grounds, even on fundamental political issues.

The Zimbabwean experience reinforced the notion that social media can be a threat to the public’s political knowledge by constraining contact with diverse viewpoints and alternative beliefs. To overcome some of the negatives of using social media, one should make an effort to connect with an assortment of people with diverse viewpoints. Politicians should continue to embrace the opportunities that social media brings as a valuable source of information and use it to manage their own campaigns, publicise and initiate important socio-economic issues. It is incumbent upon everyone involved in the political process to make sure social media power is used to harness everything good about the Zimbabwean political system, rather than to hasten political trends that are hurting the country.

Without sufficient regulation, there is a clear danger as social media can be powerful enough to brainwash, incite, misinform and polarise Zimbabweans. This should of cause be carefully balanced with allowing open debate and protecting the freedom of expression.

Despite concern about this new information warfare and its potential negative impact on Zimbabwean politics, there are reasons for optimism. Knowledge of how fake news and confirmation bias affects us can ultimately change behaviour, helps us to not succumb to the manipulation, which ultimately strengthens democracy. It is easy to be influenced by misinformation posted by friends, leaders and followers, even if they do not intend to mislead you. It is therefore necessary to use a great deal of discernment before believing anything you read on social media.

We can use social media as a medium for common ground on important issues plaguing the country and as a place of healing.  At the very least, we should use social media to better understand those who voted differently than we did. However, this requires commitment to civility and tolerance of disagreement and self-control.

If we use our social networks to promote objectivity and civility, instead of partisanship and volatility, then we turn social media into truly one of our most important and powerful tools. If your posts are expressions of ridicule for those who support opposition politicians, ask yourself how much value you are getting from the time spent writing those tweets or comments.

Dr Samuel Chindaro holds a PhD in Electronics (University of Kent), MSc in Electronics and IT (University of Birmingham) and a B.Eng. Hons in Electronic Engineering (NUST). He is also a Chartered Engineer (Institution of Engineering and Technology). He can be contacted on S.Chindaro@gmail.com

Saturday 15 September 2018

Of the Voters’ Roll, Transparency and Right to Privacy


The recent demands by stakeholders in the upcoming Zimbabwe elections for copies of the Voters’ Roll have brought about an interesting dimension – that of transparency versus data protection and the right to privacy. When someone registers to vote, their voter registration record becomes a public record and available to individuals, political parties and other political stakeholders. The voter registration records that ZEC (Zimbabwe Electoral Commission) holds include personally identifying information such as home address, age and gender. With BVR (Biometric Voter Registration); sensitive biometric information which includes fingerprints and facial images is also held by ZEC.  

The conflict between privacy and transparency began to emerge and could be clearly seen in the exchanges that have taken place between different parties. So, are the rights to transparency and privacy incompatible? Do we have to sacrifice one right to enforce the other? What became apparent is that the two information rights; the right to privacy and right to information (transparency) must be balanced and work in tandem if the impacts from greater transparency in the upcoming Zimbabwe elections are to be meaningful.

Privacy is a fundamental human right which is central to the protection of human dignity and forms the basis of any democratic society. The right to privacy embodies the presumption that individuals should have an area free from arbitrary state intervention and from unsolicited intervention by uninvited individuals. Section 57 of Zimbabwe’s constitution explicitly recognises the right to privacy.  However, Zimbabwe still lacks data protection legislation and is yet to establish a data protection authority. This is unfortunate, because advances in information technology have introduced innovative ways of collecting, storing, and sharing personal data which require relevant and up-to-date legislation.

Other countries, for example the UK, have just implemented tougher and stricter data protection laws. These laws ensure that personal data is “used fairly, lawfully and transparently”, “used for specified, explicit purposes” and “used in a way that is adequate, relevant and limited to only what is necessary”.  There is stronger legal protection for more sensitive information, such as biometrics. The right to privacy has therefore, now evolved to include state obligations related to the protection of personal data.

The furore surrounding the publication and availability of the electoral register has brought into fore the need for public debate and reform on issues regarding the legality of the disclosure of full voter registration data online or in electronic format and related ethical issues. The Zimbabwean government and ZEC need to rethink how they are approaching the digital age in a way that both respects the public’s right to access information and simultaneously acknowledges how privacy and security issues have evolved with increasing connectivity and access to the internet and other electronic data sharing platforms.

The potential of open data for electoral processes must be balanced with an understanding of some of the sensitivities and risks related to data release. Some personal data is sensitive and need to remain closed, to be shared with only a few parties or to be disclosed only to a certain level. Biometric information collected via BVR should only be used for the specified purpose of automatic de-duplication of the register, and should not be further processed in any manner incompatible with that purpose. The released information must not be excessive in relation to the purpose of verifying the voters’ roll. Released electoral data should not be used for any personal, private, or commercial purpose, including, harassment of any voter or voter’s household, or marketing of products or services to any voter or voter’s household, or reproduction in print or electronic media.

The release of private information into the public domain carries with it several risks. These risks are especially important in the context of vulnerable populations. A full voter file could also be used for harmful purposes, for example when combined with other knowledge, to target individuals in their homes based on party affiliations. Already some stakeholders have already shockingly indicated that they would use biometric information (facial images) to knock on people’s doors! Not only is there a risk of individual harm, but the possibility of significant damage to broader public trust in ZEC and the government as a custodians of people’s data.

The releasing of electoral data also bears other risks. The data may be misinterpreted or misrepresented. Mis-representation of the electoral data may occur when the data is taken out of context or falsely attributed. This may result in misleading news items undermining ZEC or the mis-attribution of falsehoods, such as statistics. It is therefore imperative that ZEC ensures that every effort is taken to provide accurate information to counter misinterpretation and impose sanctions against those misleading the public.

One of the biggest threat to personal data in the public domain is identity theft; scams in which personal details are stolen. Several illegal/criminal activities can be perpetrated by an individual using the stolen identity. Imagine an identity theft criminal in possession of an individual’s biometrics, date of birth and address!  Besides financial fraud (for example using your ID to obtain a loan in your name), identity thieves can commit crimes, such as drug-trafficking, smuggling and terrorism, among many other criminal activities whilst posing as other people.

While the electoral register is in principle available to anybody, analyzing it requires skills; hence data intermediaries such as data journalists or data scientists who turn the data into insights, reports and analysis should play an important role. This data is useless in the hands of a person who lacks data analysis skills – indeed this has been proven so; with people who are now in possession of the voters’ register appearing confused about what to do with it!

At this point it is important that those receiving and inspecting the voters’ roll understand that no voter register is perfect. Voter lists represent a “snapshot” of a part of the population at a given moment in time. As changes in civil status or residency occur, the snapshot changes, and time is needed to reflect these events in the registers. For example, names of deceased persons who have registered may still be on the list, or internal and external migration might also have occurred since registration took place. It should also be noted that there are no international standards used to measure the accuracy, or the acceptable margin of error of voter lists; therefore, this issue is subjective.

Given the complications that might arise in interpretation and usage of the electoral register, it might be necessary to restrict full access to the full file only to nominated candidates and people with a demonstrated use of data in the public interest. It is argued here that people with criminal records relating to misuse of public information, interfering with electoral materials (one Morgan Komichi comes to mind!)  or who have demonstrated their ignorance of the importance of data protection (such as those demanding publications of biometric information, for example Mr. Chalton Hwende!) should ideally not be allowed possession and/or access to the full electoral roll.

The responsibility of the government, leadership and institutions as custodians of people’s data cannot be over-emphasised. It is therefore surprising and disappointing at the same time, that those aspiring for leadership and their advisors are clamoring for, and making demands that would compromise people’s privacy and data, wrongly hiding behind “the law”. Most surprising is that Advocate Nelson Chamisa, a former minister of ICT who should know better, and should be on the forefront of fighting for public data protection, is also caught up in making these dangerous demands.

Demands such as those made for publication of people’s biometrics (facial images) alongside their names and addresses are unreasonable, reckless and irresponsible from people who are asking the electorate for a mandate to rule the country; especially based on the claims that they are young and techno-savvy! It must also be noted that even though the Electoral Act does specify that a photograph of the registrant is required in the register it does not compel the electoral body to release this as part of the publicised electoral register – which would be irresponsible and impractical (due to file size) anyway! ZEC should therefore be applauded for sticking to their guns on this issue.

Protection of biometrics is critical in their usage to such an extent that there has been a lot of research in biometric template protection, a process whereby biometric data is encoded such that no one can reconstruct the original biometrics from the code. The issue of privacy in biometrics usage was a show-stopper in the introduction of biometric IDs in the UK. It should therefore not be treated lightly by those in leadership or aspiring to lead the country.

The Electoral Act as it stands gives ZEC the power to release the electoral register in a format that
would not compromise people’s data; but it is argued here that the law does not go far enough. It however, does cover issues surrounding the possible mis-use, corruption and manipulation of the data from the electoral register and the resulting penalties (up to 5 years’ imprisonment – be warned!).  However, once data is in the public domain it is difficult to control in this digital age, therefore measures, supported by the relevant laws should have been in place before the electorate’s data was released.

It brings to the fore a point raised before by this author, that legislature relevant to biometrics usage in the electoral process should be explicitly put in place. Carefully calibrated deterrence measures should be implemented to ensure that the negative impacts of election transparency are minimized. This is Zimbabwe’s opportunity to create a modern transparency regime which encapsulates data protection and citizens’ privacy, as well as ensuring public confidence in election outcomes.


Monday 8 January 2018

Fighting Corruption Using E-Governance



In his first state of the nation address, the president, Cde E D Mnangagwa told a joint sitting of the country’s two houses of parliament; “Corruption remains the major source of some of the problems we face as a country and its retarding impact on national development cannot be overemphasized. We need to use the e-government programme not only as a means to keep in step with the ICT revolution, but also to fight corruption. This is being complemented by the concurrent drive to boost internet connectivity throughout the country."  



Before delving further into the article, e-governance or e-government is defined as the use of ICT (Information and Communication Technology) to provide information to citizens and to connect citizens and government. E-governance has gained popularity in recent years, with many countries resorting to ICTs to modernise government, increase efficiency and improve public service delivery.

The above statement was a refreshing acknowledgement of the depth of the problem by the President as Zimbabwe continues to struggle with systemic corruption. In the same breath, the President also pointed out that part of the solution lies in ICT and in particular e-governance. This was significant as it signals a fresh approach which targets the utilisation of technological advancements to fight some of the social ills.

The President rightly pointed out that corruption is probably the most prevalent and persistent challenge Zimbabwe is facing in enhancing economic growth and improving the quality of life. The World Bank’s 2011 guide identifies corruption as “one of the single greatest obstacles to economic and social development”. It involves the misuse of public power, office or authority for private benefit through bribery, extortion, influence peddling, nepotism, fraud or embezzlement. Evidence is beginning to emerge of corrupt activities that have contributed to the economic challenges Zimbabwe is facing, as some of the culprits are now being exposed or arrested.

Corrupt activities by individuals and companies contribute to a rise in public expenditure and reduction in the amount of tax received by governments, thus less money is available for essential government services. Zimbabwe has not been spared, with such activities having had the adverse effect of discouraging investment, limiting economic growth and retarding improvement in the quality of life for the rural and poor segments of the country. Corruption led to mistrust between Zimbabwean citizens and public officials with the traffic police being cited as the most unprincipled. The wealth exhibited by some public officials, exemplified by the ownership of asserts which are disproportionate to their official sources of income, have further put a wedge between public servants and the general public.

Corruption in Zimbabwe has been fueled by a number of issues. The monopoly of power, where public officials have absolute authority to enforce regulations and policies is one such factor. Other drivers include the misuse of the power of discretion, lack of accountability and transparency. Although the cases of corruption in Zimbabwe which have been publicized so far have involved abuse of public power for private benefit, it goes without saying that it is also prevalent in the private sector, where for example issues in procurement and hiring have been highlighted in allegations surrounding a local businessman and a parastatal. It is hoped the government will continue to pursue such cases and bring the perpetrators to justice.

The fight against corruption in Zimbabwe has taken different forms such as the establishment of anti-graft agencies like the Zimbabwe Anti-Corruption Commission (ZACC) and the waging of massive campaigns against corruption by other governmental agencies. Despite these measures by government, the corruption virus strain keeps spreading. In this respect, the proposal and intention to fight this scourge using Information and Communications Technologies (ICTs) tools, in particular e-governance by the President, has to be applauded as this can be an effective tool to increase transparency and combat corruption.

A considerable amount of corruption cases involve the participation of a “middle man” in service delivery processes. As an example when one wants to apply for land, a birth certificate, or a passport or some other documentation, a paper based application is used and handled by a “middle man” who may demand a bribe to facilitate the service. Electronic delivery of services (e.g., submitting internet applications and tax returns for computer processing) can reduce corruption by reducing interactions with officials, thus eliminating the “middle man”. This eliminates discretion from the equation by removing intermediary services and allowing citizens to conduct transactions themselves. It eliminates unnecessary human intervention in government work processes, which also reduces the need to monitor corrupt behaviour.

E-governance makes face-to-face interactions between government and citizens unnecessary through online communication. The contents and procedures of all work are disclosed, and the administrative agency responds to questions and inquiries of the complainants through online channels; reducing the possibility of unfair treatment (or corruption) by public officials. The entire tax system for example, must be restructured with the specific purpose of reducing direct contact between citizens and tax officials to reduce opportunities for requests for bribes.

E-governance can reduce the need for citizens to use bribes to obtain information by making essential information publicly available. The President has highlighted the importance of transparency and accountability in his New Year message: “I urge you fellow Zimbabweans to engage with Government, its institutions and agencies for more transparent, just, accountable and responsible governance. Let us equally commit to honesty, transparency, accountability and discipline to ensure accelerated national development and progress.”

Greater access to information will promote greater transparency and accountability which will contribute to the government’s anti-corruption goals. Implementation of e-governance will greatly reduce the cost of collecting, distributing, and accessing government information. Additionally, the more open the government, the bigger the chance of discovering corrupt behaviours; resulting in public officials being accountable to the citizens. This will lead to the satisfaction of citizens and the development of a closer and trustworthy relationship between the government and citizens.

The monopoly of power and exercise of discretion, if not supported by high professional or ethical standards, may result in increased corruption. E–governance can be designed to make government processes more rule-based and objective; reducing the possibility of public officials deciding and interpreting disagreements. In an “If the computer says no - it means no” culture an individual’s discretional powers will be eroded thereby reducing chances of corruption.

 

Corruption is often caused by competition restrictions and information monopolies. The Herald 01/01/2018 pointed out how corruption in procurement has manifested: “It is believed that Government has been losing public funds through inefficient and ineffective procurement processes, which often resulted in the acquisition of sub-standard goods. In some instances, procurement officers have been accused of inflating the cost of goods and services.

 

The effects of corruption control through competition can be significant, especially in government procurement. The implementation of e-procurement has been prioritised by the government as reflected in the statement by Ambassador Chidyausiku after the dissolution of the State Procurement Board: “There will be a new authority with new faces, which is expected to bring the much-needed efficiency and technology such as e-procurement.”

 

The e-governance's disclosure of information will make it possible to compete fairly. It will provide an environment in which all private operators participate in open competition in procurement contracts. Fair distribution of information will suppress corruption by eliminating opportunities for officials in charge to provide beneficial information to specific operators or to apply special criteria. E-procurement will also prevent price fixing in addition to providing transparency and accountability.

 

The government faces a lot of challenges in implementing e-governance. At the heart of these is poor ICT infrastructure. The development of a robust ICT infrastructure is a requirement for successful e-governance implementation in which the government should play a leading role. It should create an enabling environment for the adoption of ICT in everyday lives of citizens as a starting point of e-governance. Policies should be developed that aim to improve penetration, increase uptake and bridge the digital divide. Internet diffusion is still low due to the fact that local phone calls are expensive. The telecommunications infrastructure is still inaccessible to most parts of Zimbabwe. In places where it is accessible, cost is usually a barrier.

 

Lack of computer literacy among the citizens, businesses, and government sectors themselves has been proven to be a barrier in implementing e-governance. A lot of training and capacity building will be required in both government institutions and the general public. The majority of those who have ICT skills are young citizens thus the elders might be left out in adopting e-governance.


The government needs to set up an institutional framework supporting e-governance initiatives. It is important to define clear mandates and responsibilities to ensure e-governance development and proper co-ordination across government agencies. For sustainability, local expertise should be developed thus eliminating the need for costly foreign consultants. E-governance systems require considerable financial resources and these must be allocated to build and manage systems, upgrade and construct relevant infrastructure.



It is however acknowledged that e-governance in itself is not a silver bullet in the fight against corruption. Corruption and accountability involve complex economic, cultural, and governance issues. It is the summation of the various approaches that makes up the ethical infrastructure that we must all reaffirm commitment to preserving. The President’s resolve to eliminate corruption has been unwavering and e-governance with the right implementation can make a huge difference in eliminating this evil vice from the Zimbabwean society.

Thursday 4 January 2018

Zimbabwe Operation Restore Legacy: Digital Footprint Lessons


Consistent with a global trend, Zimbabwe has experienced a marked growth in the use of social media and the internet in the past ten years. Recent developments with regards to the adoption and application of social media and the internet, have demonstrated that individuals and organisations need to carefully consider any content before publishing or dissipating it onto social media universe or uploading it on the internet platform. One has to be wary that it may just come back to haunt them at a later stage! The game-changing operation in Zimbabwe demonstrated politicians’ and social media activists’ ghosts of their former selves boomeranging to haunt them.

As the cornerstone of any democracy, freedom of speech empowers the general populace with the ability to freely express themselves in various forms; verbally or via electronic media in platforms including online. However, in today’s digital world any individual or organisation partaking in online activities leaves a permanent digital footprint, a trail which will be visible for generations to come. The pace of the changes that swept across Zimbabwe in the past month has demonstrated that going with the wind and having an irresistible urge to publish your thoughts and opinions online for the sake of re-tweets and “likes” can have a disastrous effect on your person. The internet is unforgiving.

A digital footprint is all of the information online about a person either posted by that person or others, intentionally or unintentionally. It is your online history, pertaining to all the stuff you leave behind as you use and surf the Internet. As the world moves increasingly online, most of our daily lives are recorded on some sort of electronic database. However what happens online is beyond our control!

Unlike footprints in the sand, which can be washed away by the wind or wave tides in the ocean or sea, digital footprints can be permanent. With the passing of every day, files, images and videos including pre-internet articles, are being uploaded; thus reincarnating historical footprints. Through your digital footprint; you are broadcasting what you look like, where you work, where you have been, who you know, your hobbies, and of course, your opinions on a variety of topics. This is accessible to anyone, including strangers!

In November this year, with the rapidly changing scenario in Zimbabwe, a lot of politicians, activists and “clikivists” (the internet politicians and analysts) found themselves flip-flopping on their analysis and commentary of the situation faster than the Karate Kid’s punches.  They found themselves navigating from the murky waters of “the Crocodile is finished” to the “return of the Crocodile”. Whilst this has been the norm in the political world before the digital age, the meandering path was not captured and it was easier for turncoats to shift positions and deny occupation of their previous ones. A lot of analysts were caught out; and embarrassingly so.

Philip Chiyangwa’s recordings for example, should provide lessons for figures of public prominence on the damage that the digital world can wreak on a reputation. Whilst he frantically tried to disassociate himself with the old order, the digital evidence was embarrassingly overwhelming. The way he is now being torn to shreds in the media gives an indication of what we can expect to see more of, as more politicians and political commentators of the digital age come into the spotlight as they try to flip-flop and change positions. Prof Moyo’s fall from grace, for example, is well documented on Twitter, thanks to his Twitter-activism and publicly available digital publications.

Prominent leaders of the MDC Alliance where also caught-up in the digital footprint unforgiving nature. After openly praising Operation Restore Legacy and the installation of President Mnangagwa on their Twitter and Facebook accounts; a number of them attempted to make a U-turn (apparently after failing to make it into government as they had hoped), but their digital activity was thrown back onto their faces, exposing them as  hypocrites. It is only a matter of time before our future leaders or even presidents find their teenage antics on Instagram, Twitter, Facebook and YouTube back-spinning to haunt them.

Whilst every individual could be the victim of his or her own digital footprint, it is public figures such as politicians who are most at risk. For such groups, even seemingly harmless information can be misinterpreted, spun and used by hostile third parties to expose private activity, attack reputations, and even do serious harm. However, counterintuitively, digital space remains overlooked by naïve public figures who venture into it without carrying out risk assessments. This was so prominent before, during and after the Zimbabwean events, where for example, the social media acts of the former President’s sons ignited and added heaps of fuel to the resentment towards the former first family. The bragging on social media by one Chivayo also came back to haunt him.

Known elements of a digital profile exist in the open for any unauthorised party to view indiscriminately. News stories, profile pieces and social media accounts offer a wealth of data that may reveal an individual’s interests, whereabouts and extended social circle. The social media accounts unwittingly divulge sensitive information, even where the target individuals themselves refrain from social media activity. Family members are often the prime information targets of hostile third parties. It does not take much effort to assemble a family tree and then to track down and monitor the circle’s digital activities. Investigative journalists are also increasingly turning to new tech-powered tools to source family-related stories.

As well as drawing negative press attention, some posts expose information which can pose physical risks too and can be used to track down the individuals themselves; such as license plate numbers and hotel locations.

Deviating from Zimbabwe, in the UK, the case of the burglary at the house of the millionaire footballer, John Terry in March this year is a typical example of how social postings can expose information which can be harmful. Terry’s mansion was targeted after the player posted pictures from the slopes of the French Alps with his wife, telling his 3.4 million Instagram followers that he was having a ‘great few days away skiing with the family’. A gang of four used the posted information to steal more than £400,000 worth of designer goods from the mansion of the former England captain whilst he was away!

It is difficult to permanently erase anything from the internet, and therefore it is critical to be aware of what is being circulated about an individual, their business or family. In this digital age these articles can become prominent features of an individual’s first page of internet search results; becoming a person’s virtual “business card”. Such content can have an especially enduring effect, appearing on the digital profiles of spouses, siblings and children due to a shared family name, creating an online reputation crisis.

Some websites build a list of the various devices one has used to visit them. While this can often be applicable as a means of helping to secure your account, it is important to understand the information being collected about your habits. Make no mistake about it – the web is listening every time you use it! It’s important that you understand what you’re leaving behind when you visit any website.

Social networking opens the door to the possibility of being cybervetted when applying for a job. Cybervetting or online vetting is the practice of using information found on the Internet to determine whether a person is a viable candidate for employment. It is just another tool in the box to gather information about the person’s behaviour to verify whether the applicant’s behaviour online is the same as in real life.

With one google search of your name prospective clients, employers, and co-workers can get a snapshot of your history. Most employers are using this snapshot to screen their applicants and eliminate candidates for consideration based on what they find. We should expect cybervetting to be used more and more by organisations, first to avoid surprises, and more as a digital background and fact checking tool. It is therefore critical now, more-so than ever, to be aware that what you say or do online is permanent. It can be a great opportunity for you to build your brand or conversely prove to be the easiest method of self-destruction.

There is also a flip side to this coin that suggests if you decide to go off the radar and remove your online trail you will cease to exist in a world where individuals are increasingly judged on their number of followers, online engagement or influence. Even employers already routinely check a candidate’s online profiles to see if they are a suitable fit for their organization and some are even hired as a result of their high Twitter following. The days of being digitally invisible are over, and anecdotally the lack of an online presence is starting to be viewed with suspicion in some circles. As the world increasingly turns online for information, digital silence can be obstructive in conducting effective due diligence or establishing a reputation.

Every day we contribute to a growing portrait of who we are online; a portrait that is probably more public than most of us assume. So no matter what you do online it is important that you know what kind of trail you are leaving, being aware of what the possible effects can be. Lessons should be drawn from the much-changed face of Zimbabwe and the speed of change, which saw a number of individuals scampering, trying to re-align themselves in vain, as the digital evidence was unforgiving.

Your digital footprint paints a picture of who you are. Before posting online, ask yourself whether the content portrays how you really want to be perceived. On the other hand creating a delusional online version of yourself is possibly the worst thing you can do; trying to be someone else is a waste of the person you are.

Social media and the internet are enablers that when used correctly can offer each and every one of us a wealth of opportunities with no side effects as long as we act responsibly. However, the internet is unforgiving, before texting, tweeting or sharing, consider how you would feel if the material went viral. Is your human need for approval for eliciting re-tweets and likes driving you to share questionable material? You should have zero expectation of privacy in cyberspace.

Thanks to screen capture; even a deleted post can still be retrieved and shared. Therefore, before you click ‘post’ on socio-economic and political topics think about your digital legacy! Unlike the Zimbabwean story, you cannot launch an “Operation Restore Legacy” in the digital world.

Sunday 17 December 2017

Zimbabwe: Cybercrime and Cybersecurity




The appointment of a fully-fledged Minister of Cyber Security, Threat Detection and Mitigation has been met with a lot of scepticism. This has been mainly driven by the perceived duplication of responsibilities among ministries, and also by the lack of public understanding of the real threat cybercrime poses. Such a perception threatens to downplay one of the fastest growing threats to technological development, not only affecting Zimbabwe but globally.

This has not been helped by the fact that this appointment was made following the tabling of the Cybercrime and Cybersecurity Bill (2017) which addresses the associated issues whilst allocating the responsibilities to the already existing Ministry of ICT. Several announcements by senior government officials relating to the use and perceived abuse of social media have also raised fears about what the new ministry will mean for civil liberties; especially those related to freedom of speech but most crucially, also adversely masking the real threat posed by cybercrime. It is indeed unfortunate that the general message coming from the government and the minister himself has an over-emphasis on stopping social media political activism at the expense of real cybercrime. Issues surrounding cybercrime and cybersecurity should not be trivialised by the government’s perceived motive or the reaction of the media and social commentators.

Cybercrime includes a broad range of illegal activities committed by means of a computer system or network. Unfortunately, most cybercrime exploits the poor knowledge and lax security habits of the general public. Cybercrime is no longer confined to fake e-mails “from the son of a dead African King”, but has become much more sophisticated and threatens to derail the economic benefits being achieved through technological advancements. It is the duty of the government to dispel the public perception, and convince the populace that this ministry was not created to instil fear on social media users, but rather to deal with the ever-growing threat from cybercrime. For the country to be adequately protected there needs to be more public sensitisation, education and training to increase awareness of the threats.

The general public is familiar with the usual physical burglary and theft, but the nature of cybercrime is such that the majority of people and businesses will not necessarily realise when digital burglary has taken place. Even though cyber-crime comes in different forms; it can be categorised into attacks against individuals, companies/organisations or other countries.

Personal crimes mainly involve identity-theft related scams in which personal details are stolen. A number of illegal/criminal activities can be perpetrated by an individual using the stolen identity. Besides financial fraud (for example using your ID to obtain a loan in your name), identity thieves commit crimes, such as drug-trafficking, smuggling and terrorism, among many other criminal activities whilst posing as other people.

A range of scams targeting individuals have been identified, with Zimbabwe having its fair share. A

number of people can testify to being lured online into depositing money to buy goods such as cars, clothing, groceries or services such as shipping, with companies and individuals disappearing from the cyber-world after collecting the money. There have also been reports of individuals lured into depositing money to secure non-existent job opportunities among other scams.

Attacks against organisations are becoming common and have recently manifested themselves in the form of Ransomware. This is comparable to real life kidnapping experiences, whereby criminals demand money for the return of kidnapped persons or seized precious items. In the cybercrime world the criminals use a malware or a “dangerous” computer programme to prevent or limit the usage of company services, stopping users from accessing the system/services unless a ransom is paid. Imagine an attack on the EcoCash mobile banking system which disables all associated services such as mobile money transfers even just for a day or disrupts/cuts off Econet, Telecel or TelOne mobile communication! The disruption that can occur and the damage to the economy could be quite substantial! The outcry that accompanied the disruption of WhatsApp services for a few hours last year around the world is a taster of the potential effect of cybercrime on everyday life.

In Zimbabwe, there have been reports of malware attacks on educational institutions and companies’ websites; with the Herald, the government, NUST and the Harare Institute of Technology reportedly affected, reflecting the reality of the threat on Zimbabwe’s doorstep. Companies and banking systems have also been subject to hacking (illegal penetration and use of computer systems) thus being defrauded by individuals of large amounts of money. The case of a Chitungwiza man who hacked OK Zimbabwe’s Money Wave System before stealing $70 000 reported widely, is a typical example of such cybercrime activities.

Another form of attack is one organised by a state against another state's institutions or infrastructure; a form of cyber-warfare. This involves one nation penetrating another nation's computers or networks for the purposes of causing damage, disruption or to obtain sensitive security information. In these types of attacks, one nation attempts to disrupt the activities of organizations or other nations for strategic or military purposes and cyber-espionage. Attacks may also be carried out by terrorist groups. Increasingly, cybercriminals are attacking governments through their critical infrastructure, including transportation systems, banking systems, power grids, hospitals and critical manufacturing.

Numerous incidents of cyber-warfare have been reported, for example, in March 2014; the Russian government allegedly disrupted the internet in Ukraine, enabling pro-Russian rebels to take control of Crimea. North Korea was blamed for the 2014 cyberattack on Sony Pictures after they released the film “The Interview”, which depicted the North Korean leader Kim Jong-un in what the country regarded as negative light. In December 2016, Ukraine experienced a blackout as a result of cyber-attacks on electric power distribution companies. Most recently, and still ongoing are allegations of Russian interference in the USA elections through cyber activities. The WikiLeaks case which also affected Zimbabwe is a typical highlight of another form of cyber-espionage. These incidents have brought into light, situations which used to be viewed as science fiction!

Social media remains a favoured target of scammers, as criminals seek to leverage the trust people have in their own social circles. Social media is quickly becoming a daily part of life in Zimbabwe; following a global trend. In social media generated cyber-crimes, criminals take advantage of the sharing facilities and present fake products, video links and “like” buttons which they use to spread their scams. Users are also lured into clicking fake website buttons that install malware with some posting updates on a user’s newsfeed, spreading the attack.

Terror groups have also been taking advantage of social media to further their goals and spread their message presenting governments with another frontier for cybersecurity. Investigations into attacks such as that of the Kenya Westgate Mall have revealed the use of social media and computer networks in planning and co-ordinating the attacks.

Cyber criminals continue to take advantage of vulnerabilities in poorly secured legitimate websites to infect users. Cyber criminals exploit the design weakness to gain access and manipulate these sites for their own purposes. For instance, cyber criminals can penetrate websites and acquire user data, compromising visitors to the affected websites. Attacks on websites and replacing contents are also common, with some websites content replaced by for example, extremist material or pornography.

To safeguard the country against cyber-crime, it is vital to promote the culture of cybersecurity among stakeholders, notably government, companies and cooperatives, civil society organisations and international organisations operating in the country to develop, manage and use information systems. It is important to engage industry, the civil society, and academia in the promotion and enhancement of a culture of cybersecurity. The government must also, on its part, mobilise resources to develop cyber security skills.

The government has to sensitise and provide education and training to the public. Law enforcement powers must be trained so that they execute their cybersecurity duties whilst maintaining the rule of law and meeting human rights requirements. Conditions and safeguards limiting law enforcement powers should be established. Since cybercrime is borderless; the Zimbabwe laws must be compatible with the laws of other countries to permit international cooperation. It should avoid over-criminalisation of social media-content, if it is to stop the stigmatisation associated with the newly created ministry.  

The government must ensure that critical information infrastructure is protected, to safeguard data and sensitive information. Data protection legislation should be put in place to safeguard the general public (critical with the ongoing biometric electoral registration which acquires sensitive individual data such as fingerprints; taking place).

Zimbabwe like other nations has been experiencing various types of cybercrimes including credit card theft, hacking, identity theft, phishing, unauthorised access according to police reports, but these have not received publicity in contrast with social media activism. One of the biggest impediments in advancing cyber security readiness is changing of mindsets to raise awareness about the potential risks of cybercrime; and publicity of ongoing cyber-crimes can go a long way in achieving this. All national stakeholders and citizens must work together in order to change the mindset and public perception of matters relating to cybersecurity.

Cybercrime not only derails the technological advancements but is an attack on economic, social and political advancement of societies.  It is therefore important for the new ministry to create greater awareness and capacity building programs to facilitate cyber resilience in the future whilst ensuring good governance and respect of human rights.
Note: Cybersecurity was rightly incorporated into the Ministry of ICT (and Cybersecurity) - After this article was written ...not because of this article.

BVR in Zimbabwe Elections : Going Forward


 


The arrival of the first batch of Biometric Voter Registration (BVR) kits is a landmark occasion and very significant to the voter registration process in Zimbabwe. It officially marks the shift to a technology-based voter registration system for the first time in Zimbabwe.  Credit should go to the Zimbabwe Electoral Commission (ZEC) and the government of Zimbabwe, for embracing biometrics technology in order to enhance the registration and voting process. Handled in the right way, the introduction of this technology to elections in Zimbabwe will go a long way in eliminating one of the major causes of controversy which has accompanied previous elections.


To carry out a credible election, we have to start with credible voter registration.  Issues surrounding the state of the voters roll have been at the heart of most election disputes in Zimbabwe. The main benefit which will be derived from the use of biometrics for voter registration will be the production of a new clean voters’ roll which contains unique individual information based on the physical characteristic (face image and fingerprints) of each voter.  It is important to emphasise this point as there have been a lot of misconception regarding the usage of biometrics in the upcoming elections.  In the planned BVR process, a voter’s details (name date of birth, address etc.) will be digitally captured and stored alongside their biometric features (face and fingerprints) on a computer.  This is very similar to the process we go through when we apply for National IDs (zvitupa) and passports. These will then be input into a single database where software will be used to clean up the voters roll by eliminating voters who would have registered multiple times.  This is because the software will not only compare names but will also compare the fingerprints. So a person who registers multiple times under different names will be picked out by the system.


The second part of the process, if it was to be implemented, would be biometrics-based voter verification or authentication which happens on voting day. This is whereby a person appears on voting day, presents an ID or provides a name. The person’s biometrics face and/or fingerprints are then captured and compared to those in the database.  If there is a match, the person would be verified, gets a ballot paper and continues to vote (manually) in the normal way! The person’s details are then digitally marked as having voted and cannot be used for repeat voting. This is NOT electronic or biometric voting, but manual voting as we are used to! 


However it is important to emphasise that ZEC has clearly indicated that biometrics are going to be used for voter registration ONLY. However with the biometric register in place; in future elections, ZEC can take the next step of using biometrics for voter verification on polling day. It is therefore important to recognise that biometrics are not going to be used on polling day and identification documents will remain critical for identifying voters. On polling day; voters will still be required to present identification documents which will then be cross-checked manually with information in the system before one is allowed to vote. Therefore the current exercise by the Registrar General’s office of issuing IDs should be viewed and judged with this in perspective.


The availability of the BVR kits means the BVR registration exercise can now be kick-started.  However, there are a number of issues that ZEC should now be diligently looking into in order to ensure that this process is a success.

It is essential that ZEC ensures that staff who are going to be handling these kits are adequately trained and skilled. It is unfortunate that the training of the “BVR Master Trainers and Technicians” could not be started earlier; the 5 days allocated for the training may not be adequate. Technology is only as good as the way it is deployed. In order to identify multiple registrations; which is the main benefit of the system, clean data must be submitted. Finger prints and photographs must be clearly captured in the right way, which requires trained and capable staff. Essential skills for staff operating biometric voter registration (BVR) include basic computer skills, with an emphasis on data capture, processing and administration on top of planning and logistical skills. Staff should also be trained to repair and maintain the equipment, so that they do not rely solely on the supplier for maintenance and support issues. The timelines are tight, but the preparedness of the registration team is crucial to the success of the process.


Since election technology has the potential to directly affect the political process, it is important to engender a sense of ownership in its users.  In order to achieve this, ZEC should provide sufficient information to the public to enable them to feel included in the process.  In addition, accessibility, versatility and equality considerations are to be taken into account when deploying these kits to ensure that people with special needs (the old, and disabled for example) are included.  Challenges that may occur during data capture include unreadable prints of old people and physical workers (for example miners), people with missing fingers and software bugs.  Contingency measures should be in place to make sure that none of the affected people are disenfranchised.


There are a number of technical issues associated with the use of BVR which ZEC must be aware of and mitigate against.  The use of technology has associated data security risks which occur as data is collected from individual registration centres to the central registry. Safeguards should be in place to prevent corruption or manipulation of the data. Corrupted data may result in “false rejection” of valid voters. It is therefore important that data security gaps are eliminated from this process.


ZEC has to ensure that there are measures in place for the biometric data collected to be securely transported from registration centres to data centres. There must be mitigating control measures to protect the mobile registration kits and data storage devices from theft, manipulation or destruction during storage and transportation from registration centres.

ZEC must also clarify the issue of the Data Centre (Central Server) which will host the AFIS software (de-duplication software), the centralised biometric data and related systems. There have been conflicting reports emerging from ZEC which ranged from a separate tender process for the central system, provision from existing facilities and recently UN sponsored upgrading of an existing system. Such conflicting statements emanating from ZEC are not helpful. It should be noted that the Central Server will only be required once all the data from the various registration centres has been gathered; so ZEC has got time to resolve this issue.


Once the Central Server is in place, adequate security measures must be put in place; with defined data access privileges (who has permission to access and make amendments to the database?), recovery and back-up procedures. The processes to identify any security breaches and the audit to track any changes to the database to the satisfaction of all stakeholders should be outlined. These security issues are crucial and must be addressed in a transparent manner to avoid post-registration or post-election disputes.


The challenges to ZEC are not only restricted to technology and procurement. Advanced technology alone cannot guarantee the integrity of elections without corresponding legal and administrative protective mechanisms. It is therefore important for ZEC to ensure that the legal framework is compatible with the introduction and use of BVR technology. With all due respect to the legal expertise of  Justice Rita Makarau (the ZEC Chairperson), the Kenyan electoral dispute has highlighted that failures to adhere to constitutional and other legal requirements can occur and may be challenged.

Associated with acquisition of biometric data is the issue of data protection and right to privacy. While there is a need for electoral data to be in the public domain, the balance between, on one hand, the reasonable demands for transparency in electoral processes and the right to privacy of the citizen on the other is a delicate exercise which requires careful handling.


In spite of all the challenges, the introduction of biometrics in the compilation of voter registers should improve the accuracy of the voter registers and provide the foundation for clean, violence-free, fair and credible elections. The biggest benefit of BVR ; as has already been stated is the production of a clean, credible and reliable voters’ register which is at the heart of conducting a fair and credible election. The integrity of the voters’ roll is one of the basic principles on which the legitimacy of an election is founded; and BVR implemented in the right way is a giant step forward.