By Duncan Mlanjira

ICT Association of Malawi (ICTAM), which a key stakeholder in the ICT expert stakeholder group working with the Malawi Electoral Commission (MEC), and all political parties, has recommended and brought in two other key stakeholders, the Malawi Computer Emergency Response team (CERT) and Association of Internet Service Providers in Malawi (AISP).

CERT is a provision in the E-Transaction and Cybersecurity Act (2016), mandated to provide protection actions to Malawi’s Critical Information Infrastructures and serve as a base for national coordination in responding to ICT security threats.

AISP Malawi comprises all the players in Malawi through which TNM and MTL are members.

“We feel these stakeholders will bring valuable contribution to the group looking at their focus areas in relation to the election results transmission task,” says a report released by ICTAM president Bram Fudzulani.

“As the ICT community, we hope and believe that the Malawi electoral commission is going to continue engaging the expert group and value the technical input from these members to ensure a free and fair election.”

The statement is part of the results of the national dry test runs on election results transmission which ICTAM and MEC held last week, which was aimed at detecting system’s weaknesses or bottlenecks, if any.

“Issues to do with congestion over the network and possibility of unlawful access to the network were among the issues that were critically assessed during this test. This report focuses on the details of our findings and assessment of this exercise to determine MEC’s readiness in handling the electronic transmission of the results during this year’s tripartite general election.

“The association recognizes the crucial role technology is playing in this year’s tripartite general elections and that is why the association committed to provide oversight and technical input especially on the technology front to ensure a fair and credible election.

Key Findings

The association-deployed volunteers in six different tally centers namely, Chimutu TDC, Chinsapo Primary School, Kaufulu TDC, Ipyana TDC, Mponda primary school and Blantyre secondary school.

Each member of the team had an assessment document, which was being used to cross check some of the main issues that we felt needed to be in place for a successful simulation of the real results transmission of the results.

“The ICT officers in all the places that we carried the assessment seem to have received adequate training on how to use the results transmission system, which is an important element to have a clean data capturing exercise during the elections.

“However, in certain cases, there was a lack of clarity on how to confirm that results from the Constituency Tally Centre had successfully been uploaded.

System Security

“Login to the system required one to produce a valid ID issued by MEC and once this card has been scanned the password prompt would appear for one to proceed to login. This is another good system control method to ensure that only authorized personnel have access to the system and this shall help with the system audit trail to show the activities of each and every user who logged in the system.

“The dry tests runs were in some other parts affected and could not simulate the real transmission of the results because the network service provider delayed to setup the connection in those places.

“This is one very critical aspect of having a successful transmission of the results, especially on the day of election; there is a need for a thoroughly testing of different scenarios to make sure that the network setup is done to handle all possible scenario of bulk data that shall come from different centers on the day.

“MEC needs to put in place tests mechanism that rule out all possible connectivity failure by having both primary link providers and secondary providers to test them simultaneously by simulating failure on the primary link and see how the system will pick and fail over to the secondary link without disturbing the data transmission.

Independent Auditors

“MEC announced this year the introduction of independent auditors who are going to be placed in all the tally centers to independently audit, verify and document everything that is happening at the results capturing and transmission centers.

“We noted, however, during our assessment that in all centers that the auditors had not been placed on the dry tests runs. We felt the auditors should have also taken part in the dry tests runs to simulate their role and if possible work out all possible friction, which may be anticipated on the actual day.

Physical Security

“During the assessment exercise, we noted the presence of the police in all the centers and this is very important to ensure that there is security in all the centers. There were no CCTV cameras installed in all the centers to ensure that all processes happening in these small rooms were being taped and kept off site for future reference and auditing.”

ICTAM further says much as they feel that MEC’s ICT officers acquired enough training, they recommend that the ICT systems operators be issued with operators’ checklist, a how-to-document that must be handy for the operators to refer to and to confirm that all the steps have been rightly performed in an appropriate sequence.

On System Security Audit, the report recommends MEC should engage the services of an independent security expert to perform a systems security check and audit and produce a report to the stakeholders before the general election.

It also says MEC and the entire nation is going to depend on critical mission results transmission system during this year’s tripartite elections and therefore, it is very important that the system undergoes a thoroughly system quality assurance assessment by an independent expert.

“This will ensure the systems behavior is compliant with the industry specifications and with the final expectations.”

ICTAM also made some observation on the network connectivity since the whole exercise of transmitting the election results electronically relies on the need for availability of the network connection in all the centers.

“We understand that the service providers have commitment to making this their priority; however, with the results of the dry tests run, it was evident that the providers were not proactive to the task and therefore the test could not test the reliability of the network,” the report says.