The issue about the server has refused to go away. Nasa has stated time and time again that IEBC refused to open it during the petition hearing, and has even today failed to comply.
IEBC has however continued to insist that the server was opened. On Wednesday night, CEO Ezra Chiloba appeared on Jeff Koinange Live, where he reiterated that IEBC opened the server, although it took longer than was expected. He said that access was granted just 2 hours before the court deadline, adding that if there was more time, perhaps a more careful analysis would have been conducted by all parties.
As expected, Nasa politicians and supporters took to social media to accuse Chiloba of lying. They insisted that the server was never opened and still has not.
But where lies the truth?
This is an emotive issue that is made worse by the general lack of IT expertise. I happen to have some IT background and I’ve observed the matter keenly since the Supreme Court hearings.
First thing I know with certainty is that it is completely untrue that the server was never opened. In fact, Nasa leaders and lawyers inadvertently confirm everyday that indeed access was granted.
Every time Orengo or Nasa state that Chebukati’s account was used to conduct transactions 9000+ times, or Jubilee chief agent Davis Chirchir account being used in a similar way, it is simply a confirmation that the ‘server was opened’.
Indeed the kind of transaction records, login trails, logs etc. that Nasa so often describes in detail, can only have been found inside the server.
It is possible that not every box on the court’s order was ticked, but it is false to state with finality that the server was never opened.
But even if it was opened, it took longer than the average guy could have expected. The argument presented by IEBC lawyer Paul Muite was that the company is based in Europe and the time difference had brought in some complications.
To me, this was a very pedestrian explanation, and in future I would love to see actual IT experts giving explanations. I don’t know if the law allows for expert witnesses, but in this case I believe it would have cleared a lot of air.
The general expectation would be that a login should take only a few seconds. This has been repeated over and over on social media.
Here’s a Tweet by Kenya Atheist chairman Harrison Mumia, that got a lot of love from Nasa supporters.
Chiloba STOP lying.
Cloud based systems only needs IP Addresses. Opening still takes less than 5 seconds.
Cmon! Stop the lies!#JKLive
— Harrison Mumia (@harrisonmumia) October 4, 2017
Mumia’s tweet is wrong on several levels. For instance, even on the basic level (what I suspect he is describing), you also require a username, password and port number. And you will need very fast fingers to log in within 5 seconds.
That is the most basic form of security protection, and I don’t honestly believe an election system can be that loose.
OT-Morpho is a security and identity company, specializing in bio-metrics and other security system. Their revenue last year alone stood at $3.5 billion (Sh350 billion).
If such a huge company took our money and designed a system that can be merely accessed via a username and password, I think we should demand a refund. But I don’t think this was the case.
I am not privy to the technical specifications, but in my understanding, an election result transmission system should be given the highest levels of security. Especially in a country like ours where the stakes are so high.
It is my belief that IEBC gave OT Morpho a task to design and build a system that would be nearly impossible to infiltrate. And this is important… Not just for outsiders, but also for OT Morpho themselves.
In essence, IEBC told Morpho to build a house, lock the door and throw away the key.
This is a common sense security protocol because you don’t want anyone manipulating the raw data. Even the French are humans and can be compromised too.
Remember, this is not an off the shelf system. It was conceptualized, designed and built from scratch and took many months to complete. It is therefore my assumption that OT Morpho implemented multiple layers of security.. firewalls, encryption etc. Meaning anyone who wanted to access the raw data must bypass all this.
And remember the so called key has already been thrown away.
That’s where I find Harrison Mumia’s 5 second login suggestion laughable.
I’m sure you’ve watched a movie or TV show involving the FBI or some agency. Often, they encounter hard drives or computers with encrypted data. What they do is run a decryption software to ‘unlock’ the device or computer.
Sometimes, depending on the level of encryption, this software can run for hours, days or even weeks before accomplishing its task.
This is in a nutshell the basis of cryptography (encryption/decryption). It is not designed to be easy.
Actually, if you read online forums, you’ll hear of people whose hard drive decryption software ran for hours or days and still came back empty.
Basically, the key been sought is hundreds or thousands of digits/characters long. And every single character must be right.
In my opinion, if the level of security was as it should be on an election result system, it is a miracle OT Morpho even beat the court deadline.
The biggest lesson learnt, according to me is that in future, an IT expert from the service provider should come and explain to the court the complexities of the situation. Lawyers have no business understanding IT jargon.
So to go back to the title. How long should it take to open an IEBC server?
Well, this depends on the layers of security; level of encryption, number and complexity of firewalls and other possibly patented security features. Also, whether the client gave an allowance for a backdoor or not.
It would therefore be impossible to state how long ‘opening the server’ should take. What can only be given is an estimate, based on the security features implemented, and of course the computing power of the company involved.