Of the Voters’ Roll, Transparency and Right to Privacy

The recent demands by stakeholders in the upcoming Zimbabwe elections for copies of the Voters’ Roll have brought about an interesting dimension – that of transparency versus data protection and the right to privacy. When someone registers to vote, their voter registration record becomes a public record and available to individuals, political parties and other political stakeholders. The voter registration records that ZEC (Zimbabwe Electoral Commission) holds include personally identifying information such as home address, age and gender. With BVR (Biometric Voter Registration); sensitive biometric information which includes fingerprints and facial images is also held by ZEC.  

The conflict between privacy and transparency began to emerge and could be clearly seen in the exchanges that have taken place between different parties. So, are the rights to transparency and privacy incompatible? Do we have to sacrifice one right to enforce the other? What became apparent is that the two information rights; the right to privacy and right to information (transparency) must be balanced and work in tandem if the impacts from greater transparency in the upcoming Zimbabwe elections are to be meaningful.

Privacy is a fundamental human right which is central to the protection of human dignity and forms the basis of any democratic society. The right to privacy embodies the presumption that individuals should have an area free from arbitrary state intervention and from unsolicited intervention by uninvited individuals. Section 57 of Zimbabwe’s constitution explicitly recognises the right to privacy.  However, Zimbabwe still lacks data protection legislation and is yet to establish a data protection authority. This is unfortunate, because advances in information technology have introduced innovative ways of collecting, storing, and sharing personal data which require relevant and up-to-date legislation.

Other countries, for example the UK, have just implemented tougher and stricter data protection laws. These laws ensure that personal data is “used fairly, lawfully and transparently”, “used for specified, explicit purposes” and “used in a way that is adequate, relevant and limited to only what is necessary”.  There is stronger legal protection for more sensitive information, such as biometrics. The right to privacy has therefore, now evolved to include state obligations related to the protection of personal data.

The furore surrounding the publication and availability of the electoral register has brought into fore the need for public debate and reform on issues regarding the legality of the disclosure of full voter registration data online or in electronic format and related ethical issues. The Zimbabwean government and ZEC need to rethink how they are approaching the digital age in a way that both respects the public’s right to access information and simultaneously acknowledges how privacy and security issues have evolved with increasing connectivity and access to the internet and other electronic data sharing platforms.

The potential of open data for electoral processes must be balanced with an understanding of some of the sensitivities and risks related to data release. Some personal data is sensitive and need to remain closed, to be shared with only a few parties or to be disclosed only to a certain level. Biometric information collected via BVR should only be used for the specified purpose of automatic de-duplication of the register, and should not be further processed in any manner incompatible with that purpose. The released information must not be excessive in relation to the purpose of verifying the voters’ roll. Released electoral data should not be used for any personal, private, or commercial purpose, including, harassment of any voter or voter’s household, or marketing of products or services to any voter or voter’s household, or reproduction in print or electronic media.

The release of private information into the public domain carries with it several risks. These risks are especially important in the context of vulnerable populations. A full voter file could also be used for harmful purposes, for example when combined with other knowledge, to target individuals in their homes based on party affiliations. Already some stakeholders have already shockingly indicated that they would use biometric information (facial images) to knock on people’s doors! Not only is there a risk of individual harm, but the possibility of significant damage to broader public trust in ZEC and the government as a custodians of people’s data.

The releasing of electoral data also bears other risks. The data may be misinterpreted or misrepresented. Mis-representation of the electoral data may occur when the data is taken out of context or falsely attributed. This may result in misleading news items undermining ZEC or the mis-attribution of falsehoods, such as statistics. It is therefore imperative that ZEC ensures that every effort is taken to provide accurate information to counter misinterpretation and impose sanctions against those misleading the public.

One of the biggest threat to personal data in the public domain is identity theft; scams in which personal details are stolen. Several illegal/criminal activities can be perpetrated by an individual using the stolen identity. Imagine an identity theft criminal in possession of an individual’s biometrics, date of birth and address!  Besides financial fraud (for example using your ID to obtain a loan in your name), identity thieves can commit crimes, such as drug-trafficking, smuggling and terrorism, among many other criminal activities whilst posing as other people.

While the electoral register is in principle available to anybody, analyzing it requires skills; hence data intermediaries such as data journalists or data scientists who turn the data into insights, reports and analysis should play an important role. This data is useless in the hands of a person who lacks data analysis skills – indeed this has been proven so; with people who are now in possession of the voters’ register appearing confused about what to do with it!

At this point it is important that those receiving and inspecting the voters’ roll understand that no voter register is perfect. Voter lists represent a “snapshot” of a part of the population at a given moment in time. As changes in civil status or residency occur, the snapshot changes, and time is needed to reflect these events in the registers. For example, names of deceased persons who have registered may still be on the list, or internal and external migration might also have occurred since registration took place. It should also be noted that there are no international standards used to measure the accuracy, or the acceptable margin of error of voter lists; therefore, this issue is subjective.

Given the complications that might arise in interpretation and usage of the electoral register, it might be necessary to restrict full access to the full file only to nominated candidates and people with a demonstrated use of data in the public interest. It is argued here that people with criminal records relating to misuse of public information, interfering with electoral materials (one Morgan Komichi comes to mind!)  or who have demonstrated their ignorance of the importance of data protection (such as those demanding publications of biometric information, for example Mr. Chalton Hwende!) should ideally not be allowed possession and/or access to the full electoral roll.

The responsibility of the government, leadership and institutions as custodians of people’s data cannot be over-emphasised. It is therefore surprising and disappointing at the same time, that those aspiring for leadership and their advisors are clamoring for, and making demands that would compromise people’s privacy and data, wrongly hiding behind “the law”. Most surprising is that Advocate Nelson Chamisa, a former minister of ICT who should know better, and should be on the forefront of fighting for public data protection, is also caught up in making these dangerous demands.

Demands such as those made for publication of people’s biometrics (facial images) alongside their names and addresses are unreasonable, reckless and irresponsible from people who are asking the electorate for a mandate to rule the country; especially based on the claims that they are young and techno-savvy! It must also be noted that even though the Electoral Act does specify that a photograph of the registrant is required in the register it does not compel the electoral body to release this as part of the publicised electoral register – which would be irresponsible and impractical (due to file size) anyway! ZEC should therefore be applauded for sticking to their guns on this issue.

Protection of biometrics is critical in their usage to such an extent that there has been a lot of research in biometric template protection, a process whereby biometric data is encoded such that no one can reconstruct the original biometrics from the code. The issue of privacy in biometrics usage was a show-stopper in the introduction of biometric IDs in the UK. It should therefore not be treated lightly by those in leadership or aspiring to lead the country.

The Electoral Act as it stands gives ZEC the power to release the electoral register in a format that

would not compromise people’s data; but it is argued here that the law does not go far enough. It however, does cover issues surrounding the possible mis-use, corruption and manipulation of the data from the electoral register and the resulting penalties (up to 5 years’ imprisonment – be warned!).  However, once data is in the public domain it is difficult to control in this digital age, therefore measures, supported by the relevant laws should have been in place before the electorate’s data was released.

It brings to the fore a point raised before by this author, that legislature relevant to biometrics usage in the electoral process should be explicitly put in place. Carefully calibrated deterrence measures should be implemented to ensure that the negative impacts of election transparency are minimized. This is Zimbabwe’s opportunity to create a modern transparency regime which encapsulates data protection and citizens’ privacy, as well as ensuring public confidence in election outcomes.

Fighting Corruption Using E-Governance

In his first state of the nation address, the president, Cde E D Mnangagwa told a joint sitting of the country’s two houses of parliament; “Corruption remains the major source of some of the problems we face as a country and its retarding impact on national development cannot be overemphasized. We need to use the e-government programme not only as a means to keep in step with the ICT revolution, but also to fight corruption. This is being complemented by the concurrent drive to boost internet connectivity throughout the country."  

Before delving further into the article, e-governance or e-government is defined as the use of ICT (Information and Communication Technology) to provide information to citizens and to connect citizens and government. E-governance has gained popularity in recent years, with many countries resorting to ICTs to modernise government, increase efficiency and improve public service delivery.

The above statement was a refreshing acknowledgement of the depth of the problem by the President as Zimbabwe continues to struggle with systemic corruption. In the same breath, the President also pointed out that part of the solution lies in ICT and in particular e-governance. This was significant as it signals a fresh approach which targets the utilisation of technological advancements to fight some of the social ills.

The President rightly pointed out that corruption is probably the most prevalent and persistent challenge Zimbabwe is facing in enhancing economic growth and improving the quality of life. The World Bank’s 2011 guide identifies corruption as “one of the single greatest obstacles to economic and social development”. It involves the misuse of public power, office or authority for private benefit through bribery, extortion, influence peddling, nepotism, fraud or embezzlement. Evidence is beginning to emerge of corrupt activities that have contributed to the economic challenges Zimbabwe is facing, as some of the culprits are now being exposed or arrested.

Corrupt activities by individuals and companies contribute to a rise in public expenditure and reduction in the amount of tax received by governments, thus less money is available for essential government services. Zimbabwe has not been spared, with such activities having had the adverse effect of discouraging investment, limiting economic growth and retarding improvement in the quality of life for the rural and poor segments of the country. Corruption led to mistrust between Zimbabwean citizens and public officials with the traffic police being cited as the most unprincipled. The wealth exhibited by some public officials, exemplified by the ownership of asserts which are disproportionate to their official sources of income, have further put a wedge between public servants and the general public.

Corruption in Zimbabwe has been fueled by a number of issues. The monopoly of power, where public officials have absolute authority to enforce regulations and policies is one such factor. Other drivers include the misuse of the power of discretion, lack of accountability and transparency. Although the cases of corruption in Zimbabwe which have been publicized so far have involved abuse of public power for private benefit, it goes without saying that it is also prevalent in the private sector, where for example issues in procurement and hiring have been highlighted in allegations surrounding a local businessman and a parastatal. It is hoped the government will continue to pursue such cases and bring the perpetrators to justice.

The fight against corruption in Zimbabwe has taken different forms such as the establishment of anti-graft agencies like the Zimbabwe Anti-Corruption Commission (ZACC) and the waging of massive campaigns against corruption by other governmental agencies. Despite these measures by government, the corruption virus strain keeps spreading. In this respect, the proposal and intention to fight this scourge using Information and Communications Technologies (ICTs) tools, in particular e-governance by the President, has to be applauded as this can be an effective tool to increase transparency and combat corruption.

A considerable amount of corruption cases involve the participation of a “middle man” in service delivery processes. As an example when one wants to apply for land, a birth certificate, or a passport or some other documentation, a paper based application is used and handled by a “middle man” who may demand a bribe to facilitate the service. Electronic delivery of services (e.g., submitting internet applications and tax returns for computer processing) can reduce corruption by reducing interactions with officials, thus eliminating the “middle man”. This eliminates discretion from the equation by removing intermediary services and allowing citizens to conduct transactions themselves. It eliminates unnecessary human intervention in government work processes, which also reduces the need to monitor corrupt behaviour.

E-governance makes face-to-face interactions between government and citizens unnecessary through online communication. The contents and procedures of all work are disclosed, and the administrative agency responds to questions and inquiries of the complainants through online channels; reducing the possibility of unfair treatment (or corruption) by public officials. The entire tax system for example, must be restructured with the specific purpose of reducing direct contact between citizens and tax officials to reduce opportunities for requests for bribes.

E-governance can reduce the need for citizens to use bribes to obtain information by making essential information publicly available. The President has highlighted the importance of transparency and accountability in his New Year message: “I urge you fellow Zimbabweans to engage with Government, its institutions and agencies for more transparent, just, accountable and responsible governance. Let us equally commit to honesty, transparency, accountability and discipline to ensure accelerated national development and progress.”

Greater access to information will promote greater transparency and accountability which will contribute to the government’s anti-corruption goals. Implementation of e-governance will greatly reduce the cost of collecting, distributing, and accessing government information. Additionally, the more open the government, the bigger the chance of discovering corrupt behaviours; resulting in public officials being accountable to the citizens. This will lead to the satisfaction of citizens and the development of a closer and trustworthy relationship between the government and citizens.

The monopoly of power and exercise of discretion, if not supported by high professional or ethical standards, may result in increased corruption. E–governance can be designed to make government processes more rule-based and objective; reducing the possibility of public officials deciding and interpreting disagreements. In an “If the computer says no - it means no” culture an individual’s discretional powers will be eroded thereby reducing chances of corruption.

 

Corruption is often caused by competition restrictions and information monopolies. The Herald 01/01/2018 pointed out how corruption in procurement has manifested: “It is believed that Government has been losing public funds through inefficient and ineffective procurement processes, which often resulted in the acquisition of sub-standard goods. In some instances, procurement officers have been accused of inflating the cost of goods and services.”

 

The effects of corruption control through competition can be significant, especially in government procurement. The implementation of e-procurement has been prioritised by the government as reflected in the statement by Ambassador Chidyausiku after the dissolution of the State Procurement Board: “There will be a new authority with new faces, which is expected to bring the much-needed efficiency and technology such as e-procurement.”

 

The e-governance's disclosure of information will make it possible to compete fairly. It will provide an environment in which all private operators participate in open competition in procurement contracts. Fair distribution of information will suppress corruption by eliminating opportunities for officials in charge to provide beneficial information to specific operators or to apply special criteria. E-procurement will also prevent price fixing in addition to providing transparency and accountability.

 

The government faces a lot of challenges in implementing e-governance. At the heart of these is poor ICT infrastructure. The development of a robust ICT infrastructure is a requirement for successful e-governance implementation in which the government should play a leading role. It should create an enabling environment for the adoption of ICT in everyday lives of citizens as a starting point of e-governance. Policies should be developed that aim to improve penetration, increase uptake and bridge the digital divide. Internet diffusion is still low due to the fact that local phone calls are expensive. The telecommunications infrastructure is still inaccessible to most parts of Zimbabwe. In places where it is accessible, cost is usually a barrier.

 

Lack of computer literacy among the citizens, businesses, and government sectors themselves has been proven to be a barrier in implementing e-governance. A lot of training and capacity building will be required in both government institutions and the general public. The majority of those who have ICT skills are young citizens thus the elders might be left out in adopting e-governance.

The government needs to set up an institutional framework supporting e-governance initiatives. It is important to define clear mandates and responsibilities to ensure e-governance development and proper co-ordination across government agencies. For sustainability, local expertise should be developed thus eliminating the need for costly foreign consultants. E-governance systems require considerable financial resources and these must be allocated to build and manage systems, upgrade and construct relevant infrastructure.

It is however acknowledged that e-governance in itself is not a silver bullet in the fight against corruption. Corruption and accountability involve complex economic, cultural, and governance issues. It is the summation of the various approaches that makes up the ethical infrastructure that we must all reaffirm commitment to preserving. The President’s resolve to eliminate corruption has been unwavering and e-governance with the right implementation can make a huge difference in eliminating this evil vice from the Zimbabwean society.

Zimbabwe Operation Restore Legacy: Digital Footprint Lessons

Consistent with a global trend, Zimbabwe has experienced a marked growth in the use of social media and the internet in the past ten years. Recent developments with regards to the adoption and application of social media and the internet, have demonstrated that individuals and organisations need to carefully consider any content before publishing or dissipating it onto social media universe or uploading it on the internet platform. One has to be wary that it may just come back to haunt them at a later stage! The game-changing operation in Zimbabwe demonstrated politicians’ and social media activists’ ghosts of their former selves boomeranging to haunt them.

As the cornerstone of any democracy, freedom of speech empowers the general populace with the ability to freely express themselves in various forms; verbally or via electronic media in platforms including online. However, in today’s digital world any individual or organisation partaking in online activities leaves a permanent digital footprint, a trail which will be visible for generations to come. The pace of the changes that swept across Zimbabwe in the past month has demonstrated that going with the wind and having an irresistible urge to publish your thoughts and opinions online for the sake of re-tweets and “likes” can have a disastrous effect on your person. The internet is unforgiving.

A digital footprint is all of the information online about a person either posted by that person or others, intentionally or unintentionally. It is your online history, pertaining to all the stuff you leave behind as you use and surf the Internet. As the world moves increasingly online, most of our daily lives are recorded on some sort of electronic database. However what happens online is beyond our control!

Unlike footprints in the sand, which can be washed away by the wind or wave tides in the ocean or sea, digital footprints can be permanent. With the passing of every day, files, images and videos including pre-internet articles, are being uploaded; thus reincarnating historical footprints. Through your digital footprint; you are broadcasting what you look like, where you work, where you have been, who you know, your hobbies, and of course, your opinions on a variety of topics. This is accessible to anyone, including strangers!

In November this year, with the rapidly changing scenario in Zimbabwe, a lot of politicians, activists and “clikivists” (the internet politicians and analysts) found themselves flip-flopping on their analysis and commentary of the situation faster than the Karate Kid’s punches.  They found themselves navigating from the murky waters of “the Crocodile is finished” to the “return of the Crocodile”. Whilst this has been the norm in the political world before the digital age, the meandering path was not captured and it was easier for turncoats to shift positions and deny occupation of their previous ones. A lot of analysts were caught out; and embarrassingly so.

Philip Chiyangwa’s recordings for example, should provide lessons for figures of public prominence on the damage that the digital world can wreak on a reputation. Whilst he frantically tried to disassociate himself with the old order, the digital evidence was embarrassingly overwhelming. The way he is now being torn to shreds in the media gives an indication of what we can expect to see more of, as more politicians and political commentators of the digital age come into the spotlight as they try to flip-flop and change positions. Prof Moyo’s fall from grace, for example, is well documented on Twitter, thanks to his Twitter-activism and publicly available digital publications.

Prominent leaders of the MDC Alliance where also caught-up in the digital footprint unforgiving nature. After openly praising Operation Restore Legacy and the installation of President Mnangagwa on their Twitter and Facebook accounts; a number of them attempted to make a U-turn (apparently after failing to make it into government as they had hoped), but their digital activity was thrown back onto their faces, exposing them as  hypocrites. It is only a matter of time before our future leaders or even presidents find their teenage antics on Instagram, Twitter, Facebook and YouTube back-spinning to haunt them.

Whilst every individual could be the victim of his or her own digital footprint, it is public figures such as politicians who are most at risk. For such groups, even seemingly harmless information can be misinterpreted, spun and used by hostile third parties to expose private activity, attack reputations, and even do serious harm. However, counterintuitively, digital space remains overlooked by naïve public figures who venture into it without carrying out risk assessments. This was so prominent before, during and after the Zimbabwean events, where for example, the social media acts of the former President’s sons ignited and added heaps of fuel to the resentment towards the former first family. The bragging on social media by one Chivayo also came back to haunt him.

Known elements of a digital profile exist in the open for any unauthorised party to view indiscriminately. News stories, profile pieces and social media accounts offer a wealth of data that may reveal an individual’s interests, whereabouts and extended social circle. The social media accounts unwittingly divulge sensitive information, even where the target individuals themselves refrain from social media activity. Family members are often the prime information targets of hostile third parties. It does not take much effort to assemble a family tree and then to track down and monitor the circle’s digital activities. Investigative journalists are also increasingly turning to new tech-powered tools to source family-related stories.

As well as drawing negative press attention, some posts expose information which can pose physical risks too and can be used to track down the individuals themselves; such as license plate numbers and hotel locations.

Deviating from Zimbabwe, in the UK, the case of the burglary at the house of the millionaire footballer, John Terry in March this year is a typical example of how social postings can expose information which can be harmful. Terry’s mansion was targeted after the player posted pictures from the slopes of the French Alps with his wife, telling his 3.4 million Instagram followers that he was having a ‘great few days away skiing with the family’. A gang of four used the posted information to steal more than £400,000 worth of designer goods from the mansion of the former England captain whilst he was away!

It is difficult to permanently erase anything from the internet, and therefore it is critical to be aware of what is being circulated about an individual, their business or family. In this digital age these articles can become prominent features of an individual’s first page of internet search results; becoming a person’s virtual “business card”. Such content can have an especially enduring effect, appearing on the digital profiles of spouses, siblings and children due to a shared family name, creating an online reputation crisis.

Some websites build a list of the various devices one has used to visit them. While this can often be applicable as a means of helping to secure your account, it is important to understand the information being collected about your habits. Make no mistake about it – the web is listening every time you use it! It’s important that you understand what you’re leaving behind when you visit any website.

Social networking opens the door to the possibility of being cybervetted when applying for a job. Cybervetting or online vetting is the practice of using information found on the Internet to determine whether a person is a viable candidate for employment. It is just another tool in the box to gather information about the person’s behaviour to verify whether the applicant’s behaviour online is the same as in real life.

With one google search of your name prospective clients, employers, and co-workers can get a snapshot of your history. Most employers are using this snapshot to screen their applicants and eliminate candidates for consideration based on what they find. We should expect cybervetting to be used more and more by organisations, first to avoid surprises, and more as a digital background and fact checking tool. It is therefore critical now, more-so than ever, to be aware that what you say or do online is permanent. It can be a great opportunity for you to build your brand or conversely prove to be the easiest method of self-destruction.

There is also a flip side to this coin that suggests if you decide to go off the radar and remove your online trail you will cease to exist in a world where individuals are increasingly judged on their number of followers, online engagement or influence. Even employers already routinely check a candidate’s online profiles to see if they are a suitable fit for their organization and some are even hired as a result of their high Twitter following. The days of being digitally invisible are over, and anecdotally the lack of an online presence is starting to be viewed with suspicion in some circles. As the world increasingly turns online for information, digital silence can be obstructive in conducting effective due diligence or establishing a reputation.

Every day we contribute to a growing portrait of who we are online; a portrait that is probably more public than most of us assume. So no matter what you do online it is important that you know what kind of trail you are leaving, being aware of what the possible effects can be. Lessons should be drawn from the much-changed face of Zimbabwe and the speed of change, which saw a number of individuals scampering, trying to re-align themselves in vain, as the digital evidence was unforgiving.

Your digital footprint paints a picture of who you are. Before posting online, ask yourself whether the content portrays how you really want to be perceived. On the other hand creating a delusional online version of yourself is possibly the worst thing you can do; trying to be someone else is a waste of the person you are.

Social media and the internet are enablers that when used correctly can offer each and every one of us a wealth of opportunities with no side effects as long as we act responsibly. However, the internet is unforgiving, before texting, tweeting or sharing, consider how you would feel if the material went viral. Is your human need for approval for eliciting re-tweets and likes driving you to share questionable material? You should have zero expectation of privacy in cyberspace.

Thanks to screen capture; even a deleted post can still be retrieved and shared. Therefore, before you click ‘post’ on socio-economic and political topics think about your digital legacy! Unlike the Zimbabwean story, you cannot launch an “Operation Restore Legacy” in the digital world.

Zimbabwe: Cybercrime and Cybersecurity

The appointment of a fully-fledged Minister of Cyber Security, Threat Detection and Mitigation has been met with a lot of scepticism. This has been mainly driven by the perceived duplication of responsibilities among ministries, and also by the lack of public understanding of the real threat cybercrime poses. Such a perception threatens to downplay one of the fastest growing threats to technological development, not only affecting Zimbabwe but globally.

This has not been helped by the fact that this appointment was made following the tabling of the Cybercrime and Cybersecurity Bill (2017) which addresses the associated issues whilst allocating the responsibilities to the already existing Ministry of ICT. Several announcements by senior government officials relating to the use and perceived abuse of social media have also raised fears about what the new ministry will mean for civil liberties; especially those related to freedom of speech but most crucially, also adversely masking the real threat posed by cybercrime. It is indeed unfortunate that the general message coming from the government and the minister himself has an over-emphasis on stopping social media political activism at the expense of real cybercrime. Issues surrounding cybercrime and cybersecurity should not be trivialised by the government’s perceived motive or the reaction of the media and social commentators.

Cybercrime includes a broad range of illegal activities committed by means of a computer system or network. Unfortunately, most cybercrime exploits the poor knowledge and lax security habits of the general public. Cybercrime is no longer confined to fake e-mails “from the son of a dead African King”, but has become much more sophisticated and threatens to derail the economic benefits being achieved through technological advancements. It is the duty of the government to dispel the public perception, and convince the populace that this ministry was not created to instil fear on social media users, but rather to deal with the ever-growing threat from cybercrime. For the country to be adequately protected there needs to be more public sensitisation, education and training to increase awareness of the threats.

The general public is familiar with the usual physical burglary and theft, but the nature of cybercrime is such that the majority of people and businesses will not necessarily realise when digital burglary has taken place. Even though cyber-crime comes in different forms; it can be categorised into attacks against individuals, companies/organisations or other countries.

Personal crimes mainly involve identity-theft related scams in which personal details are stolen. A number of illegal/criminal activities can be perpetrated by an individual using the stolen identity. Besides financial fraud (for example using your ID to obtain a loan in your name), identity thieves commit crimes, such as drug-trafficking, smuggling and terrorism, among many other criminal activities whilst posing as other people.

A range of scams targeting individuals have been identified, with Zimbabwe having its fair share. A

number of people can testify to being lured online into depositing money to buy goods such as cars, clothing, groceries or services such as shipping, with companies and individuals disappearing from the cyber-world after collecting the money. There have also been reports of individuals lured into depositing money to secure non-existent job opportunities among other scams.

Attacks against organisations are becoming common and have recently manifested themselves in the form of Ransomware. This is comparable to real life kidnapping experiences, whereby criminals demand money for the return of kidnapped persons or seized precious items. In the cybercrime world the criminals use a malware or a “dangerous” computer programme to prevent or limit the usage of company services, stopping users from accessing the system/services unless a ransom is paid. Imagine an attack on the EcoCash mobile banking system which disables all associated services such as mobile money transfers even just for a day or disrupts/cuts off Econet, Telecel or TelOne mobile communication! The disruption that can occur and the damage to the economy could be quite substantial! The outcry that accompanied the disruption of WhatsApp services for a few hours last year around the world is a taster of the potential effect of cybercrime on everyday life.

In Zimbabwe, there have been reports of malware attacks on educational institutions and companies’ websites; with the Herald, the government, NUST and the Harare Institute of Technology reportedly affected, reflecting the reality of the threat on Zimbabwe’s doorstep. Companies and banking systems have also been subject to hacking (illegal penetration and use of computer systems) thus being defrauded by individuals of large amounts of money. The case of a Chitungwiza man who hacked OK Zimbabwe’s Money Wave System before stealing $70 000 reported widely, is a typical example of such cybercrime activities.

Another form of attack is one organised by a state against another state's institutions or infrastructure; a form of cyber-warfare. This involves one nation penetrating another nation's computers or networks for the purposes of causing damage, disruption or to obtain sensitive security information. In these types of attacks, one nation attempts to disrupt the activities of organizations or other nations for strategic or military purposes and cyber-espionage. Attacks may also be carried out by terrorist groups. Increasingly, cybercriminals are attacking governments through their critical infrastructure, including transportation systems, banking systems, power grids, hospitals and critical manufacturing.

Numerous incidents of cyber-warfare have been reported, for example, in March 2014; the Russian government allegedly disrupted the internet in Ukraine, enabling pro-Russian rebels to take control of Crimea. North Korea was blamed for the 2014 cyberattack on Sony Pictures after they released the film “The Interview”, which depicted the North Korean leader Kim Jong-un in what the country regarded as negative light. In December 2016, Ukraine experienced a blackout as a result of cyber-attacks on electric power distribution companies. Most recently, and still ongoing are allegations of Russian interference in the USA elections through cyber activities. The WikiLeaks case which also affected Zimbabwe is a typical highlight of another form of cyber-espionage. These incidents have brought into light, situations which used to be viewed as science fiction!

Social media remains a favoured target of scammers, as criminals seek to leverage the trust people have in their own social circles. Social media is quickly becoming a daily part of life in Zimbabwe; following a global trend. In social media generated cyber-crimes, criminals take advantage of the sharing facilities and present fake products, video links and “like” buttons which they use to spread their scams. Users are also lured into clicking fake website buttons that install malware with some posting updates on a user’s newsfeed, spreading the attack.

Terror groups have also been taking advantage of social media to further their goals and spread their message presenting governments with another frontier for cybersecurity. Investigations into attacks such as that of the Kenya Westgate Mall have revealed the use of social media and computer networks in planning and co-ordinating the attacks.

Cyber criminals continue to take advantage of vulnerabilities in poorly secured legitimate websites to infect users. Cyber criminals exploit the design weakness to gain access and manipulate these sites for their own purposes. For instance, cyber criminals can penetrate websites and acquire user data, compromising visitors to the affected websites. Attacks on websites and replacing contents are also common, with some websites content replaced by for example, extremist material or pornography.

To safeguard the country against cyber-crime, it is vital to promote the culture of cybersecurity among stakeholders, notably government, companies and cooperatives, civil society organisations and international organisations operating in the country to develop, manage and use information systems. It is important to engage industry, the civil society, and academia in the promotion and enhancement of a culture of cybersecurity. The government must also, on its part, mobilise resources to develop cyber security skills.

The government has to sensitise and provide education and training to the public. Law enforcement powers must be trained so that they execute their cybersecurity duties whilst maintaining the rule of law and meeting human rights requirements. Conditions and safeguards limiting law enforcement powers should be established. Since cybercrime is borderless; the Zimbabwe laws must be compatible with the laws of other countries to permit international cooperation. It should avoid over-criminalisation of social media-content, if it is to stop the stigmatisation associated with the newly created ministry.  

The government must ensure that critical information infrastructure is protected, to safeguard data and sensitive information. Data protection legislation should be put in place to safeguard the general public (critical with the ongoing biometric electoral registration which acquires sensitive individual data such as fingerprints; taking place).

Zimbabwe like other nations has been experiencing various types of cybercrimes including credit card theft, hacking, identity theft, phishing, unauthorised access according to police reports, but these have not received publicity in contrast with social media activism. One of the biggest impediments in advancing cyber security readiness is changing of mindsets to raise awareness about the potential risks of cybercrime; and publicity of ongoing cyber-crimes can go a long way in achieving this. All national stakeholders and citizens must work together in order to change the mindset and public perception of matters relating to cybersecurity.

Cybercrime not only derails the technological advancements but is an attack on economic, social and political advancement of societies.  It is therefore important for the new ministry to create greater awareness and capacity building programs to facilitate cyber resilience in the future whilst ensuring good governance and respect of human rights.

Note: Cybersecurity was rightly incorporated into the Ministry of ICT (and Cybersecurity) - After this article was written ...not because of this article.

BVR in Zimbabwe Elections : Going Forward

 

The arrival of the first batch of Biometric Voter Registration (BVR) kits is a landmark occasion and very significant to the voter registration process in Zimbabwe. It officially marks the shift to a technology-based voter registration system for the first time in Zimbabwe.  Credit should go to the Zimbabwe Electoral Commission (ZEC) and the government of Zimbabwe, for embracing biometrics technology in order to enhance the registration and voting process. Handled in the right way, the introduction of this technology to elections in Zimbabwe will go a long way in eliminating one of the major causes of controversy which has accompanied previous elections.

To carry out a credible election, we have to start with credible voter registration.  Issues surrounding the state of the voters roll have been at the heart of most election disputes in Zimbabwe. The main benefit which will be derived from the use of biometrics for voter registration will be the production of a new clean voters’ roll which contains unique individual information based on the physical characteristic (face image and fingerprints) of each voter.  It is important to emphasise this point as there have been a lot of misconception regarding the usage of biometrics in the upcoming elections.  In the planned BVR process, a voter’s details (name date of birth, address etc.) will be digitally captured and stored alongside their biometric features (face and fingerprints) on a computer.  This is very similar to the process we go through when we apply for National IDs (zvitupa) and passports. These will then be input into a single database where software will be used to clean up the voters roll by eliminating voters who would have registered multiple times.  This is because the software will not only compare names but will also compare the fingerprints. So a person who registers multiple times under different names will be picked out by the system.

The second part of the process, if it was to be implemented, would be biometrics-based voter verification or authentication which happens on voting day. This is whereby a person appears on voting day, presents an ID or provides a name. The person’s biometrics face and/or fingerprints are then captured and compared to those in the database.  If there is a match, the person would be verified, gets a ballot paper and continues to vote (manually) in the normal way! The person’s details are then digitally marked as having voted and cannot be used for repeat voting. This is NOT electronic or biometric voting, but manual voting as we are used to! 

However it is important to emphasise that ZEC has clearly indicated that biometrics are going to be used for voter registration ONLY. However with the biometric register in place; in future elections, ZEC can take the next step of using biometrics for voter verification on polling day. It is therefore important to recognise that biometrics are not going to be used on polling day and identification documents will remain critical for identifying voters. On polling day; voters will still be required to present identification documents which will then be cross-checked manually with information in the system before one is allowed to vote. Therefore the current exercise by the Registrar General’s office of issuing IDs should be viewed and judged with this in perspective.

The availability of the BVR kits means the BVR registration exercise can now be kick-started.  However, there are a number of issues that ZEC should now be diligently looking into in order to ensure that this process is a success.

It is essential that ZEC ensures that staff who are going to be handling these kits are adequately trained and skilled. It is unfortunate that the training of the “BVR Master Trainers and Technicians” could not be started earlier; the 5 days allocated for the training may not be adequate. Technology is only as good as the way it is deployed. In order to identify multiple registrations; which is the main benefit of the system, clean data must be submitted. Finger prints and photographs must be clearly captured in the right way, which requires trained and capable staff. Essential skills for staff operating biometric voter registration (BVR) include basic computer skills, with an emphasis on data capture, processing and administration on top of planning and logistical skills. Staff should also be trained to repair and maintain the equipment, so that they do not rely solely on the supplier for maintenance and support issues. The timelines are tight, but the preparedness of the registration team is crucial to the success of the process.

Since election technology has the potential to directly affect the political process, it is important to engender a sense of ownership in its users.  In order to achieve this, ZEC should provide sufficient information to the public to enable them to feel included in the process.  In addition, accessibility, versatility and equality considerations are to be taken into account when deploying these kits to ensure that people with special needs (the old, and disabled for example) are included.  Challenges that may occur during data capture include unreadable prints of old people and physical workers (for example miners), people with missing fingers and software bugs.  Contingency measures should be in place to make sure that none of the affected people are disenfranchised.

There are a number of technical issues associated with the use of BVR which ZEC must be aware of and mitigate against.  The use of technology has associated data security risks which occur as data is collected from individual registration centres to the central registry. Safeguards should be in place to prevent corruption or manipulation of the data. Corrupted data may result in “false rejection” of valid voters. It is therefore important that data security gaps are eliminated from this process.

ZEC has to ensure that there are measures in place for the biometric data collected to be securely transported from registration centres to data centres. There must be mitigating control measures to protect the mobile registration kits and data storage devices from theft, manipulation or destruction during storage and transportation from registration centres.

ZEC must also clarify the issue of the Data Centre (Central Server) which will host the AFIS software (de-duplication software), the centralised biometric data and related systems. There have been conflicting reports emerging from ZEC which ranged from a separate tender process for the central system, provision from existing facilities and recently UN sponsored upgrading of an existing system. Such conflicting statements emanating from ZEC are not helpful. It should be noted that the Central Server will only be required once all the data from the various registration centres has been gathered; so ZEC has got time to resolve this issue.

Once the Central Server is in place, adequate security measures must be put in place; with defined data access privileges (who has permission to access and make amendments to the database?), recovery and back-up procedures. The processes to identify any security breaches and the audit to track any changes to the database to the satisfaction of all stakeholders should be outlined. These security issues are crucial and must be addressed in a transparent manner to avoid post-registration or post-election disputes.

The challenges to ZEC are not only restricted to technology and procurement. Advanced technology alone cannot guarantee the integrity of elections without corresponding legal and administrative protective mechanisms. It is therefore important for ZEC to ensure that the legal framework is compatible with the introduction and use of BVR technology. With all due respect to the legal expertise of  Justice Rita Makarau (the ZEC Chairperson), the Kenyan electoral dispute has highlighted that failures to adhere to constitutional and other legal requirements can occur and may be challenged.

Associated with acquisition of biometric data is the issue of data protection and right to privacy. While there is a need for electoral data to be in the public domain, the balance between, on one hand, the reasonable demands for transparency in electoral processes and the right to privacy of the citizen on the other is a delicate exercise which requires careful handling.

In spite of all the challenges, the introduction of biometrics in the compilation of voter registers should improve the accuracy of the voter registers and provide the foundation for clean, violence-free, fair and credible elections. The biggest benefit of BVR ; as has already been stated is the production of a clean, credible and reliable voters’ register which is at the heart of conducting a fair and credible election. The integrity of the voters’ roll is one of the basic principles on which the legitimacy of an election is founded; and BVR implemented in the right way is a giant step forward.

Biometric Voter Registration (BVR): Dispelling the Myths

By Dr Samuel Chindaro

There have been a number of publications in the local media, quoting comments from various ‘experts’, and citing developments elsewhere, using these to cast aspersions on the use of biometrics in the upcoming Zimbabwe elections.  Examples of these publications are “Red Flag over Biometric Registration” (The Herald, 11 March 20017), “France’s Cancellation of e-voting: Eye-opener for Zim” (The Herald 9 March 2017), “BVR, A Luxury We Cannot Afford” (The Herald, 13 March 2017 – Editorial Comment) and most recently “More Thumbs Down for Biometric Voting” (The Herald, 15 March 2017). This effort has been systematic and sustained, culminating into a Newsday publication (16 March 2017) screaming “2018 Polls Hang in Balance”. All this comes after the tender process has commenced and a shortlist of companies compiled - maybe just a coincidence. This however is the political side of the process which the author will leave to political analysts.  

What these publications revealed was a clear lack of understanding of the BVR process. This lack of understanding and “mis-information” is being used to discredit the process culminating in the set-up of an agenda giving cues to the abandonment of the biometrics project. This article is intended to correct some of this mis-information and mis-interpretation of developments elsewhere. It also aims to clarify the proposed Biometric Voter Registration and Verification process (BVR) which Zimbabwe Electoral Commission (ZEC) is proposing, and has been successfully used in other countries.  

The common theme in these publications has been the misconception that ZEC is going to implement ‘biometric voting or electronic voting’.  This then set the basis for the claim that the system would be susceptible to ‘cyber-attacks’ and ‘hacking’  which would derail the voting process and dis-enfranchise voters, citing France’s abandonment of electronic voting as an example.  ZEC is not proposing to implement ‘biometric or electronic voting’; it is proposing a model of BVR which is very different from electronic voting (even though it can be used as a launch pad for electronic voting). Additionally, the process being proposed is not more vulnerable to cyber-attacks or hacking than any other electronic voter’s register or database. This will be further explained in this article.

The call for the employment of technology in Zimbabwe for both voter registration and facilitation of the electoral process is not new. The issue has been raised in parliament several times (Tongai Matutu, 2010, Pishai Muchauraya and Nelson Chamisa, 2012 for example). The author of this article also advocated for biometrics to be used in a 2012 publication and in a number of follow-up articles thereafter.

The intention to introduce biometrics in Zimbabwe for the 2018 elections has enhanced ZEC’s credibility, and should be applauded as a step in the right direction. Zimbabwe is not re-inventing the wheel, but is following in the footsteps of other countries including Ghana, Benin, Tanzania, Togo, Mauritania, Ivory Coast, DRC and Nigeria among others, which have successfully pioneered this technology.

Before, dealing with the issues that are being raised in the recent publications, a brief explanation of biometrics is given here. Biometrics refers to human physical and behavioural characteristics such as fingerprints, the iris, signature, face etc. These can be used to uniquely identify an individual.  This concept is definitely not new! Zimbabwe has been collecting people’s biometrics for decades; everyone has to have a picture taken and fingerprints captured to obtain a national identity (ID) or passport.  This background and reference is important because BVR is just similar to this process.  In BVR, a voter’s details (name date of birth, address etc) are digitally captured and stored alongside their biometric features (face and fingerprints) on a computer– that’s it. Nothing more nothing less! The advantage of this system is that these biometric features can be used to uniquely identify an individual in a computerised way and additionally , there is inbuilt software to identify and eliminate duplicate voters/registrants; leading to a clean voters roll.

The deployment of personnel for the purpose of collecting BVR information is not different to that done in order to register people in the “old way”.  Personnel will be trained and equipped with mobile voter registration kits. These are portable devices designed to create electoral rolls; equipment that is reusable, extensible and resistant to adverse conditions. These devices are self-contained, autonomous units supported by long-life batteries and can be used in remote areas for registration, even within homesteads. In the end, what is compiled is a normal database or electoral register which includes biometrics information.

The second part of the process is voter verification or authentication which happens on voting day. This is whereby a person appears on voting day, presents an ID or provides a name. The person’s biometrics face and/or fingerprints are then captured and compared to those in the computer database (biometric voters’ register). Again mobile biometric kits/stations are available to achieve this, enabling penetration of remote areas.  If there is a match, the person is verified, gets a ballot paper and continues to vote (manually) in the normal way! The person’s details are then digitally marked as having voted and cannot be used for repeat voting (no need for ink). This is NOT electronic or biometric voting, but manual voting as we are used to!  

At first ZEC had indicated that biometric verification would not be done (thus just creating Biometric Voter Register – or simply an electoral register which contains a person’s face and fingerprints which would not improve the voting process itself but provide a clean and credible voters’ roll). However Vice President Mnangagwa in response to a question by MP Chamisa in parliament regarding use of biometrics on voting day had this to say; “Hon. Chamisa has forgotten that we agreed that we need BVR.  We never said it would not go full throttle.  We agreed that the biometric system would be used in coming up with a Voters Roll up until the actual voting.” So, it is expected that biometric verification will be used on voting day.

The other dominant theme of the publications attacking the BVR process was the ‘susceptibility to hacking and cyber-attacks’. A biometric voter register, as mentioned before, is no different from any electoral register (as prescribed by the Electoral Act) or any other database. Therefore it’s susceptibility to hacking and cyber-attacks should just be at the same level; but this is not even the case as these biometric databases are more robust and designed to protect the sensitive personal information they contain. 

The issue of data privacy features dominantly in the development of biometric processes. Consequently, the BVR process has inbuilt protection included in the software packages (for example, template protection) which makes it more robust than the current electronic register which has been used in the previous elections. It is difficult to hack, and even if the data is somehow stolen it would be in an unusable format for the perpetrator. It is accepted that the outcry might have been based on the misconception that “electronic voting” and automatic tallying of votes would be carried out; an assumption which is very wrong.

Another debate and negative concept being cast about the BVR process is its perceived cost, but before delving into the intricacies of financial cost, it is important to look at why Zimbabwe has embarked on this path. It is not by accident that ZEC has embarked on the Biometrics project. The history of disputed elections and unclean/suspicious voter registers is a known political burden to Zimbabwe. This has damaged the credibility of Zimbabwe elections leading to violence, leading to loss of lives, people being displaced and some fleeing the country. The cost in terms of human lives and the country’s economy has been monumental and cannot be quantified. It is clear that the current scenario cannot be sustained, and an improvement/change in the electoral process is crucial. Reverting to the use of national IDs or licences will create the same cycle of rigging accusations and discrediting of the electoral process – a vicious circle which needs to be avoided.

In 2012, ZEC said they would need about US$20 million to spruce up the widely-condemned roll after which constituency boundaries would be drawn up for general elections(The Herald 21/12/12). It is on record that a proposal for biometrics registration was made at that time, detailing that the exercise could be carried out within 3 months, costing USD20 Million; the same figure that ZEC had said it needed to clean up the voters’ roll!

The current proposal for BVR is based on a budget of US$29 million; to produce a NEW clean and credible voters’ roll – surely not an expensive exercise especially if put into context of what it will achieve. The cost of acquiring the equipment needed is no more than US$15 million. Therefore the “unaffordability” claim is unfounded. Furthermore UNDP had offered to fund the BVR procurement process through their structures to ensure transparency, a proposal which has now been rejected for ‘sovereignty’ reasons. However the government has now made US$17 million available to fund the process. In addition, this process is sustainable, and will be much cheaper in the next elections (no/low procurement cost) in addition to the bonus of sustainable dispute free elections.

Having said all that, BVR in itself does not guarantee successful, fair or credible elections. The author does not propose the use of biometrics as a "silver bullet" capable overcoming all obstacles Zimbabwe faces in ensuring a level playing field in which all eligible voices have their say in the political future of the country.  Its effectiveness can only be recognised if applied in tandem with the political-will and sincerity of authorities in charge, who are tasked with guaranteeing fairness and ensuring inclusion of all citizens.  Biometric technology cannot solve problems rooted in issues such as mistrust among stakeholders or lack of political freedoms. Elections, at the end of the day, are a political process.

In spite of all the challenges, the introduction of biometrics in the compilation of voter registers should improve the accuracy of the voter registers and provide the foundation for clean and violence free elections. Ghana has used biometric registration and verification in three consecutive elections (the latest occasion being in 2016) proving that the process can be reliable and sustainable.  It is therefore urged that ZEC and all stakeholders embrace biometrics technology to ensure integrity, inclusiveness, accuracy, transparency and accessibility in the coming elections. The media should act responsibly and report facts accurately, and ZEC should take a pro-active role in explaining the BVR process and educating the public.

This article first appeared at:  http://www.techzim.co.zw

Biometric Elections in Zimbabwe – Managing the Risks

The intention to introduce a Biometric Voting System (BVS) in Zimbabwe for the 2018 elections by the Zimbabwe Electoral Commission (ZEC) should be applauded as a step in the right direction.  The fact that the introduction of the system has been done after calls from the opposition and other experts including this author, for introduction of this technology should also additionally boost the credibility of ZEC which has responded positively to these calls. ZEC is following in the footsteps of other countries including Benin, Malawi, Zambia, Tanzania, Togo, Mauritania, Ivory Coast, DRC and Nigeria among others, which have either implemented or trialled this technology.

Even though, the biometrics technology itself is now mature, tried and tested; its implementation in an electoral system; especially in Zimbabwe’s current state requires careful management of risks if it is to achieve its desired goals. Handled in the right way, the introduction of this technology to elections in Zimbabwe will go a long way in eliminating the controversy which has accompanied previous elections. The advantages of using biometrics technology and the process involved have been covered previously by this author.

The frequency at which ICT projects run late and over-budget, makes it clear that Zimbabwe’s BVS project is at a high risk of failure if it’s not adequately planned. As with any major technological project, the introduction of a BVS, especially in the challenging Zimbabwean environment must be done with a full understanding and overview of the requirements and the risks involved. Fundamental to the success of such a project is an appreciation of the procurement and running costs, and thereafter the sustainability of the technology.

Ideally, the preparations for introduction of advanced technology in elections should start soon after the preceding elections, in order to maximise the time for system testing, procedural development, training, etc. Procuring major systems at the last minute increases costs reduces benefits and undermines the sustainability of the technology. Procurement of election materials is among the most costly part of the electoral process and any delay or shortfall in the procurement or distribution of materials could have serious implications on the rest of the electoral schedule.

The minimum requirements to implement a BVS are the acquisition of voter registration kits (cameras, laptops, power supply, and accessories), registration and database software, duplicate analysis software for fingerprints or face recognition (software to identify and eliminate duplicate entries). This should be accompanied by training of operators and providers of on-site technical support. A BVS requires properly trained staff and effective operational support and maintenance structures to have a chance to succeed. It is important for the success of the project that the electoral body hires experienced experts to lead the project implementation and not rely on political appointees.

The choice of technology which ZEC is going to adopt for the BVS will have a big impact on the procurement process. The choice of the appropriate level of technology to implement should be backed by a comprehensive and properly resourced feasibility study. It is vital the electoral board carries out adequate validation tests for biometric voter registration, identification and verification (proving that the registrant is who they are claiming to be).  ZEC should therefore allocate adequate time for the procurement and validation process, integrating the necessary buffers to reduce impacts of potential delays.

The sustainability of the Biometric Voting System is another important aspect when choosing and acquiring the technology. The system should be re-usable and be able to be sustained locally without relying on external experts, technicians and vendors. There are high risks related to lack of local technical service, backup support and spares for high-end technological solutions. ZEC should be able to attract and retain local staff with appropriate levels of skills. The University of Zimbabwe, National University of Science and Technology and Chinhoyi University of Technology (among others) have been steadily churning out graduates and researchers in this field. Maximising on local expertise will ensure that the technology survives beyond one election cycle and can also potentially be expanded to other institutions other than ZEC.

Planning for a Biometric Election:Zimbabwe Electoral Commission Chairperson;
Justice Rita Makarau

Relying on external vendors and technological experts will challenge the integrity of the electoral process and the confidence in ZEC, and raise the question of legal responsibility, national ownership and sovereignty (remember the NIKUV controversy?). Relying on external expertise and suppliers will land the country in the hands of organisations/companies who have little interest in capacity building, who may retain intellectual property rights  and therefore challenge the sustainability of the technology  resulting in both donor dependency and vendor lock-in. Therefore, alongside recruitment of appropriate local staff, it is vital that the BVS acquired should be one meeting specific standardisation of practices and processes to avoid the process being locked to one vendor, which additionally, minimises competition and drives up costs through monopolisation.

The frequent and unpredictable power cuts which take place in Zimbabwe make it important that contingency planning is prioritised by ZEC for the implementation of the BVS.  Alternative power supply sources such as standby generators or Uninterruptable Supplies (UPS) should be in place for the duration of the voting process. Associated with power cut risks are data loss, data corruption and equipment loss which will require appropriate back-up servers and other disaster recovery strategies.

There are other general issues which ZEC should be considering as they build up to the introduction of a BVS.  It is crucial to the acceptance of the process that ZEC manages the perceptions of voters and other stakeholders. Electoral technology must generally empower local stakeholders and therefore decisions on the choice of technology should, where practical, involve stakeholder participation and reflect their input. The relevance of any technology applied to electoral administration significantly determines the overall credibility and quality of the entire electoral process. It is therefore important to involve all stakeholders, presenting the benefits clearly, and being transparent about procurement procedures, time of deliveries, costs and risks. ZEC must also carry out transparent pilot and evaluation tests which it can use for civic education and public outreach.

It is advisable for ZEC to organize a consultation process with those users or their representatives to ensure that their needs are met, they are satisfied and that the BVS is acceptable and reliable. It is important to provide sufficient information to users to enable them to feel included in the process and therefore increase the likelihood that the new technology will be successfully accepted and implemented. Since election technology has the potential to directly affect the political process, it is important to engender a sense of ownership in its users. In addition, accessibility, versatility and equality considerations are to be taken into account when adopting new technology to ensure that people with special needs are included.

The challenges to ZEC are not only restricted to technology and procurement. Advanced technology alone cannot guarantee the integrity of elections without corresponding legal and administrative protective mechanisms. ZEC must ensure that the legal framework is compatible with the introduction and use of BVS technology. Associated with acquisition of biometric data is the issue of data protection and right to privacy. While there is a need for electoral data to be in the public domain, the balance between, on one hand, the reasonable demands for transparency in electoral processes and the right to privacy of the citizen on the other is a delicate exercise which requires careful handling.

The biggest challenge is how to ensure a sustainable, appropriate, cost effective and transparent use of technology, particularly in Zimbabwe’s fragile political environment. Provided the BVS is operationally appropriate, cost-effective, timely implemented, transparent and sustainable, it can build credibility by improving the speed and efficiency of the electoral process. It is however important to be realistic about the associated risks and their sources. In some cases risks develop because there are participants who may want the process to fail for their own selfish reasons, including those who are deriving benefits from the status quo. It is hoped that ZEC will be taking appropriate measures to mitigate any risks associated with the implementation of the proposed BVS.

This article was first published by TechZim. Reproduction of this article is permissible as long as this fact is acknowledged.