Wednesday, March 25, 2015

PDP accuses APC of planning to rig the election - Read statement



Text of press conference by the Director of Media and Publicity, PDP presidential campaign organization, Femi Fani-Kayode.  

Ladies and gentlemen of the press, It is with a heavy heart that we are compelled to share with the Nigerian public the following sensitive information which we believe, if not handled properly and looked into, is serious enough to affect the outcome of Saturday’s presidential election in a negative way. 
Before we go into detail permit me to make an important assertion which cannot be overstated or over-emphasised. That assertion is as follows: the PDP Presidential Campaign Organisation and our candidate President Goodluck Jonathan are not in the least bit worried about what the outcome of Saturday’selection will be. We believe that we have the backing and full support of the Nigerian people and we believe that we shall not only win but that we shall win convincingly.  
Whatever we share with you here today does not, in anyway, mean that we shall not participate inSaturday’s election or that we are worried about how we will fare. The fact of the matter is that we shall not only participate but we are also very confident of winning. We believe that the Nigerian people will give President Goodluck Jonathan a fresh mandate for the next four years regardless of the shenanigans of the opposition and those that are covertly working for and with them. 

The purpose of this briefing and of sharing the following information with the Nigerian people is simply to ensure that they are fully aware of what is going on and to enable our security and intelligence agencies to ensure that INEC does the right thing, answers some of these questions and put their house in order so that the outcome of the election is not in any way questionable.  

We cannot sit by idly and remain silent when a desperate group of ruthless and greedy little men, in collusion with their friends in the APC, rob the Nigerian people of their historic opportunity to elect a President of their choice. This they intend to do by sitting in a dark room somewhere and rigging the election in the most sophisticated manner even before it holds.  

This is unacceptable and it is incumbent upon us, as a responsible, accountable and sensible campaign organisation to expose the rot, point out the dangers of doing nothing about it, finger and identify those that are involved and call on the authorities to do something about it before it is too late. We shall share this information in good faith and we shall then leave the matter for necessary action by the relevant security agencies and authorities.
 

Our concerns stem from the fact that the moving spirit and a major shareholder and board member of the company that supplied the card reader system and machines to INEC is not only a friend of but also an ardent and keen supporter of General Mohammadu Buhari and the APC. That man's name is Sani Musa and he is indeed the main force behind the company. The company's name is Act Technologies Ltd. and the Chairman of the company is one Engineer SK Danladi.  

How and why INEC would give the contract to supply the card readers to a fanatical APC supporter and to a man whose other company was officially blacklisted by INEC a couple of years ago for sharp practices, needs to be explained. Sani Musa has expressed his undying support for the APC and General Buhari and his hatred and virulent opposition to the PDP and President Goodluck Jonathan openly and publicly on his Facebook wall. Some of his comments on Facebook read as follows: ''I stand with him (Buhari) for whatever reason” and “Imagine the kind of people given spaces in our nation’s news tabloids.  Hoodlums are having field day in Nigeria since the inception of GEJ’s administration.  Mad men, hooligans and vultures have taken over decency of the society.  May Allah save us from the torments of this (sic) rascals and expose their intentions on our nation state be it the Boko Haram, killer militants or by extension those in authority with wicked intentions-Amen.”  Photocopies of his Facebook wall where these comments were made and his picture will be made available at the end of this briefing.     
        

Worst still, it is clear that certain aspects of and electronic components within the card reader system which will be used in Saturday's election have not only been compromised but that the encryption codes and so-called ''master key'' may have been made available to the opposition or their friends and agents. This will enable them to access the system, fabricate and generate fake votes and manipulate the voting patterns to their advantage.  

This constitute a very serious breach of security and it is a criminal offence. It is also very dangerous. Worst still it can easily be carried out successfully because, if done quietly and properly and without any deep scrutiny, it is virtually fool-proof. All you need to make it work is to have certain relevant and key INEC officials that are in the know to work closely with the supplier of the card readers and an opposition party that is so hungry and desperate for power that they are ready to pay large sums of money to their friends and associates to help them get it by hook or by crook. 

We believe that all those components are now in place and that the biggest and most brazen attempt to rig elections in the history of our country will take place on Saturday if the necessary measures are not taken to prevent it. If the conspiracy is not exposed, if the Nigerian people do not rise up and demand answers, if the plan is not intercepted and aborted, if the Chairman of INEC does not answer the relevant questions and take the necessary steps and if the relevant individuals, including Sani Musa and his collaborators and co-conspirators in INEC and the opposition, are not called to order, arrested, interrogated and prosecuted their plan may well succeed. 

In view of this dastardly plan that is in the offing and this unwholesome conspiracy, we call on the party leadership and faithful to direct our supporters and polling agents to be very vigilant at every polling booth and to guard and protect their votes. After voting they should stay at the polling booths to ensure that their votes are counted and that they are not manipulated or changed.                      

Ladies and gentlemen, the facts, the evidence and our recommendations are as follows:         

INEC has concluded plans to utilize its recently acquired Smart Card Readers for the forthcoming presidential elections scheduled for March 28th 2015. INEC has carried out a mock poll to test-run the functionality of the Smart Card Reader in 12 states of the Federation with mixed results.

There is an on-going public debate regarding the pros and cons of the planned Smart Card use by INEC with a number of questions being asked regarding the security vulnerabilities of the technology. 

The purpose of this document is:

  1. To highlight the most serious of such security vulnerabilities that are critical enough to justify a halt in INEC's plans to use the Smart Card Readers for the forthcoming general elections (until such issues are satisfactorily resolved and fully certified as being secured by reputable independent third party security auditors).
  2. To demonstrate that the opposition APC has already secured, through rogue means, an unassailable advantage over the ruling PDP which will most likely result in a resounding electoral victory for it irrespective of PDP’s actions or inactions, in the event that the Smart Card Readers are used for the elections.

  1. To highlight the need for INEC to admit to the security-related failings of its Smart Card Readers implementation under circumstances that will be credible to local and international observers, such that it will become obvious that the use of Smart Card Readers for the forthcoming polls cannot guarantee free, fair and credible elections.
    The major issues that are worthy of consideration are summarized below. Each issue can be readily substantiated by verifiable sources of evidence.
    i. Compromised Master Encryption/Decryption Key: The Master Encryption/Decryption Key that can "unlock" and simulate the PVC data processed by the Smart Card Reader has been compromised.  There is only one copy of the Master Key in Nigeria and it is in the possession of an individual who is a known APC sympathizer/supporter (and also the contractor responsible for the production of PVCs and manufacture of Smart Card Readers for INEC who was already blacklisted by INEC following his inability to deliver ballot papers during the 2011 elections).  The Master Key should rightly be in the possession of INEC, as the neutral umpire, under the most stringent access control protocol imaginable and not freely in the possession of a partisan actor.
    INEC has already expressed concern over intelligence reports that APC has been purchasing VINs (Voter Identification Numbers uniquely identifying each PVC), which can only mean that the Party is already in possession of the Master Key (as the purchase of VINs would otherwise have been a fruitless exercise).
    This has grave implications for the PDP as the opposition APC, armed with the Master Key and sufficient VINs, can actually simulate the same data transmitted from any Smart Card Reader deployed for the elections at will. The situation is even now worsened by the fact that APC no longer has to purchase VINs or PVCs as they can now download the entire VINs directly from the INEC database which they have successfully “hacked” into.
    RECOMMENDATION: INEC should be officially requested to IMMEDIATELY produce the Master Encryption/Decryption Key (before it has the opportunity to cover up this monumental act of negligence).
    ii.    Failure to carry out Independent Security Audit of its IT Infrastructure: Contrary to what the average political commentator thinks, the critical IT infrastructure for the use of the Smart Card Readers by INEC is not necessarily the actual device itself, but the back-end IT infrastructure comprising INEC servers, database, network, personnel and processes. Given the critical nature and purpose of this infrastructure, the standard global best practice is for the organisation to enlist the services of an independent third-party IT Security Audit firm to carry out a comprehensive (and indeed, periodic) Security Audit of its entire end-to-end IT infrastructure and prepare a Security Audit Report which forms the ONLY basis upon which INEC can certify its proposed technology as secure and safe from vulnerabilities that can be exploited by rouge persons/systems.
    There are various internationally-acceptable information security standard certifications that a reliable back-end IT infrastructure like INEC's should pass in order to command public confidence, such as ISO/IEC 27001, ISO 27018, etc. The lack of such security-related certifications simply means that INEC cannot confidently assert that its systems have not been "hacked", compromised or otherwise illegally accessed by unauthorised persons. 
    RECOMMENDATION: INEC should be officially requested to IMMEDIATELY produce a copy of any Security Audit Report independently authored by a reputable and certified third party (before it has the opportunity to cover up this monumental act of negligence).
    If INEC fails to produce a satisfactory Security Audit Report, then it should be compelled to conduct a fresh Security Audit of its entire IT infrastructure which can even be extended to its production/manufacturing facilities in China (indeed the only other copy of the Master Encryption/Decryption Key is in the possession of the Chinese Manufacturers) - this process of auditing cannot possibly be completed before the general elections.
    iii.    Compromised back-end Personnel: Contrary to standard industry practice, INEC opted for the engagement of relatively inexperienced, “suitcase” IT Consulting Companies for the development of its back-end collation and transmission systems and other core server and database applications, using predominantly open source software characterised by publicly-available source code – another major security vulnerability. While significant budgets were made available for this purpose, INEC's choice of "greenhorn" consultants was due to the ridiculously low contract sums paid for these consultancy contracts. The unfortunate consequence of this indiscretion, however, is that the personnel associated with these firms are poorly motivated, ill equipped, poorly supervised and easily compromised. It is, therefore, easily understandable why the opposition APC has been able to compromise INEC's back-end personnel to its advantage.
    RECOMMENDATION: INEC should be officially requested to make public the company profile of the IT Consulting Firms it contracted to develop its back-end IT systems, the Curriculum Vitae of their personnel, their known connections to opposition APC figures as well as the financial details of their associated contracts (vis-a-vis the approved budgets). This will clearly prove the lack of credibility of INEC's critical back-end systems.
    iv.    Millions of Unprinted PVCs: Contrary to the public perception that INEC has virtually completed the production of PVCs, the true situation is that, as at last week, INEC was yet to take delivery of over 2 million PVCs that were yet to be produced by the contractor, Act Technologies. It is not certain that the production of these PVCs will be completed before the presidential elections scheduled for March 28th 2015. It is, therefore, obvious that a significant number of eligible voters will definitely be disenfranchised in the process.
    RECOMMENDATION: INEC should be officially requested to invite stakeholders to an impromptu visit of the PVC production facility of ACTS Technologies in Ganges Street, Maitama, Abuja to observe, first hand, the on- going production process and take stock of the current and outstanding inventories in a transparent manner.

Absence of Quality Control (QC) Measures and Defective PVC Deliverables: INEC has failed to put in place reasonable Quality Control (QC) measures for the PVCs delivered to it by the contractor - ACTS Technologies. The implication of this procedural loophole is that INEC had and still has no way of determining the extent of "defects" in the supplied PVCs. 
This became most apparent during the recently-concluded mock polls in which a variety of very serious, but avoidable, problems were experienced during the exercise, including PVCs with absent fingerprint data; PVCs with poor picture quality; PVCs with mismatched data (i.e. encoded data different from printed data); Card Readers with low battery lifespan etc. INEC has deliberately hidden the extent of these problems from the general public as there would have been considerable outrage if the scope of the challenges is made known. 
 
Furthermore, nobody in INEC can reliably predict the likely percentage of defective PVCs that have already been distributed until during the actual election itself. If the percentage is significant and more concentrated to specific geographic locations, as is being suspected, then it is no doubt a recipe for disaster - as it can fuel electoral violence of immense proportions. 
If, however, INEC steps down the use of Smart Card Readers, then the aforementioned “defects” will become irrelevant as the PVCs will then be used as regular Voter Cards without the added complication of authenticating the encoded data. 
 
RECOMMENDATION: INEC should be officially requested to IMMEDIATELY produce its Quality Control Policy with respect to PVC and Smart Card Reader deliverables.
INEC should also be officially requested to make public the detailed report of its mock poll exercise and its forecast of the probable extent of defective PVCs during the general elections. 
I thank you all for your attention.

No comments:

Post a Comment