Ahead of presidential elections in Kenya in August, the country’s electoral agency has coordinated the opening of two data centers. This follows an audit of the the Independent Electoral and Boundaries Commission (IEBC) by KPMG that found “major security gaps” in the country’s register.
The report identified more than ten security flaws in IEBC’s existing data center that could be used to flout the democratic process on election day.
The integrity of the process and the ability to demonstrate it to the citizens of Kenya is all the more important given the events of the past two elections: in both instances, local and foreign observers found irregularities which cast doubt on the legitimacy of the elected candidate.
Flaw after flaw
The audit of the electoral commission’s current data center discovered that two active administrator accounts with access to the voter’s register had default passwords that had never been changed, and preventative measures against cyber attacks were found to be lacking.
Furthermore, the data center at IEBC’s headquarters had an unreliable UPS, a faulty fire alarm system that was last serviced in 2005, and its air conditioning system had failed, raising temperatures by 25 degrees Celsius (45°F).
Until now, there had been no disaster recovery site to ensure that the register was backed up and available in case of a technical failure or an attack on the IT systems. In fact, the register was backed up on tapes stored at the IEBC’s head offices, where its data center was located.
In addition, KPMG found that in the previous election, 79 percent of enrolments had been transferred manually from registration centers to regional offices, and as a result a number of applications had been missing.
In its report, KPMG insisted that the IEBC must not only invest additional funds in its IT infrastructure, but build a second facility for disaster recovery.
“Whilst we understand the commission is in the process of procuring a co-location site and new IT infrastructure, in the event of failure of systems prior to the establishment of a secondary production environment, this could represent significant risk to the preparation for or during the elections in August 2017.”
The consultancy recommended that the IEBC asks its cyber security provider, French multinational Morpho, to increase the safety of the database which hosts the voting register.
The auditing firm also advised that biometric identification be used to deter people from voting using deceased individuals’ identities.
When the audit took place, the report led to confrontation between the IEBC and newly formed coalition party, the National Super Alliance (NASA), whose leader, Raila Odinga, questioned the agency’s decision not to disclose details contained in the report, stating that this put the register’s integrity at risk. The report has since been published in its entirety.
IEBC’s chairman Wafula Chebukati has stated that the new data centers, the locations and specifications of which remain a secret, address the issues raised by KPMG.
In 2007, the election results caused an escalation of violence in Kenya after founder of the Party of National Unity (PNU) Mwai Kibaki was re-elected with a very slim margin. This sparked a conflict between his supporters and opposition parties, leading to over 1,000 deaths and 600,000 Kenyans being displaced from their homes.
An international commission of inquiry was established to look into the election, and found that there had been too many malpractices to establish who had actually won. Kibaki and his opponent Odinga finally reached a deal which saw the creation of the position of Prime Minister, and Odinga was appointed the role.
In 2013, Odinga stood against Uhuru Kenyatta, who had been accused of crimes against humanity for inciting and funding the violence that followed the 2007 election. Once again, Odinga lost by a slim margin, and the Supreme Court organized a retallying of votes from a sample of polling places. It found discrepancies and an absence of official forms backing the numbers used by the electoral commission, but finally upheld Kenyatta’s election.
This year’s campaign is especially tense as it is taking place in the context of a devaluated currency and high inflation, widespread food shortages due to drought, all amidst fear of violence and polarized ethnic relations.