Nigeria needs law on data sovereignty to handle electoral litigations that may arise from electronic voting. The Independent National Electoral Commission (INEC) said recently that with the proposed reform of the electoral Act, the 2019 election may be the last “mainly manual” election in Nigeria. Law on data sovereignty is missing in the proposed electoral reform. There is no law on data sovereignty to back up the proposed electoral reform. INEC chairman should clarify which country law on data sovereignty Nigeria should adopt when electoral litigations arise from electronic voting and transmission of election results. The issue of data sovereignty must be address in the proposed electoral reform. As Nigeria is planning to introduce electronic voting and transmission of election results, we must introduce a law on data sovereignty. There is difference between manual election and electronic voting that flows on data. Nigeria does not generate data and INEC must avoid a vacuum by establishing a law on data sovereignty that will guide our future election that will rely on electronic voting and transmission of election results.

Prof. Mahmood Yakub, the Chairman of INEC said part of the proposed reform in the electoral system was to deepen the deployment of technology in elections in addition to the existing electronic voters register and accreditation. He said, “It is time for a new legislation to remove all encumbrances to further deployment of technology in the electoral process, especially in the accreditation of voters and transmission of election results.

President Buhari and Prof. Mahmood Yakub should take note that there is a gap in the proposed electoral reform between the law on data sovereignty and the deployment of technology in the electoral process, especially in the accreditation of voters, electronic voting and transmission of election results. The Independent National Electoral Commission (INEC) needs law on data sovereignty first before it can introduce electronic voting, electronic transmission of election results in Nigeria. I want to appeal to President Buhari that Nigeria does not generate data but it only host data. President Buhari should be very careful when abiding by any foreign law on data because Nigeria only hosts data. Nigeria needs bipartisan law on hosting of data because it lacks capacity to generate data and implement proposed Electoral Act Amendment Bill. INEC lacks capacity to generate data and it can only host. INEC will be regulated and guided by a foreign law on data. INEC will be hosting data that will introduce electronic voting in Nigeria. President Buhari needs a bipartisan agreement on data before INEC can introduce electronic voting and electronic transmission of election results in Nigeria.

The proposed Electoral Act Amendment Bill lacks data sovereignty and only captured electronic transmission of election results and the use of card readers in the future elections. The proposed Electoral Act Amendment Bill did not make provision for the problem of destructive data and hacking of local data hosting centres. The problem of destructive data and hacking of local data hosting centres is an absolute threat to the use of the card reader and e-voting in the future elections. The Electoral Act Amendment Bill must make provision for the problem of cyber crimes like yahoo boys. Is INEC going to operate local or foreign data?

The proposed Electoral Act Amendment Bill must capture Nigeria’s current eco-system, though data hosting which has improved significantly in the last 5 years, a sizeable number of the country’s data is currently being hosted abroad. This is clearly a cause of concern for The Electoral Act Amendment Bill and poses potential security issues, as data hosted offshore remains subject to the laws of the country in which it is stored. The Electoral Act Amendment Bill, 2018 must clarify the issue of localising data hosting which is critical for security, and safety because it ensures that INEC information is domiciled in country rather than leaving sensitive data within the purview of foreign organisations and governments.

The proposed Electoral Act Amendment Bill should solve the following problems: Can local data hosting centres secure electronic voting in Nigeria? How do we prevent user data from be compromised and the hacking does not affect the process of voting or its outcome during and after elections in Nigeria? Another cyber security concerns call into question the security of election databases and voters’ data. How do we prevent election databases from be hacked? Using any device to exploit how do we prevent a flaw a hacker who could potentially use it to cast multiple votes and tampering with the system?

Independent National Electoral Commission, INEC, cannot protect its data across 119,973 polling units from Disruptions of Electronic Systems on Election Day. Security vulnerabilities can be exploited to electronically disrupt voting or affect vote counts at polling locations or in instances of remote voting. LOCAL DATA HOSTING CENTRES in Nigeria cannot prevent. Denial-of-service Attacks. Denial-of-service (DoS) attacks interrupt or slow access to computer systems. DoS can be used to disrupt vote casting, vote tallying, or election audits by preventing access to e-pollbooks, electronic voting systems, or electronic auditing systems. When employed against even a limited number of jurisdictions, DoS disruptions could lead to a loss in confidence in overall election integrity. A DoS attack targeting select jurisdictions could alter the outcome of an election.

The Electoral Act Amendment Bill must make provision for the problem of cyber crimes like Malware—malicious software that includes worms, spyware, viruses, Trojan horses, and ransomware—is perhaps the greatest threat to electronic voting. Malware can be introduced at any point in the electronic path of a If equipment is manipulated to slow its operation or compromise its operability, this may also constitute a DoS attack.

Malware can prevent voting by compromising or disrupting e-pollbooks or by disabling vote-casting systems. It can prevent correct tallying by altering or destroying electronic records or by causing software to miscount electronic ballots or physical ballots (e.g., in instances where optical scanners are used in the vote tabulation process). Malware can also be used to disrupt auditing software.

Malware is not easily detected. It can be introduced into systems via software updates, removable media with ballot definition files, and through the exploitation of software errors in networked systems. It may also be introduced by direct physical access, e.g., by individuals operating inappropriately at points during the manufacturing of the election system or at the level of elections offices. It is difficult to comprehensively thwart the introduction of malware in all these instances.

The Electoral Act Amendment Bill must make provision for the problem of cyber crimes like Other Classes of Attacks. There are other avenues through which electronic systems may be disrupted. Malicious actors may obtain sensitive information such as user-names or passwords by pretending to be a trustworthy entity in an electronic communication. Servers may be breached to obtain administrator-level credentials. Individuals with site access (e.g., employees or contractors) might physically access a system.

A crucial benefit of these colocation data centres, especially for INEC is the ability to manage disaster recovery and business continuity seamlessly. This is as a result of multiple redundancies built into the power, cooling and security infrastructure of these data centres which ensure operations remain uninterrupted even in the midst of unplanned outages. In a country where uninterrupted power supply is a luxury, and businesses are susceptible to diverse power related failures, system down times and a myriad of other interruptions, local data centre support means they do not have to break the bank to access the high availability required for operations in today’s digital economy. Just as Nigerians are required to keep foreign reserves and currencies within the shores of the country in order to ensure growth of local banks and ecosystems as opposed to currency manipulations when large currencies are kept offshore, so will the country and the local ecosystem benefit from localisation of data. This is because, it means secure INEC and government data are kept by Nigerians and manipulation or foreign interferences is at a minimum.
___________________________________________________________________________________________________________________
Inwalomhe Donald writes from Abuja [email protected]