, NAIROBI, Kenya, Aug 30 – A report on compliance with the Supreme Court Order granting applicants in the 2017 presidential petition a read-only access to servers at the Independent Electoral and Boundaries Commission (IEBC) suggests that some directives could not be fully complied with due to cyber security concerns.
The report filed Tuesday by two ICT experts appointed by the court as well as Judiciary staff indicates that IEBC technology experts advised that information on firewall configuration could not be realised without compromising the security of the servers.
“IEBC provided a schematic diagram and hardware model. They were not willing to provide configuration of the internal or external firewall as this will compromise the security of their system. They said configurations of both internal and external servers were identical; hence disclosing one will compromise the other,” noted IT experts Prof Elijah Omwenga and Joel Sevilla as well as Janet Kadenyi who is identified as a Judiciary technology staff.
Certificates of penetration on the election technology were also found not to be certified in accordance with election regulation number 10 of 2017 making it difficult for parties to agree on the admissibility of the same.
Lawyers representing the third respondent – President Uhuru Kenyatta – however agreed that there was need to have the certificates certified by the IEBC as required by law even as the Commission provided the petitioners with hard copies.
According to the post-assessment review, the provision of GPRS locations for Kenya Integrated Election Management System (KIEMS) kits was also not forthcoming, GPS locations of the 40,883 polling stations across the country being provided instead.
There was also difficulty in accessing logs within the servers despite the provision of live access to the servers on Tuesday afternoon.
According to the trio, IEBC provided pre-downloaded logs in a hard disk, an offer declined by the petitioners who demanded direct access to logs from the servers.
“The first respondent (IEBC) was to demonstrate that the logs came from the servers by allowing all parties have a read-only access and to copy the logs. Alternatively, the first respondent could access the information in the presence of the petitioners as and when requested,” the report noted while holding that the live access provided by the Commission at 3:15 pm on Tuesday yielding no ability for accessibility of the said logs to IEBC systems.
In general, directives touching on IEBC operating systems, password policy, password matrix, system user types and access levels, technology system redundancy plan, as well as station allocation for KIEMS kits were complied with according to the report.
In conclusion, however, the report notes that partial access to servers with a copying capability became available at 5:30pm after IEBC managed to address a host of technical challenges.
Technology concerns at the time were centered around connectively hitches while accessing the clouds, as well security protection measures bearing in mind the nation is still in an electioneering period and the setting up of a Virtual Private Network (VPN) tunnel to the servers.
At this point, the report says, IEBC had indicated its willingness to provide a more comprehensive access if granted more time.
Supreme Court Judges retired Tuesday night following a two-day hearing session from the petitioners, the respondents, interested parties and amicus curiae, paving way for a ruling on the matter on Friday this week.