Thursday, 9th December 2021
<To guardian.ng
Search
Breaking News:

Data sovereignty critical for electronic transmission

By Inwalomhe Donald
10 November 2021   |   2:55 am
The Senate’s adoption of electronic transmission of election results came after months of outrage and outright rejection that followed the passage of the 2021 Amended Electoral act

The Senate’s adoption of electronic transmission of election results came after months of outrage and outright rejection that followed the passage of the 2021 Amended Electoral act earlier in July by Nigerians. But Nigeria has no law on data sovereignty.

Nigeria needs a law on data sovereignty to handle electoral litigations that may arise from electronic voting and transmission of results due to hacking.

The Independent National Electoral Commission (INEC) said recently that with the proposed reform of the electoral Act, the 2023 election may be the last “mainly manual” election in Nigeria. Law on data sovereignty is missing in the proposed electoral reform. There is no law on data sovereignty in Nigeria to back up the proposed electoral reform.

INEC chairman should clarify which country law on data sovereignty Nigeria should adopt when electoral litigations arise from electronic voting and transmission of election results. The issue of data sovereignty must be addressed in the proposed electoral reform. As Nigeria is planning to introduce electronic voting and transmission of election results, we must introduce a law on data sovereignty. There is a difference between manual election and electronic voting that flows on data. Nigeria does not generate data and INEC must avoid a vacuum by establishing a law on data sovereignty that will guide our future election that will rely on electronic voting and transmission of election results. There is a gap between data sovereignty law and electronic transmission of election results in case there is hacking of results.

Prof. Mahmood Yakub, the Chairman of INEC said part of the proposed reform in the electoral system was to deepen the deployment of technology in elections in addition to the existing electronic voters’ register and accreditation. He said, “It is time for new legislation to remove all encumbrances to further deployment of technology in the electoral process, especially in the accreditation of voters and transmission of election results.

President Buhari and Prof. Mahmood Yakub should take note that there is a gap in the proposed electoral reform between the law on data sovereignty and the deployment of technology in the electoral process, especially in the accreditation of voters, electronic voting and transmission of election results. The Independent National Electoral Commission (INEC) needs law on data sovereignty first before it can introduce electronic voting, electronic transmission of election results in Nigeria. I want to appeal to President Buhari that Nigeria does not generate data but it only host data. President Buhari should be very careful when abiding by any foreign law on data because Nigeria only hosts data. Nigeria needs bipartisan law on the hosting of data because it lacks the capacity to generate data and implement the proposed Electoral Act Amendment Bill. INEC lacks the capacity to generate data and it can only host. INEC will be regulated and guided by a foreign law on data. INEC will be hosting data that will introduce electronic voting in Nigeria. President Buhari needs a bipartisan agreement on data before INEC can introduce electronic voting and electronic transmission of election results in Nigeria.

 
The proposed Electoral Act Amendment Bill lacks data sovereignty and only captured the electronic transmission of election results and the use of card readers in future elections. The proposed Electoral Act Amendment Bill did not make provision for the problem of destructive data and hacking of local data hosting centres. The problem of destructive data and hacking of local data hosting centres is an absolute treat to the use of the card reader and e-voting in future elections. The Electoral Act Amendment Bill must make provision for the problem of cybercrimes like yahoo boys. Is INEC going to operate local or foreign data?
 
The proposed Electoral Act Amendment Bill must capture Nigeria’s current ecosystem, though data hosting has improved significantly in the last 5 years, a sizeable number of the country’s data is currently being hosted abroad. This is clearly a cause of concern for The Electoral Act Amendment Bill and poses potential security issues, as data hosted offshore remains subject to the laws of the country in which it is stored. The Electoral Act Amendment Bill, 2018 must clarify the issue of localising data hosting which is critical for security, and safety because it ensures that INEC information is domiciled in-country rather than leaving sensitive data within the purview of foreign organisations and governments.

The proposed Electoral Act Amendment Bill should solve the following problems: Can local data hosting centres secure electronic voting in Nigeria? How do we prevent user data from being compromised and the hacking does not affect the process of voting or its outcome during and after elections in Nigeria? Another cyber security concerns call into question the security of election databases and voters’ data. How do we prevent election databases from being hacked? Using any device to exploit how do we prevent a flaw a hacker who could potentially use it to cast multiple votes and tamper with the system?  

The Electoral Act Amendment Bill must make provision for the problem of cybercrimes like Malware—malicious software that includes worms, spyware, viruses, Trojan horses, and ransomware—is perhaps the greatest threat to electronic voting. Malware can be introduced at any point in the electronic path of If equipment is manipulated to slow its operation or compromise its operability, this may also constitute a DoS attack.

Malware can prevent voting by compromising or disrupting e-pollbooks or by disabling vote-casting systems. It can prevent correct tallying by altering or destroying electronic records or by causing the software to miscount electronic ballots or physical ballots (e.g., in instances where optical scanners are used in the vote tabulation process). Malware can also be used to disrupt auditing software.

Malware is not easily detected. It can be introduced into systems via software updates, removable media with ballot definition files, and through the exploitation of software errors in networked systems. It may also be introduced by direct physical access, e.g., by individuals operating inappropriately at points during the manufacturing of the election system or at the level of elections offices. It is difficult to comprehensively thwart the introduction of malware in all these instances.

The Electoral Act Amendment Bill must make provision for the problem of cybercrimes like Other Classes of Attacks. There are other avenues through which electronic systems may be disrupted. Malicious actors may obtain sensitive information such as user names or passwords by pretending to be a trustworthy entity in an electronic communication. Servers may be breached to obtain administrator-level credentials. Individuals with site access (e.g., employees or contractors) might physically access a system.

Donald wrote from Abuja inwalomhe.donald@yahoo.com

In this article