Zimpapers Logo

THE hacking attack on a website of the Zimbabwe Electoral Commission, and the subsequent boasting by a shadowy body claiming to be an election watchdog, means that ZEC must now spend money and time to impose much higher levels of security on its public ITC access.

The motives of Pachedu, the name the hackers give themselves, are not clearly stated, but they are obviously up to no good. At worst they want to get into the ZEC databases and mess up the voters roll and the results to suit their own unpleasant ends, unpleasant because that would be to nullify the right of Zimbabweans to elect their own Parliament and Government.

More likely, since ZEC can simply keep its main databases offline, and simply post copies on a second server for public access, the group wants to create high levels of doubt over the efficiency of ZEC and thus on the voting it organises and the results it counts. It is quite possible that it then intends to leverage this doubt into street violence to gain the result it desires.

We all need to remember that ZEC can easily prevent contamination of the voters roll, at least the original voters roll, and the actual physical ballots and the digitalised results. This means that the roll and the results cannot be hacked, since there is no physical access to either.

But ZEC does have a legal and moral responsibility to be as open as possible, to help Zimbabweans register and check their voter registration, and to publicise the results as fully as possible without breaching the trust of having a secret ballot. It also needs to protect the privacy of voters. Not everyone is thrilled to have more than the most basic of personal details on the internet, where any criminal can simply examine these while plotting their next theft or robbery.

Very few are that willing to let anyone, but a duly constituted authority, and then only for confirming identity, to see their picture and their fingerprints. ZEC needs a lot more details than your neighbours need. Part of this is to avoid cheating. If someone tries to register twice, ZEC needs a set of identity particulars so once the possibility of a mistake in data entry is eliminated, it is easy to prove that the same person registered twice and a magistrate sitting in a criminal court can take the appropriate action.

We have seen cases of people trying to pack a particular ward or constituency, by getting people who live elsewhere to register in a fake address.

In fact a magistrate sitting in a criminal court is now faced with more than 20 adults claiming to live in the same tiny cottage in a high density suburb, a sufficiently large group and a sufficiently small cottage that they would have to all sleep standing up.

One advantage of the digitalisation of all voter information is that fairly simple algorithms and searches can quickly identify these sort of anomalies and so prevent cheating.

The second reason for detailed information is that ZEC also has to place every voter into a ward, and so automatically into a constituency and province, since constituency boundaries never cross a ward boundary and no constituency straddles a provincial boundary. And then every decade, as is now happening, ZEC has to change boundaries to take into account population movement, since not all wards grow in population at the same rate.

These reasons mean ZEC needs to know more about a voter than a neighbour, let alone a wandering political activist or criminal needs to know.

The other factor that people need to remember is that the voters roll is not a static document, engraved in stone. It is a living document, subject to daily change. Voters can register at any time, so new voters are continually added along with address data changing when a voter moves house and remembers to tell ZEC. Voters die, and their names need to be removed from the roll. The Registrar-General provides a lot of this information routinely, and ZEC follows the law and lists the voters it has been told are dead.

People can object, although the form they need to fill in makes it clear that they can be summoned to stand in front of a magistrate to prove they are still alive. Because of the incompleteness of this process, and the distinct possibility that someone may assume some close relative’s identity if they look enough alike, ZEC insists on the ink finger marking of voters on election day, so even if someone uses another ID card they still only vote once.

The voters’ roll does close for the purposes of an election shortly before the election day. This date is given in the Presidential proclamation declaring the day for a general election or a by-election. That is a matter of convenience to ensure there is enough time for the final printed copies that electoral officers will use can be printed in time.

It is this dynamic roll that makes it so important that anyone looking at a copy of a voters roll also looks at the date. Voters rolls printed a day apart will be different, unless they are those final rolls prepared for the voting officers.

A lot of nonsense is written and generated over changes in a roll, but that is automatic as ZEC makes sure that everyone who qualifies for the vote is put on the roll promptly and everyone who dies is, equally promptly, taken off the roll.

One problem that ZEC will face with their soft copies and hard copies of the voters roll that they are now selling is that some may want to change data, for their own nefarious purposes, generally to prove ZEC is incompetent and biased or just to cast doubt on ZEC.

The commission has said it will be putting in the software security on the soft copies and some rather fancy hard security on the hard copies, which is why these will be US$1 a page, to make any attempt to change data impossible, or at least very easy to detect.

This can be done with a number of software tools and with fancy inks for the watermarking of printed copies. In fact, both soft and hard copies need good watermarking, just that the soft copy is so much cheaper to watermark. That watermark also needs a date, so everyone can see when a particular copy was generated.

Now it appears though that some people want to be active in messing up ZEC’s records and messing up ZEC’s public campaigns by hacking websites and no doubt trying to hack into records, even if these are only copies.

Security software exists. Banks now have to use some very fancy software security to prevent customers’ money being stolen, and other jurisdictions that have online presence by election bodies do the same. ZEC needs that installed. Trying to track down a shadowy group that likes to distribute inaccurate or altered copies of voters rolls and wants to mess ZEC’s interface with the voters will be very hard.

Regrettably, the internet does have a lot of actions that leave no paper trails. This means that like banks and other security sites, ZEC will have to upgrade and put in place the sort of software that can protect its online presence, and hopefully can gather data on attempted hackers that allows them to be hunted down and arrested.