Ladies and gentlemen of the press,Before we go into detail permit me to make an important assertion which cannot be overstated or over-emphasised. That assertion is as follows: the PDP Presidential Campaign Organisation and our candidate President Goodluck Jonathan are not in the least bit worried about what the outcome of Saturday’s election will be. We believe that we have the backing and full support of the Nigerian people and we believe that we shall not only win but that we shall win convincingly.
It is with a heavy heart that we are compelled to share with the Nigerian public the following sensitive information which we believe, if not handled properly and looked into, is serious enough to affect the outcome of Saturday’s presidential election in a negative way.
Whatever we share with you here today does not, in anyway, mean that
we shall not participate in Saturday’s election or that we are worried about
how we will fare. The fact of the matter is that we shall not only participate
but we are also very confident of winning. We believe that the Nigerian people
will give President Goodluck Jonathan a fresh mandate for the next four years
regardless of the shenanigans of the opposition and those that are covertly
working for and with them.
The purpose of this briefing and of sharing the following
information with the Nigerian people is simply to ensure that they are fully
aware of what is going on and to enable our security and intelligence agencies
to ensure that INEC does the right thing, answers some of these questions and
put their house in order so that the outcome of the election is not in any way
questionable.
We cannot sit by idly and remain silent when a desperate group of
ruthless and greedy little men, in collusion with their friends in the APC, rob
the Nigerian people of their historic opportunity to elect a President of their
choice. This they intend to do by sitting in a dark room somewhere and rigging
the election in the most sophisticated manner even before it holds.
This is unacceptable and it is incumbent upon us, as a
responsible, accountable and sensible campaign organisation to expose the rot,
point out the dangers of doing nothing about it, finger and identify those that
are involved and call on the authorities to do something about it before it is
too late. We shall share this information in good faith and we shall then leave
the matter for necessary action by the relevant security agencies and
authorities.
Our concerns stem from the fact that the moving spirit and a major
shareholder and board member of the company that supplied the card reader
system and machines to INEC is not only a friend of but also an ardent and keen
supporter of General Mohammadu Buhari and the APC. That man's name is Sani Musa
and he is indeed the main force behind the company. The company's name is Act
Technologies Ltd. and the Chairman of the company is one Engineer SK
Danladi.
How and why INEC would give the contract to supply the card
readers to a fanatical APC supporter and to a man whose other company was
officially blacklisted by INEC a couple of years ago for sharp practices, needs
to be explained. Sani Musa has expressed his undying support for the APC and
General Buhari and his hatred and virulent opposition to the PDP and President
Goodluck Jonathan openly and publicly on his Facebook wall. Some of his
comments on Facebook read as follows: ''I
stand with him (Buhari) for whatever reason” and “Imagine the kind of people given spaces in our nation’s news
tabloids. Hoodlums are having field day
in Nigeria since the inception of GEJ’s administration. Mad men, hooligans and vultures have taken
over decency of the society. May Allah
save us from the torments of this (sic) rascals and expose their intentions on
our nation state be it the Boko Haram, killer militants or by extension those
in authority with wicked intentions-Amen.” Photocopies of his Facebook wall where these
comments were made and his picture will be made available at the end of this
briefing.
Worst still, it is clear that certain aspects of and electronic
components within the card reader system which will be used in Saturday's
election have not only been compromised but that the encryption codes and
so-called ''master key'' may have been made available to the opposition or
their friends and agents. This will enable them to access the system, fabricate
and generate fake votes and manipulate the voting patterns to their
advantage.
This constitute a very serious breach of security and it is a
criminal offence. It is also very dangerous. Worst still it can easily be
carried out successfully because, if done quietly and properly and without any
deep scrutiny, it is virtually fool-proof. All you need to make it work is to
have certain relevant and key INEC officials that are in the know to work
closely with the supplier of the card readers and an opposition party that is
so hungry and desperate for power that they are ready to pay large sums of
money to their friends and associates to help them get it by hook or by
crook.
We believe that all those components are now in place and that the
biggest and most brazen attempt to rig elections in the history of our country
will take place on Saturday if the necessary measures are not taken to prevent
it. If the conspiracy is not exposed, if the Nigerian people do not rise up and
demand answers, if the plan is not intercepted and aborted, if the Chairman of
INEC does not answer the relevant questions and take the necessary steps and if
the relevant individuals, including Sani Musa and his collaborators and
co-conspirators in INEC and the opposition, are not called to order, arrested,
interrogated and prosecuted their plan may well succeed.
In view of this dastardly plan that is in the offing and this
unwholesome conspiracy, we call on the party leadership and faithful to direct
our supporters and polling agents to be very vigilant at every polling booth
and to guard and protect their votes. After voting they should stay at the
polling booths to ensure that their votes are counted and that they are not
manipulated or changed.
Ladies and gentlemen, the facts, the evidence and our
recommendations are as follows:
INEC has concluded plans to utilize its recently
acquired Smart Card Readers for the forthcoming presidential elections
scheduled for March 28th 2015. INEC has carried out a mock poll to test-run the functionality of
the Smart Card Reader in 12 states of the Federation with mixed results.
There is an on-going public debate regarding the
pros and cons of the planned Smart Card use by INEC with a number of questions
being asked regarding the security vulnerabilities of the technology.
The purpose
of this document is:
- To highlight the most serious of such security vulnerabilities that are critical enough to justify a halt in INEC's plans to use the Smart Card Readers for the forthcoming general elections (until such issues are satisfactorily resolved and fully certified as being secured by reputable independent third party security auditors).
- To demonstrate that the opposition APC has already secured, through rogue means, an unassailable advantage over the ruling PDP which will most likely result in a resounding electoral victory for it irrespective of PDP’s actions or inactions, in the event that the Smart Card Readers are used for the elections.
- To highlight the need for INEC to admit to the security-related failings of its Smart Card Readers implementation under circumstances that will be credible to local and international observers, such that it will become obvious that the use of Smart Card Readers for the forthcoming polls cannot guarantee free, fair and credible elections.The major issues that are worthy of consideration are summarized below. Each issue can be readily substantiated by verifiable sources of evidence.i. Compromised Master Encryption/Decryption Key: The Master Encryption/Decryption Key that can "unlock" and simulate the PVC data processed by the Smart Card Reader has been compromised. There is only one copy of the Master Key in Nigeria and it is in the possession of an individual who is a known APC sympathizer/supporter (and also the contractor responsible for the production of PVCs and manufacture of Smart Card Readers for INEC who was already blacklisted by INEC following his inability to deliver ballot papers during the 2011 elections). The Master Key should rightly be in the possession of INEC, as the neutral umpire, under the most stringent access control protocol imaginable and not freely in the possession of a partisan actor.INEC has already expressed concern over intelligence reports that APC has been purchasing VINs (Voter Identification Numbers uniquely identifying each PVC), which can only mean that the Party is already in possession of the Master Key (as the purchase of VINs would otherwise have been a fruitless exercise).This has grave implications for the PDP as the opposition APC, armed with the Master Key and sufficient VINs, can actually simulate the same data transmitted from any Smart Card Reader deployed for the elections at will. The situation is even now worsened by the fact that APC no longer has to purchase VINs or PVCs as they can now download the entire VINs directly from the INEC database which they have successfully “hacked” into.RECOMMENDATION: INEC should be officially requested to IMMEDIATELY produce the Master Encryption/Decryption Key (before it has the opportunity to cover up this monumental act of negligence).ii. Failure to carry out Independent Security Audit of its IT Infrastructure: Contrary to what the average political commentator thinks, the critical IT infrastructure for the use of the Smart Card Readers by INEC is not necessarily the actual device itself, but the back-end IT infrastructure comprising INEC servers, database, network, personnel and processes. Given the critical nature and purpose of this infrastructure, the standard global best practice is for the organisation to enlist the services of an independent third-party IT Security Audit firm to carry out a comprehensive (and indeed, periodic) Security Audit of its entire end-to-end IT infrastructure and prepare a Security Audit Report which forms the ONLY basis upon which INEC can certify its proposed technology as secure and safe from vulnerabilities that can be exploited by rouge persons/systems.There are various internationally-acceptable information security standard certifications that a reliable back-end IT infrastructure like INEC's should pass in order to command public confidence, such as ISO/IEC 27001, ISO 27018, etc. The lack of such security-related certifications simply means that INEC cannot confidently assert that its systems have not been "hacked", compromised or otherwise illegally accessed by unauthorised persons.
RECOMMENDATION: INEC should be officially requested to IMMEDIATELY produce a copy of any Security Audit Report independently authored by a reputable and certified third party (before it has the opportunity to cover up this monumental act of negligence).If INEC fails to produce a satisfactory Security Audit Report, then it should be compelled to conduct a fresh Security Audit of its entire IT infrastructure which can even be extended to its production/manufacturing facilities in China (indeed the only other copy of the Master Encryption/Decryption Key is in the possession of the Chinese Manufacturers) - this process of auditing cannot possibly be completed before the general elections.iii. Compromised back-end Personnel: Contrary to standard industry practice, INEC opted for the engagement of relatively inexperienced, “suitcase” IT Consulting Companies for the development of its back-end collation and transmission systems and other core server and database applications, using predominantly open source software characterised by publicly-available source code – another major security vulnerability. While significant budgets were made available for this purpose, INEC's choice of "greenhorn" consultants was due to the ridiculously low contract sums paid for these consultancy contracts. The unfortunate consequence of this indiscretion, however, is that the personnel associated with these firms are poorly motivated, ill equipped, poorly supervised and easily compromised. It is, therefore, easily understandable why the opposition APC has been able to compromise INEC's back-end personnel to its advantage.RECOMMENDATION: INEC should be officially requested to make public the company profile of the IT Consulting Firms it contracted to develop its back-end IT systems, the Curriculum Vitae of their personnel, their known connections to opposition APC figures as well as the financial details of their associated contracts (vis-a-vis the approved budgets). This will clearly prove the lack of credibility of INEC's critical back-end systems.iv. Millions of Unprinted PVCs: Contrary to the public perception that INEC has virtually completed the production of PVCs, the true situation is that, as at last week, INEC was yet to take delivery of over 2 million PVCs that were yet to be produced by the contractor, Act Technologies. It is not certain that the production of these PVCs will be completed before the presidential elections scheduled for March 28th 2015. It is, therefore, obvious that a significant number of eligible voters will definitely be disenfranchised in the process.RECOMMENDATION: INEC should be officially requested to invite stakeholders to an impromptu visit of the PVC production facility of ACTS Technologies in Ganges Street, Maitama, Abuja to observe, first hand, the on- going production process and take stock of the current and outstanding inventories in a transparent manner.
Absence
of Quality Control (QC) Measures and Defective PVC Deliverables: INEC has failed to put in place reasonable Quality
Control (QC) measures for the PVCs delivered to it by the contractor - ACTS Technologies.
The implication of this procedural loophole is that INEC had and still has no
way of determining the extent of "defects" in the supplied PVCs.
This became most apparent during the recently-concluded
mock polls in which a variety of very serious, but avoidable, problems were
experienced during the exercise, including PVCs with absent fingerprint data;
PVCs with poor picture quality; PVCs with mismatched data (i.e. encoded data
different from printed data); Card Readers with low battery lifespan etc. INEC
has deliberately hidden the extent of these problems from the general public as
there would have been considerable outrage if the scope of the challenges is
made known.
Furthermore, nobody in INEC can reliably predict
the likely percentage of defective PVCs that have already been distributed
until during the actual election itself. If the percentage is significant and
more concentrated to specific geographic locations, as is being suspected, then
it is no doubt a recipe for disaster - as it can fuel electoral violence of
immense proportions.
If, however, INEC steps down the use of Smart Card
Readers, then the aforementioned “defects” will become irrelevant as the PVCs
will then be used as regular Voter Cards without the added complication of
authenticating the encoded data.
RECOMMENDATION: INEC should be officially requested to IMMEDIATELY
produce its Quality Control Policy with respect to PVC and Smart Card Reader
deliverables.
INEC should
also be officially requested to make public the detailed report of its mock
poll exercise and its forecast of the probable extent of defective PVCs during
the general elections.
I thank you all for your attention.
No comments:
Post a Comment