Indelible ink and biometric verification: The truth and myth

0

Indelible ink has been used in Ghana in previous elections to mark voters as proof of voting and to publicly show that a particular person has already voted and cannot vote multiple times. This was a risk management and control tool to ensure elections were free and fair. The recent District Assembly elections conducted were done without the use of indelible ink for the reason that the biometric voter database and verification system, is robust enough and that there is no need for the tested use of the indelible ink. Not using the indelible ink in the District Assembly elections cannot be seen as a test run for the general elections in December 2024. In any event, even the District Assembly elections had in place a fall back by using photo IDs and a printed voters’ register for manual identification. We should be mindful that a District Assembly election is not the same as a national election where the stakes are much higher to ignore the need to use the indelible ink.

Technically, from a pure information technology (IT) perspective, it is a true statement that the use of indelible ink is not needed and so is a printed register and photo ID, but operationally from an IT risk management perspective, it is half-truth and a myth. If something is likely to fail, prudence will tell you to assume failure and find a risk mitigation factor, especially when the outcome of the business operation which has been technologically enabled for efficiency is critical with a devastating impact should the technology fail.

This article highlights the fact that technically, there is some truth in saying that with a biometric voters’ database/register, there is no need for the use of indelible ink in voting. However, operationally, to manage the IT operational risk of both software and hardware failures, planned or unplanned, it is a myth and not a wise thing to do.



TRUTH ABOUT BIOMETRIC VERIFICATION SYSTEMS

Technically, it is true that all things being equal, with a biometric verification system, once a person has been verified the person cannot be verified again. This is on the proviso that it has been programmed as such. It is therefore easy for technical people to convince the non-technical, in theory, that everyone will be verified once with no possibility of being able to vote multiple times.

A biometric database system captures a person’s thumbprint, facials (geometry including iris) or voice which are unique to the person. A biometric verification system accurately verifies Who you are” since your physical presence for your thumbprint to be matched with what has already been captured is a higher and more reliable form of verification and identification.

For biometric databases, the verification question is; “Are you who you claim to be?” and the answer is yes, I am physically here. Then the identification question follows; Do I know who you are? and the answer is yes, you have captured my biometrics.  A “one-factor” identification is therefore enough since the actual person to be verified is physically present for the biometric to be identified against the database. There is therefore, technically, no need for a photo ID or a printed register and by extension with a biometric voter registration system, there is no need for an indelible ink to determine who has voted.

It will, however, be folly on the side of the business leader who understands the critical nature of the business operations of an elections system, to go along with the technical truth, ignoring the human factor, and not manage the possible risk of failure.

MYTH ABOUT BIOMETRIC VERIFICATION SYSTEMS

There are various aspects of information technology. The software and hardware are the technical aspects with management as the operational and risk management aspect. The management aspect is often downplayed by the technical players who so much albeit ironically, believe in theory and that what they have created cannot fail. Software and hardware always fail making the management of IT very critical in business operations.

Inadvertently or unplanned, like any computerised system, the biometric verification system can fail at either the software or hardware level under full deployment. It can therefore not be said to be fool proof. Even aeroplanes that have highly sophisticated computerised auto-pilot systems make room for manual intervention. The reason is that even if the risk of failure is low, the impact of the failure is high and this goes for any election system, the bedrock of the peoples’ right to self-determination.

Planned, technically and deliberately, like any software system, an elections biometric verification system can be programmed to allow for multiple verifications for particular persons or in a particular polling station. What you want the system to do is what it does. Yes, it is a computerised system, but the program is written by human beings who can in error or deliberately compromise the system. An exception can be made for particular people to be verified multiple times and an exception can also be made for particular persons not to be verified electronically so they can be manually verified.  Any programmer will tell you this is not rocket science.

The advantage of having a biometric voters’ register, theoretically, is the fact that once the person is physically present, she can be verified and identified in the biometric system without the need to have or show any form of ID card, manual register for names to be ticked or use of indelible ink to mark voters. Practically, operationally and from a risk management perspective this is a myth since situations could arise where there will be the need for manual verifications which will require a photo ID, the printed manual register and the use of the indelible ink.

A robust and efficient biometric verification system is where a voter just walks in with no ID, no name being ticked in a manual register and gets verified by the biometric reader to vote. The irony is that, in the recent District Assembly elections, one had to present a photo ID, voters’ card or Ghana card, which was then used to locate the name in a printed manual voters’ register with pictures to be ticked off. This was first to manually identify the person before being asked to be verified with the biometric reader and biometrically identified in the database. So why was a photo ID required and a manual printed register used, leaving out the use of the indelible ink? With the Electoral Commission (EC) wanting us to believe it has a fool proof, robust biometric system in place, that process was needless and there was absolutely no need technically, to have had any form of ID to vote or the printed manual register to mark off the names of voters.

The process used in the District Assembly elections, technically a duplication of a biometric verification system, did not give credence to having a robust biometric system as claimed by the EC. Operationally, however, this was a good manual fall-back risk management control measure should the system fail and so should the indelible ink be used. Not using the indelible ink in the 2024 elections because the system is deemed to be robust is a myth.

INDELIBLE INK AS RISK MANAGEMENT TOOL

All computerised systems put in place a contingency plan for business continuity as part of risk management. This is most relevant in very critical business operations where there is either a high probability of the system failing with high impact on business operations or where there is a low probability of failure but a high impact on operations should the system fail. Prudence will also tell anybody in managing IT systems that, where there is the risk of failure with a high impact on operations, to assume a failure and put in place the necessary manual risk management plan for business continuity.

Having a contingency plan for business continuity in any IT system is in no way an indication of the non-robustness of the system but just common sense even if you know nothing about risk management in IT. No IT professional worth his or her salt would vouch for the robustness of a critical computer system such as an election biometric system for it to be relied on without thinking of the risk of failure.

National elections are constitutional and the very rock of the democracy on which the people of Ghana have opted to self-determine the governance of the country. It is therefore a very critical operation that any computerised system that is to be used as a tool to enhance the process must have a risk mitigation plan. This collectively is what a robust system is and what I call a “belt and braces” business operation. IT is a means to an end and not an end in itself to be completely relied upon.

According to the EC, the biometric verification system is robust and there is no need for the use of the tried and tested indelible ink. The four (4) critical questions and answers however are: Is there a risk of failure? and the answer is yes. Is the impact of any failure high and critical to the foundation of our democracy? the answer is again yes. Will there be the need for manual verification should the system fail? and again the answer is yes. Will the indelible ink to mark voters be needed should there be manual verification? and the answer is yes. Now what if someone snatches and destroys the biometric reader and printed register? How do we know who has voted? Or we think it cannot happen. Have we forgotten what nearly happened even in Parliament during the election of the Speaker?

PLANNED COMPROMISING OF SYSTEM

Yes, it is possible and not rocket science for the system to be programmed or hacked into for multiple voting or blocking particular named others not to be verified hence the need for manual verification with malicious intent. This could even be without the knowledge of the EC since they are just users or sponsors of the system and did not develop the system. It can be compromised just before deployment or be subjected to a Denial-of-Service (DoS) cyberattack once deployed, more so should the biometric reader have in-built chips that can be accessed remotely hence the potential to be “hacked” by a DoS cyberattack to stop the reader from working.

In a situation where the system has been programmed or hacked into to allow certain people to vote multiple times, it is only the indelible ink that can visually let polling agents or general observers know who has already voted and to be challenged. It is also possible for the biometric readers, hardware, to be made not to work in particular areas. This would lead to having to rely on the contingency plan to continue the voting verification exercise manually, hence the need for the use of the indelible ink to mitigate the potential for multiple voting. Again, a voter can be verified by the biometric system in a particular polling station and without the indelible ink, move to another polling station and with the connivance of a rogue EC official, pretending to be manually checking the register for his details which does not exist, can be allowed to vote again.

Of course, the biometric reader has a voice prompt that audibly confirms that one has been verified and though necessary, it is not enough control for observers to physically see that a person has been verified. The voice control can be compromised by lowering the volume to allow someone who has not been registered in a particular polling station to be passed by a rogue EC official to vote especially if it is the same person doing both the biometric verification and manual verification in the printed register. It is also even possible to completely deactivate the voice prompt on some readers.

This call for visible evidence of voting is not unwarranted as the EC seems to have lost the credibility, perception of independence and the assurance of being a neutral arbiter for a free and fair election from half of the voter population. This is not without reason, taking into consideration certain partisan political appointments, real or perceived, made to the EC and pronouncements made by certain individuals in the EC. Not using the indelible ink will exacerbate the suspicion, unless of course the EC does not care or there is some unknown planned motive for not using the indelible ink to throw caution to the wind.

UNPLANNED SYSTEM FAILURE

Just “What if” the system fails unplanned, technically. It makes no sense from both an IT and an operational risk management perspective not to have a manual backup arrangement. Not using the indelible ink to mark voters is flawed from both IT and operational risk management perspectives and comes with it more operational complications than it is to resolve. A biometric verification system used for elections, a critical computer system with high impact should it fail, is not the same for opening doors, for which an indelible ink is not needed to show one has been verified. Even for doors, there is an option for the door to be manually opened with a key and so by logical extension, an election system still needs the indelible ink if it is not a full-blown e-voting system.

Aside, planned manipulation of the system, two critical situations can genuinely call for manual verification of the voter. The first is technical. That is, if the biometric reader fails due to a hardware failure, malfunctioning or power challenges, causing it to freeze or not work. Also, during the voters’ register verification exercise, the verification was manually done with voters presenting a photo ID, voters’ card or Ghana card, for their names to be manually checked on a printed sheet and ticked off. It did not allow for the verification of captured biometrics by the biometric reader for voters to confirm that their biometrics actually exist and matched to their names. In the absence of that, we cannot therefore rule out the possibility of someone’s biometrics not being in the database, wrongly captured or the file being corrupted, thus calling for a manual verification.

The second is operational, where the voter has had some form of disability with the fingers since registration by the Electoral Commission or the voter’s biometric cannot be recognized by the system which is also possible.  Now, the fact that a computerised system, a tool, cannot recognise a registered voter at the time of voting, for whatever reason does not deprive the Ghanaian who is eighteen (18) years of age and of sound mind the right to vote under Article 42 of the 1992 Constitution.  A manual verification will have to be done under such circumstances and this cannot be without the use of the indelible ink to mark such persons as having already voted.

The points of failure in a voters’ biometric verification system, planned or unplanned, are so many that the use of the indelible ink as evidence of voting and thus a multiple voting risk mitigation tool cannot be ruled out and is a must.

ISSUE OF COST AND CREDIBILITY TEST

Democracy as they say is expensive and the cost of indelible ink should not be an excuse for not using it as an elections credibility tool. The elections must not only be credible but must be perceived and seen to be credible, so it does not hurt using indelible ink. Not using the indelible ink creates unnecessary suspicion of foul play even if not real since it has no operational IT risk management basis for not using it.

Even if the likelihood of failure of the biometric verification system is low, the impact on the very foundation of our democracy is high. If the Executive through the EC and Legislature through Parliament think preventive cost is expensive, they should try the cost of failure and ignore the use of the indelible ink in the 2024 elections on the basis of cost. Actually, aside from cost considerations, this decision by the EC does not resolve anything. The cost of providing indelible ink is minimal, compared to the cost involved in printing voters’ IDs and the manual registers. In pidgin, we say “Unless you no get money, plenty fish no dey spoil soup”. Are we ready to risk the credibility of our fragile democracy on cost?

CONCLUSION

`No indelible ink` goes to reason that there should not be any manual verification in the 2024 general elections with the EC guaranteeing 100 per cent uptime with the biometric system or physical damage to the system. This is operationally not possible unless to say God is in control so we pray nothing will happen, following the usual Ghanaian “Nyame wɔhɔ” syndrome.

The law might give the EC the mandate to do what it wants to do but it does not prescribe the wisdom in operationally getting it done to make sure the general elections are free and fair, real and perceived. In the same way, printed voter registers and voters’ ID cards were used in the just-ended District Assembly elections, which came at a cost, despite a supposedly robust biometric system. There is therefore the need to still use the indelible ink. If the EC wants to do away with the indelible ink to mark voters, it should also do away with the need for the concurrent use of any form of ID and the printed register because technically, they are also not needed to vote in a “robust”, “advanced and “efficient” biometric verification system as the EC claims to have.

Of the three risk mitigation tools, the photo ID, the printed register and the indelible ink, the most important is the indelible ink. Technically, the need for the first two have been dealt with by the biometric verification system and it is only the indelible ink that is outside the electronic system, should it fail, that visibly shows that one has voted to stop multiple voting. Ironically, the most important is being left out. Beggars belief indeed.

Should the EC still insist on not using the indelible ink in marking voters as the visible proof of voting because they are monarchs of all they survey, and can do whatever they want to do, then all polling agents must be made to sit behind the desk with the EC official during the verification process. This is to visibly see the prompts on the biometric reader as well as the ticking of names in the printed manual register so nothing untoward is done by a rogue EC official.

Those advocating for not using the indelible ink or are quiet about it because they think it may favour them today should be reminded of the story of Haman in the book of Esther. I end with Esther 7:10 “So they hanged Haman on the gallows that he had prepared for Mordecai. Then was the king’s wrath pacified.”

 

The author Dr. Kofi Anokye Owusu-Darko holds an EMBA (IT Management), an LLB and LLM (IT & Telecommunication) Blog: (Kofianokye.blogspot.com; Kofidarko2.blogspot.com) contact: ([email protected])

Leave a Reply