Of the Voters’ Roll, Transparency and Right to Privacy

The recent demands by stakeholders in the upcoming Zimbabwe elections for copies of the Voters’ Roll have brought about an interesting dimension – that of transparency versus data protection and the right to privacy. When someone registers to vote, their voter registration record becomes a public record and available to individuals, political parties and other political stakeholders. The voter registration records that ZEC (Zimbabwe Electoral Commission) holds include personally identifying information such as home address, age and gender. With BVR (Biometric Voter Registration); sensitive biometric information which includes fingerprints and facial images is also held by ZEC.  

The conflict between privacy and transparency began to emerge and could be clearly seen in the exchanges that have taken place between different parties. So, are the rights to transparency and privacy incompatible? Do we have to sacrifice one right to enforce the other? What became apparent is that the two information rights; the right to privacy and right to information (transparency) must be balanced and work in tandem if the impacts from greater transparency in the upcoming Zimbabwe elections are to be meaningful.

Privacy is a fundamental human right which is central to the protection of human dignity and forms the basis of any democratic society. The right to privacy embodies the presumption that individuals should have an area free from arbitrary state intervention and from unsolicited intervention by uninvited individuals. Section 57 of Zimbabwe’s constitution explicitly recognises the right to privacy.  However, Zimbabwe still lacks data protection legislation and is yet to establish a data protection authority. This is unfortunate, because advances in information technology have introduced innovative ways of collecting, storing, and sharing personal data which require relevant and up-to-date legislation.

Other countries, for example the UK, have just implemented tougher and stricter data protection laws. These laws ensure that personal data is “used fairly, lawfully and transparently”, “used for specified, explicit purposes” and “used in a way that is adequate, relevant and limited to only what is necessary”.  There is stronger legal protection for more sensitive information, such as biometrics. The right to privacy has therefore, now evolved to include state obligations related to the protection of personal data.

The furore surrounding the publication and availability of the electoral register has brought into fore the need for public debate and reform on issues regarding the legality of the disclosure of full voter registration data online or in electronic format and related ethical issues. The Zimbabwean government and ZEC need to rethink how they are approaching the digital age in a way that both respects the public’s right to access information and simultaneously acknowledges how privacy and security issues have evolved with increasing connectivity and access to the internet and other electronic data sharing platforms.

The potential of open data for electoral processes must be balanced with an understanding of some of the sensitivities and risks related to data release. Some personal data is sensitive and need to remain closed, to be shared with only a few parties or to be disclosed only to a certain level. Biometric information collected via BVR should only be used for the specified purpose of automatic de-duplication of the register, and should not be further processed in any manner incompatible with that purpose. The released information must not be excessive in relation to the purpose of verifying the voters’ roll. Released electoral data should not be used for any personal, private, or commercial purpose, including, harassment of any voter or voter’s household, or marketing of products or services to any voter or voter’s household, or reproduction in print or electronic media.

The release of private information into the public domain carries with it several risks. These risks are especially important in the context of vulnerable populations. A full voter file could also be used for harmful purposes, for example when combined with other knowledge, to target individuals in their homes based on party affiliations. Already some stakeholders have already shockingly indicated that they would use biometric information (facial images) to knock on people’s doors! Not only is there a risk of individual harm, but the possibility of significant damage to broader public trust in ZEC and the government as a custodians of people’s data.

The releasing of electoral data also bears other risks. The data may be misinterpreted or misrepresented. Mis-representation of the electoral data may occur when the data is taken out of context or falsely attributed. This may result in misleading news items undermining ZEC or the mis-attribution of falsehoods, such as statistics. It is therefore imperative that ZEC ensures that every effort is taken to provide accurate information to counter misinterpretation and impose sanctions against those misleading the public.

One of the biggest threat to personal data in the public domain is identity theft; scams in which personal details are stolen. Several illegal/criminal activities can be perpetrated by an individual using the stolen identity. Imagine an identity theft criminal in possession of an individual’s biometrics, date of birth and address!  Besides financial fraud (for example using your ID to obtain a loan in your name), identity thieves can commit crimes, such as drug-trafficking, smuggling and terrorism, among many other criminal activities whilst posing as other people.

While the electoral register is in principle available to anybody, analyzing it requires skills; hence data intermediaries such as data journalists or data scientists who turn the data into insights, reports and analysis should play an important role. This data is useless in the hands of a person who lacks data analysis skills – indeed this has been proven so; with people who are now in possession of the voters’ register appearing confused about what to do with it!

At this point it is important that those receiving and inspecting the voters’ roll understand that no voter register is perfect. Voter lists represent a “snapshot” of a part of the population at a given moment in time. As changes in civil status or residency occur, the snapshot changes, and time is needed to reflect these events in the registers. For example, names of deceased persons who have registered may still be on the list, or internal and external migration might also have occurred since registration took place. It should also be noted that there are no international standards used to measure the accuracy, or the acceptable margin of error of voter lists; therefore, this issue is subjective.

Given the complications that might arise in interpretation and usage of the electoral register, it might be necessary to restrict full access to the full file only to nominated candidates and people with a demonstrated use of data in the public interest. It is argued here that people with criminal records relating to misuse of public information, interfering with electoral materials (one Morgan Komichi comes to mind!)  or who have demonstrated their ignorance of the importance of data protection (such as those demanding publications of biometric information, for example Mr. Chalton Hwende!) should ideally not be allowed possession and/or access to the full electoral roll.

The responsibility of the government, leadership and institutions as custodians of people’s data cannot be over-emphasised. It is therefore surprising and disappointing at the same time, that those aspiring for leadership and their advisors are clamoring for, and making demands that would compromise people’s privacy and data, wrongly hiding behind “the law”. Most surprising is that Advocate Nelson Chamisa, a former minister of ICT who should know better, and should be on the forefront of fighting for public data protection, is also caught up in making these dangerous demands.

Demands such as those made for publication of people’s biometrics (facial images) alongside their names and addresses are unreasonable, reckless and irresponsible from people who are asking the electorate for a mandate to rule the country; especially based on the claims that they are young and techno-savvy! It must also be noted that even though the Electoral Act does specify that a photograph of the registrant is required in the register it does not compel the electoral body to release this as part of the publicised electoral register – which would be irresponsible and impractical (due to file size) anyway! ZEC should therefore be applauded for sticking to their guns on this issue.

Protection of biometrics is critical in their usage to such an extent that there has been a lot of research in biometric template protection, a process whereby biometric data is encoded such that no one can reconstruct the original biometrics from the code. The issue of privacy in biometrics usage was a show-stopper in the introduction of biometric IDs in the UK. It should therefore not be treated lightly by those in leadership or aspiring to lead the country.

The Electoral Act as it stands gives ZEC the power to release the electoral register in a format that

would not compromise people’s data; but it is argued here that the law does not go far enough. It however, does cover issues surrounding the possible mis-use, corruption and manipulation of the data from the electoral register and the resulting penalties (up to 5 years’ imprisonment – be warned!).  However, once data is in the public domain it is difficult to control in this digital age, therefore measures, supported by the relevant laws should have been in place before the electorate’s data was released.

It brings to the fore a point raised before by this author, that legislature relevant to biometrics usage in the electoral process should be explicitly put in place. Carefully calibrated deterrence measures should be implemented to ensure that the negative impacts of election transparency are minimized. This is Zimbabwe’s opportunity to create a modern transparency regime which encapsulates data protection and citizens’ privacy, as well as ensuring public confidence in election outcomes.