Alleged hack of Kenya’s Biometric Voter Registration system denied by electoral agency

Kenya’s Independent Electoral and Boundaries Commission (IEBC) Chief Wafula Chebukati has rejected claims that the country’s Biometric Voter Registration (BVR) system was hacked and the data of thousands of voters stolen.

According to Capital News, the reaction from the IEBC Chairperson comes on the heels of a report by the Directorate of Criminal Investigations (DCI) that a 21-year-old has been arrested on suspicion of hacking into the system and obtaining the personal data of 61,167 registered voters in a County in the western part of the country.

In his rebuttal, the IEBC boss argued that the biometric system is too secure to be infiltrated, adding that the system has never been tampered with since it was installed nearly ten years ago.

“The BVR has been designed to have its own isolated network, set of servers as well as user account directory to ensure integrity, confidentiality and high availability,” Capital News cited an IEBC statement as saying.

Another local media outlet, Nation, quoted Chebukati as saying on the matter: “Since installation and commissioning of the system eight years ago, the BVR system that hosts the register of voters used during elections has never been hacked because the servers are not connected to the open internet. In addition, the rest of the commission’s entire internal network is behind a high security firewall system.”

The IEBC Chairperson added that the data found in the possession of the arrested suspected could well have been hacked from third parties that had lawfully obtained it. This, he said, is possible because the IEBC processes several requests from entities asking for voter data for specific electoral areas. He adds that this is done for a fee and with the guarantee that personally identifiable information of those concerned is not compromised, Capital News notes.

The data included names, ID numbers and dates of birth, according to Nation, but not biometrics.

The arrested suspect, whose only name was given as Kiprop, is said to be the kingpin behind a high tech mobile criminal network responsible for swindling millions of Shillings from users and agents of popular regional mobile money service M-Pesa.

In 2017, there were similar claims that Kenya’s BVR system had been hacked. But the reports were debunked by OT-Morpho, the company that provided devices for the biometric voter registration at the time.

Article Topics

access management  |  Africa  |  biometric data  |  biometrics  |  data protection  |  elections  |  Kenya  |  privacy  |  voter registration