Tuesday September 21, 2021

ECP seeks guarantee from govt for foolproof i-voting system

The ECP informed the government that the audit team strongly recommends that the Nadra I-Voting system to be upgraded prior to being used on the election
The Election Commission of Pakistan (ECP). File photo
The Election Commission of Pakistan (ECP). File photo 

ISLAMABAD: The Election Commission of Pakistan (ECP) has sought a guarantee from the federal government that it would develop a foolproof and rigorously tested i-voting system that is secure from international hacking attacks, especially state-sponsored hacking attempts.

In a recent letter addressed to the Ministry of Parliamentary Affairs, the Secretary ECP Omar Hamid Khan referred to the ECP’s decision of approaching the federal government to seek the required guarantees for making a foolproof i-voting system.

“The Honorable Commission has decided to approach the federal government asking how much time Nadra requires to rectify the vulnerabilities and gaps highlighted by a cybersecurity firm and timelines may be provided to the ECP for development of a new i-voting system based on recommendations given in the report by the Internet Voting Task Force (IVTF) and (Spanish audit firm) Minsait,” said the letter.

It added, “The Ministry of IT&Telecom and Nadra should ensure and guarantee that full compliance of the checklists about the security standards of the i-voting system has been accomplished and rigorously tested by making a foolproof i-voting system from international hacking especially state-sponsored hacking attempts.”

The ECP also referred to a report of Minsait, which was hired by the Ministry of Information Technology and Telecommunication for conducting a third-party technical audit of the internet voting system developed by Nadra. Minsait completed the audit work on May 31, 2021 and submitted its report to the ECP in a meeting on June 2, 2021.

The ECP informed the government that as per the technical audit report by Minsait, the audit team strongly recommends that the Nadra I-Voting system to be upgraded prior to being used on the election, due to the critical findings as follows:

(i) Voting, admin and results application modules need to be replaced;

(ii)Voter registration modules need to be upgraded.

The ECP also drew the attention of the government to Article 218(3) of the Constitution which says: “It shall be the duty of the Election Commission to organize and conduct the election and to make such arrangements as are necessary to ensure that the election is conducted honestly, justly, fairly and in accordance with law, and that corrupt practices are guarded against.”

The News recently published a story on the Minsait report, which said the existing i-voting solution for overseas Pakistanis has a number of shortcomings and does not fulfill the constitutional requirement of vote secrecy.

The Spanish audit firm Minsait concluded: “As a result of the in-depth analysis of the existing i-voting solution, the audit team agrees that the system, at the state that has been shared with Minsait, does not fulfill the constitutional requirements of vote secrecy, and neither the voters nor the ECP would have any guarantee that the results obtained from the system represent the choices made by the voter.”

In its 231-page report, recently submitted to the government, the audit firm “strongly recommended” that the existing system be upgraded prior to being used in any election.

It warned that the technologies included by Nadra are outdated and vulnerable and could be exploited by attackers. I-voting would remain a risky affair even if the present system is improved, the report says, arguing that the resulting system would probably be more resilient than the current one but would still fail to give all the guarantees that voters and candidates deserve.

The report’s main concern is how to protect i-voting from external and internal attacks – for example by hackers or system administrators. The system must ensure that the vote is secretly cast against any third party, including system administrators and potential hackers, breaking the conventional security measures protecting the voting platform.