Thursday 18 Apr 2024
Thursday 18 Apr 2024
Latest news
Thumbnail
By By “Ahmad Azizi”,
- Edited:
By “Ahmad Azizi”
OP-ED

A Technical Insight Into Biometric Voting Devices

Independent Elections Commission (IEC) introduced biometrically verified voting in the parliamentary elections in 2018 and presidential elections in 2019.

The main idea behind using biometric technology was to tackle the vote stuffing problems and bring transparency and accountability in voting. The modality used in Afghanistan is a combination of manual voting verified through biometric enrollment of voters and verification of each votes through a unique bar code printed and labeled in the back of each vote.

Furthermore, the biometric voting devices had the ability to transfer the vote counts and result sheets encrypted and electronically to the main server located in IEC’s premises using a secure VPN through 3G and 2G network services enabled in the SIM cards in each device.

However, all biometric devices could not send the result sheets electronically at the end of the voting day to the main server. Possible reasons could be network connectivity or deliberate act to later tamper the devices and manipulate the voting information in the devices or in a way a well-designed plan for systematic e-stuffing of votes.

Cases on inconsistencies between number of voters recorded in the devices and the actual manual vote counts did exist. In certain cases only 4-5 voters were registered in the biometric devices, however, the manual vote counted up to 400 votes which clearly shows the signs of manual vote stuffing.

Over 2,000 biometric devices reached the IEC’s premises weeks after the election’s day. This is one of major concerns given the nature of the biometric devices. The biometric devices run Android OS and it is easy to change the date in Android OS to the date of elections and systematically register voters, create QR codes, print them and stuff the ballot box.

This flaw was pointed out and a proposal was set forth by DERMALOG to upgrade their software to tackle the date change issue in the biometric devices and required 4-5 day to fix prior to contracting DERMALOG for presidential elections, however, government representatives working on the contract negotiation, rejected the fix and deemed it unnecessary due to time urgency excuse which itself raises a lot of questions.

The date changing issue in the devices makes it difficult, however not impossible, to determine if a device was used on the election’s day or days after the elections. The devices use a SD Card memory chip to store voting information and this is a common memory chip easily available in the local markets in Afghanistan. That fact that hundreds or perhaps thousands of biometric devices went missing during parliamentary election is not far from the fact that those devices were used to systematically register votes, the memory chips removed from those devices and put into the devices used in the presidential elections.

Few days back, complaints were raised about police forces breaking the door locks of IEC's Digital Data Support Center. The 2000+ quarantined biometric devices were stored in the same building as well. Possibilities do arise that during this few hours window, the biometric device chips were changed with engineered chips containing voters info to correctly reflect the stuffed ballot boxes. This could be a perfect way to engineer biometric device information reflecting the votes in each corresponding ballot boxes.

In addition, the correct and secure way to transfer voters information from devices to the main server holding the information was wirelessly using the 2G and 3G services in the devices or the wireless network created in IEC, however, memory chips were removed from devices, plugged into computers to transfer this information.

Given the poor cyber security arrangements in Afghanistan and the possibility of computers used for the process being compromised, technically it is not impossible to change the information instantly during the process. Overall, the recommended processes and procedures for the transfer of the information from biometric devices in timely manner as recommended by DERMALOG were never taken into consideration.

Recommendation for IEC to determine if the quarantined biometric devices and memory chips were not tampered would be a proper audit of those devices to determine the date change issue and when exactly were voters information loaded into the devices. The votes within the ballot boxes with corresponding biometric devices found to be manipulated should be discarded.

This will be time consuming, however, the determination of all parties, especially the candidates will determine the fate of elections result. These recommendations are in addition to finding and discarding duplicate (picture and finger print) voters and voters registered with incorrect photos (blank pictures, underage, unknown objects).

“Ahmad Azizi” (a pseudonym) is a senior official of the Afghan government.

By By “Ahmad Azizi”,
- Edited:
By “Ahmad Azizi”
OP-ED

A Technical Insight Into Biometric Voting Devices

An anonymous senior official in the Afghan government provides insider information about the vote counting situation, and offers advice to counter fraud.

Related News

Thumbnail

Independent Elections Commission (IEC) introduced biometrically verified voting in the parliamentary elections in 2018 and presidential elections in 2019.

The main idea behind using biometric technology was to tackle the vote stuffing problems and bring transparency and accountability in voting. The modality used in Afghanistan is a combination of manual voting verified through biometric enrollment of voters and verification of each votes through a unique bar code printed and labeled in the back of each vote.

Furthermore, the biometric voting devices had the ability to transfer the vote counts and result sheets encrypted and electronically to the main server located in IEC’s premises using a secure VPN through 3G and 2G network services enabled in the SIM cards in each device.

However, all biometric devices could not send the result sheets electronically at the end of the voting day to the main server. Possible reasons could be network connectivity or deliberate act to later tamper the devices and manipulate the voting information in the devices or in a way a well-designed plan for systematic e-stuffing of votes.

Cases on inconsistencies between number of voters recorded in the devices and the actual manual vote counts did exist. In certain cases only 4-5 voters were registered in the biometric devices, however, the manual vote counted up to 400 votes which clearly shows the signs of manual vote stuffing.

Over 2,000 biometric devices reached the IEC’s premises weeks after the election’s day. This is one of major concerns given the nature of the biometric devices. The biometric devices run Android OS and it is easy to change the date in Android OS to the date of elections and systematically register voters, create QR codes, print them and stuff the ballot box.

This flaw was pointed out and a proposal was set forth by DERMALOG to upgrade their software to tackle the date change issue in the biometric devices and required 4-5 day to fix prior to contracting DERMALOG for presidential elections, however, government representatives working on the contract negotiation, rejected the fix and deemed it unnecessary due to time urgency excuse which itself raises a lot of questions.

The date changing issue in the devices makes it difficult, however not impossible, to determine if a device was used on the election’s day or days after the elections. The devices use a SD Card memory chip to store voting information and this is a common memory chip easily available in the local markets in Afghanistan. That fact that hundreds or perhaps thousands of biometric devices went missing during parliamentary election is not far from the fact that those devices were used to systematically register votes, the memory chips removed from those devices and put into the devices used in the presidential elections.

Few days back, complaints were raised about police forces breaking the door locks of IEC's Digital Data Support Center. The 2000+ quarantined biometric devices were stored in the same building as well. Possibilities do arise that during this few hours window, the biometric device chips were changed with engineered chips containing voters info to correctly reflect the stuffed ballot boxes. This could be a perfect way to engineer biometric device information reflecting the votes in each corresponding ballot boxes.

In addition, the correct and secure way to transfer voters information from devices to the main server holding the information was wirelessly using the 2G and 3G services in the devices or the wireless network created in IEC, however, memory chips were removed from devices, plugged into computers to transfer this information.

Given the poor cyber security arrangements in Afghanistan and the possibility of computers used for the process being compromised, technically it is not impossible to change the information instantly during the process. Overall, the recommended processes and procedures for the transfer of the information from biometric devices in timely manner as recommended by DERMALOG were never taken into consideration.

Recommendation for IEC to determine if the quarantined biometric devices and memory chips were not tampered would be a proper audit of those devices to determine the date change issue and when exactly were voters information loaded into the devices. The votes within the ballot boxes with corresponding biometric devices found to be manipulated should be discarded.

This will be time consuming, however, the determination of all parties, especially the candidates will determine the fate of elections result. These recommendations are in addition to finding and discarding duplicate (picture and finger print) voters and voters registered with incorrect photos (blank pictures, underage, unknown objects).

“Ahmad Azizi” (a pseudonym) is a senior official of the Afghan government.

Share this post

Comment this post