Professor Adesina Sodiya, President of Nigeria Computer Society (NCS) leads the nation’s largest technology group that prides itself as the national platform for the advancement of Information Technology Science and Practice in Nigeria.
It was no coincidence that the Professor of Computer Science and Information Security at the Department of Computer Science, Federal University of Agriculture in Abeokuta, Ogun State, was an ideal voice to review how technology adoption has helped the conduct of the February 25 Presidential and National Assembly elections conducted nationwide by the Independent National Electoral Commission (INEC).
INEC’s adoption of technology, particularly the Bimodal Voter Accreditation System (BVAS) and the Results Viewing Portal (IReV) portal have attracted mixed reactions following success in some cases, and glitches in others.
Apart from leading NCS, Professor Sodiya, who is also a cyber security expert is very much at home with the pre-election technology plans of INEC, and provides an initial post-mortem of the promises of technology to improve the conduct of election in Nigeria.
In an exclusive interview with Technology Times conducted over the phone, Professor Sodiya, the NCS President, offers expert insights of the real-life performance of the election technology, the hits and the misses, and steps that INEC needs to take to avert technology glitches in the forthcoming Gubernatorial elections holding March 11, 2023 across Nigeria below:
Technology Times: As President of NCS (Nigeria Computer Society), let me begin first with the basic question. Did you vote in Saturday’s election, and if you did vote, what was your experience with using the BVAS and other technologies that were introduced to improve the efficiency of the conduct of the election?
Professor Sodiya: Okay, I didn’t vote in this election. I was actually involved in an INEC assignment too. I went to my polling unit in the morning. I stayed for about three hours, and it did not get to my turn. And because of that, I decided to leave because I didn’t have all the time.
But I actually made effort to vote. My polling unit was crowded. There were so many people there, and even with the fact that they have created another polling unit around my area, that place was crowded.
And when I even went forward to plead that I’m going to be involved in INEC activity, that they should just allow me to vote, the people there, they were just shouting. And they were saying no. I just left but I saw everything because I was actually there for about three hours or even more you know. So I saw everything that happened.
To go to the next question that you raised, the issue of BVAS. From what I’ve seen, I would believe that in terms of what the BVAS was meant to achieve, in terms of the expected functionality of the BVAS, I think BVAS on its own was able to achieve 70%-80 % efficiency, in terms of being able to ensure that the people that are qualified to vote after registration are the ones that actually voted. You know BVAS was introduced so that you could eliminate some of the problems with the card reader. Problems like the use of incident forms, people that are not qualified to vote, thumbprinting, the problem of coercion, and so on and so forth.
With BVAS, if it is used the way it should be used, you are also not going to have the problem of overvoting, and so on and so forth. All these are also related to human factors, you know, because the technology, the device, will work according to how you have designed it. But human beings must also operate it, and the operation must also go in line with what it has been set out. So those are the issues.
About BVAS, I don’t think the problem is really BVAS. Our own problem about our electoral system is more than the use of BVAS. That is why, you know, long time ago, that is why Nigeria Computer Society, we were even saying that we should allow, even if it is going to be a parallel, we should allow full-scale e-voting system. So that people can also be able to vote from the comfort of their homes, and the people that don’t have internet, and so on can go to a place, can now go to a polling unit to go and cast their votes.
In my state, there were a couple of incidents. Even somebody called me and said that we should have used BVAS to correct that. When thugs came to a polling unit, and they were shooting, they scattered everything. It was only one policeman there. He could not handle them. The man also ran away from the scene, and those people, they scattered the ballot boxes, and they even took some of them away. That is not the problem of BVAS. BVAS would not solve that kind of problem. Our problem in Nigeria is more than that. And they came to scatter that polling unit because they knew they were losing in that polling unit, and that has to do with the issue of security.
So what happened in the last election, you know, if you are talking about technology, the use of technology, no technology is free from all these cyber security attacks, frauds, manipulation and so on and so forth. So, that is why there are some processes you need to go through, you know, you need to ensure, and when you are also adopting technology. We, before the election, we have been making effort long time ago, and before the election. We had opportunity to visit INEC. Though we didn’t meet with the Chairman, but we met one of the Commissioners, and we submitted our proposal. We submitted a recommendation, something like a guide of what they can do and how NCS can also assist them. About 14 or 15 recommendations, and one of them is that, all the systems that you want to use, you must ensure that you evaluate them. You must ensure that you continue to test your system, platforms. They told us that they have tested. Testing at what level? You know, by the time we are now talking about the national election. Yes, you have used it in Osun, you have used it in two other places, but you are talking about national election. You test the robustness of your system, the stress testing. And you have to look at the efficiency when you are also having so many data coming into it at a point in time, and so on and so forth. That is one of the things we told them that we could also assist them. But the issue is that of course, INEC is like a close organisation, that they believe that they believe that some of the things they are doing are also right.
Long time ago, before this time, the former Director did not even make it possible for us to see the Chairman. But the new Director made it possible. But unfortunately we could not see the Chairman. One of the things we told them was that they must be conscious of cyber attacks. Yes, some of them were coming in before the elections, and they also reported it. The Chairman also mentioned it, and they said they were able to handle them. But because you are able to handle some now, it does not mean when they are now having the election, the people that you are stopping now, the attacks you are stopping now, the people that are perpetrating them, the cyber criminals, they will continue to also learn about your system. And they will be able to also get additional knowledge, additional information, on how they can circumvent or penetrate your system. So, that also, we told them.
Another thing we also mentioned to them was that we also want to serve as Technology Observers. Let us monitor the use of BVAS. Let us see how the people are using it. Then, we also come at the end of the day, at the end of the election, to give our own technical opinion about how BVAS is used, how we can improve, and even how BVAS is working. Before the election, our submissions to them, we didn’t even get any response. We were calling, they said they were busy preparing for elections.
At our own level at Nigeria Computer Society, we have envisaged all these. Yes, they are using technology. It’s good. We are moving towards that direction. But if you are also adopting technology, and you are not bringing experts. I know INEC also has a lot of IT experts, but try to get in touch with, sometimes again get expert opinion from stakeholders in technology about what you are doing. They are not coming to take a job. Apart from what is being done internally, you also get different opinions from stakeholders, from people that have experience, you know, so many expertise in so many domains. So that when you get recommendations, even if the recommendations are going to be implemented by your staff or something.
This issue started a long time ago when they invited organisations, companies that were going to provide them e-voting facilities or platforms, and we discovered that we were not invited. They only invited those organisations. They didn’t invite experts to also come and add to what they were doing.
There’s been so many things we have done in order to assist them. Now we have found ourselves in a situation where the server was down, and even the dashboard, iRev, was not coming up. And we have known. All these can be possible and the only thing is that you must prepare adequately. You must ensure that your system is robust, your system is scalable, your system is survivable even in the face of attack, your system must be able to work as if nothing is happening.
So those are the kind of things that we are recommended but maybe this one would make them to appreciate how to really handle technology better.
Technology Times: Let me ask you a few follow-up questions. You are an insider, and also an expert in this field. INEC put out a statement yesterday, and to summarise basically that it appeared that their system was overwhelmed, but that they didn’t suffer a cyber attack. From your perspective as an insider, what could possibly have been responsible? Were there cases of cyber attacks that you got to know of based on your own internal knowledge? Secondly, the other key issue was this real-time reporting that was supposed to have been done from the polling unit to the INEC iReV portal that would have ensured that as votes have been counted, from all over the world, you can keep track of it from that portal. That also did not happen as promised. So can you respond to these two questions on what you think could have happened, and what are the recommendations for fixing these anomalies against the forthcoming elections?
I also heard what the Chairman said yesterday that the system did not face cyber attacks. But you know that if you are not really an expert, if you are having cyber attacks, you might not even know it’s cyber attacks. You know it depends on the level. You know, you might not even know it’s a cyber attack, you will just be thinking that something is wrong with your system. But I’m not even saying it’s a cyber attack, but it takes a certain knowledge of cyber security before you also be able to say that the problem you are facing is even cyber or not. Yes, it could be it could also be a stress-based attack or like the Chairman mentioned that the system was overwhelmed.
Why would you be saying that your system was overwhelmed? You know your population. You know the polling units that you have. You have an idea of people that would want to be transmitting results at a point in time. You know you have all these. How well have they been able to prepare? Yes; they told us they were going to do trial elections, which they did. Who are the people involved in these trial elections?
Did they take samples from the people that actually served as their polling officers or SDOs? Did they take samples from them? If they had used their staff, their staff wouldn’t have been the people that would conduct the election. So most of the problems they have, they are really operational. The technology they have adopted, I think that idea is good. But even if you have a good technology idea but from a human perspective, the operational perspective you don’t perfect it, you get these kinds of problems.
It wasn’t that the BVAS could not send results, but even the server that they are going to send results to had issues. Many of them could not send results. So these elections we are still going to rely more on the results they recorded. Paper-recorded and so on and so forth.
Thank God that they did not say they were going to use online results alone. So the paper-based was done alongside with the online transmission of results.
Because the truth is that from my own experience during the election, majority of the polling units could not transmit their results, and even some of the polling officers were complaining of the system not allowing them to have access to that platform to be able to transmit their results.
Technology Times: What do you think is responsible for this inability to transmit the results if I may ask?
Yes, well I think one major reason is, because I’m not going to say it is the network, because I also have information that some of them even tried another network and they still could not. I think the problem would be the system of INEC. I’m talking about the central system where the results will actually go to. You know I’m thinking that is one of them. And of course, I think the server we are talking about, it was not, it did not have capacity to be able to pick results at that time. Well that is what I am thinking.
The second one that is not really major is the network because all the polling officers actually complained that it was network that did not allow them to be able to transmit the results. But everything is about low robustness of their platform, you know. They have a distributed platform and it’s not too robust. And I thought that all these, they should have been able to evaluate, they should have able to subject the system to a kind of test that, and that is why we wanted to be involved too. We would have advised them on what they can do, how they can prepare adequately for this election. You cannot just say we we are using technology, we are using technology and technology will come on its own to solve the problem. In the use of technology, you still talk about people, you talk about operations you know and they talk about policies. You know all these three other ones, people, policy, operational would make the technology to work. Technology on its own will not be there and do magic for you. So that is what I’m thinking. It’s about the capacity of the robustness of their system, of their platform to be able to use. And I want to tell you, you know one major attack that we call denial of service attack. Denial of service attack is an attack that would collapse your system. That would make your system not to be able to continue to provide the services, and that is what has happened. So if they are saying that it is not a cyber attack, well I think some time will tell because the truth is that INEC could not provide the services The platform of INEC could not provide the service and that is what denial of service attack could cause. If it was caused by their system not too robust, who provided the system? Who tested the system? Who prepared the system ready for election? Those are the issues. Those are the things we should look at.
Even one of the things we mentioned to them was that we can help them to create a platform to ensure that they are able to monitor the collection of PVC, PVC collections. So that they will be able to know.
In a polling unit, I mean, in a local government, if the results of two polling units were cancelled, and you now need to declare results, before you declare results, if you don’t want to recommend that byelections should take place in those polling units that were cancelled, then you need to know the total number of registered voters. If the difference in the result of the first person is more, I mean the difference between the results of the first and second is more than the total number of registered voters in the two polling units, you know then you can still go ahead to declare results.
But the question again is are we supposed to use that? What we are even supposed to use is the number of voters that have collected their PVCs because you have said that without PVC you cannot have an election.
So we should be looking at those people that were actually qualified to vote. And those are the people that have actually collected their PVCs.
We recommended that, let us help to monitor PVC. Let us know. I think at a point in time, they did not even have information about people that have collected their PVCs, and that is why they still went ahead to use the total number of registered voters.
You know that when they were preparing for this election, they said they have learnt from Edo election, from Ekiti election and from Osun election, but the issue is that when you are preparing for national election, you need to bring so many things on board.
Technology Times: Prof, let me just quickly try to distinguish between some of the factors that you’ve talked about so that we can reasonably evaluate how effective technology has been in this instance. You painted the scenario: we have the INEC systems both the BVAS and its own internal servers, and then you have the telecoms infrastructure on the other side, though that’s external. Majority of the complaints, this time around we there was hardly any complaint around the telecoms infrastructure not being able to deliver in terms of expectations. And from some inside insights we have, we have been able to gather and we understand that the NCC-led collaboration with INEC in conjunction with the telecoms operators assisted to make this happen. Okay so can you speak to these three critical elements: the system of INEC itself, the complementary telecoms network infrastructure around the country as well, and more importantly the human factor that you also highlighted. How have these three factors interplayed and how do you evaluate them?
Let me start by talking about the telecommunications infrastructure. You know, even initially NCC went to the National Assembly saying that they didn’t think that NCC had a communication platform that would guarantee electronic transmission of results. But immediately we wrote our own comments to NCC that it is something they must be able to do. It is something that is even possible. And we compared it with even JAMB examinations. You know that one also when students finish their exam at a particular session they must also upload the results and they are also using this our national telecommunication infrastructure.
But the issue again is that there are some polling units that are remote and they made provision that even if you move to some other locations, you would still be able to transmit your results. At worst come to Local Government, you would still be able to transmit your results.
Like you have said, I also painted that as a very minor factor that affected some of the elections we had at the weekend. It was minor because even those that did not have network problems, because very few of them complained about the network. But even those that had networks, many of them still could not transmit their results. So it is more of a problem INEC has. And we have to get them to let us know the problem.
The testing you did on this system, tell us the results you got. Tell us how you conducted your testing. Tell us who are the people that assisted you to do this testing. You know, you cannot, if you want people to assist you, you must be open. I have said later in the day, I am also going to call the director of ICT. He’s a new Director, who is also our member, to find out, to get details of what happened, and their challenges. Let us know how we can come in. The server, the system of INEC is the major issue here.
Let me also talk about the human factor here. But from what I have seen, I did not envisage the human factor in terms of the operation of BVAS recording results that will affect the result of the election. I did not see that because, I mean, BVAS still came with the records of people that are qualified to vote. And the good thing this time around is that after your accreditation, unlike what we used to have when we were using card readers, after accreditation, everybody you will now go back to sit down and they will give us another time we can come to vote. After accreditation, immediately you go to vote, and if you want to leave that environment, you can leave. It makes it easier. Do accreditation, vote and go. The system, BVAS, after accreditation, has noted that you have come to vote. So we have records of those that have voted. They are not supposed to also disclose those people that have voted, but INEC will have the records of people that have voted in all the polling units because they have our records, our fingerprints, our photos. So they have the records of people that have voted in all the polling units.
We have data, unlike before this, these data is difficult to get. BVAS operations, even some of the Corpers they used, were able to use it very well. The problems some of them had were maybe little computation, addition, and so on and so forth. And when they got to their Supervisors, they were able to resolve some of these issues. So in terms of what happened affecting the results, I don’t really see that it is a major thing.
Of course, it says a lot about the view, about what people have been telling INEC, and why they have not listened to some people. Every time they were doing as if they were ready. Even the preparations, a day before the election, some people were saying they were not sure whether the election was still going to hold because of their level of preparation. They still got to some of the polling units late. But we were thinking we would have gotten all that right. Towards the election, you know, there were also so many issues in the country. The issue of Naira design. INEC was crying out that they needed cash, but eventually, they were able to get it late into the election. There could be all other things that have also affected INEC. But that is not before us. What we used to hear was that they were ready, the election would go on, and they had sorted all the things they needed.
The human factor, I’m not going to say it was challenging a little, but what was also a major challenge for that election is also operational. Inability to be able to do their processes, all their processes the way they should do it.
Look at the trial election they did, do you know that, I got to know, I might not be right, that they were transmitting dummy results. Dummy data. Data that the size is very very low. And you are doing it for sample. If you are doing something for sample, you should even be transmitting a large amount of data, that would, for example, you want to transmit the result from Osun, estimate the data you want to transmit in Osun during the main election. Divide them into the number of polling units that you are picking as sample, then transmit the result at that time, even at the same time. See the effet. See the effect on the platform. Even the process was gone and we tried to caution them in some of them that, don’t use dummy. Try to be real as much as possible. Even go beyond your estimates so that you will be able to know how robust, how efficient your system would be during the election. So that is why I’m saying that it’s about the operations. It’s about the people that helped them to design all these processes.
You know we also evaluate processes. Apart from evaluating technology, let us evaluate the processes, and let’s see whether the processes you have actually put on are actually good, and they are the best that can help us to guarantee the free, fair and inclusive and conclusive election that INEC has been preaching.
Technology Times: Prof, let me just ask a final question before we round up. We have the gubernatorial elections in just a fortnight away. So what then would you recommend as remedial measures that the Nigeria Computer Society would provide in terms of suggestions and recommendations to INEC such that based on the lessons and learnings from this Presidential election that can be taken care of ahead of the next polls?
INEC must critically evaluate and test their platform. That’s number one and they must get the right people involved in designing the methods, the methodology to do the testing and evaluation of the system. And it’s not just possible for us to recommend that they must also, they can also do a trial election before that time. But if they do the kind of testing that are necessary they might not really need to do it. They need to test their platform, and testing their platform is not that, with this problem they had, somebody would now say, that the server is back tomorrow and they go to sleep that the server is back. It is continuous testing of the platform that they would do until the time for the election.
And I know that INEC has also spent a lot of resources on attack detection systems, cyber attack management systems. We need to also evaluate these cyber attack management system. We need to also, the people that are operating these platforms, in the human factor angle, we need to try and identify them And do you know something, and that is why we said we wanted to serve as Technology Observers. We wanted to really look deep into their operations so that we can advise. We are not going to condemn INEC. What is important for a Society like us is to ensure that technology adopted, are deployed, and used the way they should be used.
If we are encouraging people to use technology and the people are still having this kind of experience, even as an expert in that field, you want to close your eyes because they will be challenging you. Yes we used BVAS, what kind of election did we still have. We are doing electronic transmission of results, what kind of election did we still have.
So we are really concerned as a body. We would want them to majorly, I don’t think the telecommunication infrastructure is our problem. Majorly, they should look at the operations, you know, in terms of the policy, procedures, methodology in doing all their major activities. They should reveal them. They should go through proper testing, critical testing and evaluation of all their platforms, of all their systems, you know, and ensure that they continue to ensure adequate protection on their database and all their electoral information systems.
And again finally, I want to say that members of NCS can also assist. We have submitted our recommendations. INEC should try and look at our submission to them. They might not even take everything. Let’s see how we can assist. The truth is that some of our members were still saying before the election that the portal, the system of INEC, is still not attack-proof.
I am also a Professor of cyber security, but I’ve not on my own, you know it’s not ethical to start to probe a system without they getting permission and approval. It’s outside the law. So you cannot just try to probe the system. But if our members are engaged to try to probe the system, to drive that system and then be able to come up with identified vulnerabilities to see if they are available. But if they are not, you must also be able tell them some of the minor things they have to do, you know, in ensuring that the system protected from all forms of cyber attacks.
But apart from that, the software, the application itself, how is it working? How is it delivering services? We need to also talk about that. How do we guarantee that it is delivering the services they way it should deliver it. And if it has been delivering the services, what happened during election? We must be able to identify. They must come out and tell us the technical challenges, not that you just be talking some aspects of technical challenges. And that is why we also want to recommend that since they are moving towards the use of technology more, they should ensure that more IT experts are involved in the activities of INEC. Whether as full-time staff or as as members of the Management or as members of the Commissioners. Appointing only politicians as Commissioners might not really assist us. We should be looking at appointing one or two IT experts as Commissioners in INEC. Maybe with that , we will be able to see people around them that talk to them, they will listen and they will be able to understand the technology. So many vendors go to them to say they can do this, they can do this. You know that I mentioned something that even when they invited the organisations that they selected to come and provide the platform for them, they did not involve, they did not invite stakeholders. They would have taken decisions on their own without advice from stakeholders. Those are the kind of problems that caused the challenge they had last election.
Source of Article