General News
Protecting our elections in Cybersphere: EC alone cannot ensure the security and integrity of our elections
Published
6 months agoon
By
Melody 911FMThis article aims to emphasise that the Electoral Commission (EC) alone cannot protect our elections in 2024 due to the sophisticated and varied cyber threats we face. As cyber-attack techniques have become increasingly advanced, the geopolitical interest in West Africa has also intensified. Given the current context, world powers would understandably seek to exploit elections in former colonial countries, particularly in the West Africa subregion, to achieve their national interests.
Moreover, the intense competitive nature of our internal politics makes it difficult to unite key stakeholders especially the political parties to act from a unified front, as actions of nation-state actors may benefit one party over another. This complexity underscores that the EC alone cannot ensure the integrity of the elections. Therefore, the EC should not appear to be dismissive when key stakeholders, particularly parliament, political parties, or CSOs, raise concerns about its conduct. The EC needs the buy-in of all stakeholders if we, as a nation, want to have a chance against determined nation-state actors. We also need to be able to recover quickly from a possible cyber-attack, and this can only be done calmly if there is a united stakeholder group behind the EC.
The EC should reach out to key stakeholders particularly the dominant political parties, the NCCE, the Council of State, the Forces, relevant Ghanaian CSOs, Ghanaian Private Security Firms, Parliament, Ghanaian security researchers and others to solicit their assistance and cooperation. The EC should set up an Elections RISK Management Task Force incorporating the stakeholders with the single purpose of protecting our elections against nation-state actors in 2024. This is the year when cyber-attack techniques reach a sophisticated level never seen before and geopolitical competition for influence is at the most aggressive and dangerous. At the same time, our politics has never been as partisan. A comprehensive Risk Register should be developed and published even if with some redactions. In my view, our electoral system appears to be vulnerable to cyber-attacks as are many other systems worldwide.
BVDs and the Reference Threshold issue
The introduction of biometric devices into Ghana’s electoral framework in 2012 was a response to numerous challenges that had plagued the electoral process in previous elections. Before their introduction, allegations of voter register inflation, double voting, vote suppression, procedural opacity, and ballot stuffing seriously undermined the integrity of our elections.
The integration of biometric devices aimed to address these concerns, ushering in an era of enhanced scrutiny and technological advancement in Ghana’s electoral processes. Despite this significant milestone effort, the efficacy of the biometric system in resolving these perennial issues has been mixed.
Notably, before 2012, to my knowledge, the Supreme Court had not been involved in settling election petitions. However, since the adoption of biometric technology, two out of the three elections (2012 and 2020) have required Supreme Court intervention, highlighting ongoing challenges within the electoral process.
While it’s crucial not to solely attribute dissatisfaction with election outcomes to biometric devices, their implementation hasn’t entirely mitigated pre-existing grievances. Moreover, as computer devices, these biometric devices natively inherit vulnerabilities common to all computing devices. Contextual factors surrounding their usage also introduce additional vulnerabilities, necessitating a comprehensive evaluation of their efficacy and security in Ghana’s electoral framework.
The introduction of biometric devices has opened new avenues for exploitation by various criminals, especially those who are adept in digital manipulation or those who have access to skilled hackers. For instance, vote suppression can be facilitated by manipulating the device’s reference threshold. By adjusting this threshold, perpetrators can influence the False Acceptance Rate (FAR) or False Rejection Rate (FRR) of the device.
The reference threshold is a critical factor in the biometric verification process and plays a significant role in determining a device’s effectiveness. This threshold is also a key consideration in the bidding process for such devices, but it presents a potential attack vector for cybercriminals. A high FRR leads to prolonged verification processes, resulting in voter frustration and potentially causing voters to leave polling stations without casting their votes due to long queues and slow processing times. Conversely, manipulating the reference threshold to produce a high FAR could allow ineligible individuals to vote by reducing the number of rejections, thus enabling those who should have been rejected to cast votes.
To mitigate these risks, the threshold should be configured to balance security and convenience. An optimally balanced FAR and FRR, known as the Equal Error Rate (EER), ensures that the system is both secure and user-friendly. However, if the verification function of the biometric verification device (BVD) system is disabled, it provides maximum convenience for voters but poses a significant fraud risk. While not necessarily malicious, disabling or manipulating this function undermines the security of the voting process, highlighting the need for a careful balance between ease of use and robust security measures.
Vulnerabilities and Threats
Some examples of the potential vulnerabilities and threats that need to be considered due to the integration of biometric devices into the electoral process include:
- Disgruntled or Criminal Insiders
Individuals with legitimate access to the systems, such as election officials or IT personnel, could potentially tamper with BVD verification if they have the necessary permissions and access rights. Malicious configuration of a BVD can be executed either centrally over the network or at the endpoint. Employees with administrative or system privileges can manipulate devices or cause them to malfunction. Samuel Adams and William Asante of GIMPA, in their June 2019 paper “Biometric Election Technology, Voter Experience And Turnout In Ghana,” indicate that “machine malfunction facilitated election fraud, including overvoting and ballot stuffing, especially where election observers were not present.” This was with reference to the 2012 elections. Other sources similarly associate device malfunction with higher incidences of election fraud, but readers are encouraged to verify these claims independently.
Insiders can also act on behalf of external sponsors (Ghanaian or foreign). These insiders can exfiltrate data or perform actions on behalf of their sponsors. For example, they might plant malware that provides access to the EC systems, allowing the manipulation of voter data and interference with the configuration settings of devices and software. Insider attackers may not always be criminals but could be disgruntled individuals with political or personal grievances, akin to Edward Snowden and Chelsea Manning, who leaked classified US data. IT consultants on hire by the EC also fall into the category of insiders and could maliciously infect the EC’s systems on behalf of their sponsors.
2. Supply Chain Attacks
A particularly insidious type of attack is the supply chain attack, where vulnerabilities are introduced through compromised equipment and software supplied by third parties. A notable example was the SolarWinds Orion platform attack, which affected numerous US government departments and major technology companies, including Microsoft and Intel. The recent XZ Utils attack is another example of a supply chain attack. XZ Utils is a suite of software tools which includes a very popular software compression tool.
3. Denial of Service (DoS) Attacks
Criminal attackers could overwhelm the EC verification system with excessive requests, causing it to crash or become unresponsive, effectively disabling biometric verification. Attackers could also throttle internet bandwidth. These acts could engineer forced device failure, facilitating election fraud associated with machine malfunctions.
4. Power Outages and Internet Infrastructure Breakdown
The reliance on biometric devices means that power outages and internet infrastructure breakdowns, such as damage to subterranean fibre optic cables, pose significant risks to the electoral process.
5. Activities of Political Parties
Political parties might employ hackers or leverage sympathizers with the necessary skills to infiltrate the EC’s systems, steal data or deploy malware that grants remote access. This access could be used to manipulate biometric verification templates or manipulate devices in specific electoral areas. Additionally, political parties could steal voter names and contact details to launch targeted deepfake attacks. If a political party acquires the full voter register and with contact details well ahead of official publication, that political party acquires an unfair advantage. In addition, a successful attack could also be deliberately publicised by the attackers as a tactic to undermine confidence in the election process.
6. Hacktivists
Hacktivists are local or international groups who use hacking to promote political or social causes. While their actions are often driven by ideological motivations rather than personal gain, their actions are considered illegal. Hacktivists may target countries with poor human rights records or organizations engaging in unethical behaviour. One of the most well-known hacktivist groups is the Anonymous group, which conducts cyber-attacks to advance various political and social causes, often targeting government entities and corporations. Anonymous is believed to have supported political activists in Tunisia and Egypt and supported WikiLeaks in the past.
7. Nation-State Actors
West Africa, particularly the Sahel region, has experienced a series of coups in recent years, leading to significant shifts in geopolitical influence. Countries such as Mali, Burkina Faso, Niger and Guinea have seen their governments overthrown, disrupting established political dynamics and creating opportunities for imperialist powers to lose or assert their influence. This geopolitical shift appears to have benefited Russia and China, while traditional Western powers such as the US and France have seemingly lost some of their foothold in the region.
Elections in the neighbourhood of these countries are therefore of considerable interest to external actors, as they seek opportunities to shape political outcomes in favour of their strategic interests. Nation-state actors may seek to influence our elections through various means, including cyber-attacks, disinformation campaigns, and financial or political support for certain candidates or parties.
Nation-state actors can target digital grids used to manage critical infrastructure such as traffic light systems, electricity networks, banking operations, air traffic control systems, military systems, and electoral systems. These attacks aim to steal sensitive data and sabotage systems to malfunction. In the case of the Stuxnet attack in Iran, physical damage to centrifuges was also caused.
Nation-state actors pose the greatest threat to our democracy through their dominance in cyberspace. For example, cyber experts believe that no other threat-actor group could have pulled off the SolarWinds Orion, XZ Utils, or Iran Stuxnet attacks due to the substantial resources, time, and effort required for these operations. These attacks are usually executed by malware that is implanted over a prolonged period and can stay in apparent incubation over long periods sometimes lasting years. This long-term gameplay known as Advanced Persistent Threat (APT) is mostly associated with nation-state actors. Could our systems already have APTs lurking in them?
8. Global Context of Elections Cybercrime
There have been cyber-attacks against elections worldwide, highlighting the global nature of this issue. For instance, the 2016 US presidential election saw significant interference attributed to foreign actors from Russia by Western analysts. Similarly, the 2017 French presidential election experienced cyber-attacks targeting Emmanuel Macron’s campaign. The 2019 European Parliament elections were also subjected to various cyber threats, partially attributed to North Korea.
This year, cyber-attack techniques appear to have reached a new level of sophistication and are being deployed with unprecedented aggression. For example, the ongoing 2024 general elections in India have been marred by sophisticated phishing attacks and ransomware targeting election officials and critical infrastructure. During the Brazilian municipal elections in November 2020, coordinated denial-of-service attacks disrupted voter registration systems, leading to significant delays in announcing results and causing considerable confusion. The failure of some election computers in the 2023 elections in Nigeria led to allegations of forced server malfunction to aid in the fraudulent tallying of results.
Cybersecurity experts have also warned of increasing attempts to exploit vulnerabilities in online voting systems, as happened in the Estonian local elections in 2021 where attackers tried to manipulate digital voting platforms. These incidents underscore the evolving nature of cyber threats, with attackers employing more advanced techniques such as deepfake videos to spread disinformation. For example, in recent election campaigns, deepfake videos have been used to create realistic but fake speeches or statements from political candidates, aimed at misleading voters and undermining trust in the electoral process. These sophisticated cyber-attacks highlight the urgent need for robust security measures and public awareness to protect the integrity of elections and the democratic process.
The maturation of these cyber-attack techniques means that election security must now contend with not only traditional threats but also highly sophisticated, coordinated digital assaults. This calls for robust cybersecurity measures, continuous monitoring, extensive logging and above all stakeholder cooperation to safeguard the integrity of our elections.
The EC and Stakeholders
It should not be left to only the EC to ensure the integrity of our elections, nor should the EC seek to exclude key stakeholders from the security planning processes towards the 2024 elections.
The EC alone cannot defend our electoral system against cyber-attacks mounted by cyber criminals, especially nation-state actors.
So, what should we, as a nation, do to protect Ghana’s electoral system and our elections, especially in this year of heightened international interest for geopolitical reasons? This year, in 2024, it can be assumed with high confidence that the so-called world powers would seek to influence every election for geopolitical reasons.
In my view, it is a question of protecting our sovereignty. Our mindset should be as if we were facing a physical military threat or as if we were confronting a more aggressive form of COVID. However, unlike a military threat, which would automatically unite all citizens in comradely cooperation, the cyber enemy is invisible, lacks a clear name and its aims are difficult to explain.
However, the seriousness of the threat remains. Our biggest shield against this threat in my view lies in our ability and willingness to cooperate. We should defend in great depth as we ensure that all our flanks are covered. In my view, it is the EC that can act to bring about this cooperation. Involving stakeholders in the planning and implementation of election security measures is vital for ensuring the integrity, transparency, and trustworthiness of the electoral process. By leveraging the diverse expertise, perspectives, and resources of various stakeholders, the EC can develop comprehensive and effective security strategies that address the full spectrum of potential threats and vulnerabilities. This collaborative approach not only enhances the security of biometric verification devices but also strengthens the overall resilience of the election digital infrastructure, fostering public confidence and trust in our democratic processes.
Poor Cyber Hygiene
As a final point, in my view, the Electoral Commission (EC) has been compelled to disclose extensive details about the election devices and their integration into the election process when responding to public demands for accountability. Consequently, the public including security researchers of the nefarious kind has confirmed that the EC hires generators to address power outages. Listeners and viewers of any news channel in the past few weeks also now know that the EC uses USB drives for temporary data processing and server synchronisation. Additionally, we have learned that biometric verification devices (BVDs) require activation before use, necessitating an activation code. We even know that the serial number of a BVD is a required input to generate the activation code. This code can be generated elsewhere on another EC system and then applied to the device in question. Most of this information was gratuitously provided by the EC and is not harmless from a cyber security perspective. This article neither touches on the baffling issue of the auctioned BVDs, nor the amazing, forced admission by the EC that some BVD kits are missing or lost and are believed stolen.
In my view, the hygiene in the EC’s cyberspace could be better. Noticeably poor cyber hygiene within an organization is often seen as an open invitation for hackers, especially nation-state actors, to probe for vulnerabilities.
Detailed information that could be exploited by hackers should remain confidential and be shared only on a need-to-know basis to protect the security and integrity of the electoral process.
The reader may note that I am aware of the existence of IPAC, the stakeholder group.
Ensuring that critical operational details remain secure while upholding transparency and accountability is a balance that the EC must strive to achieve. This balance is essential to protect our electoral process from potential threat actors while maintaining public trust and confidence. The most efficient and sensible way to achieve this is through stakeholder cooperation and participation in the security arrangements of the electoral processes. The spectre of the nation-state actors must concern all Ghanaians, but the most efficient and effective way for nation-state actors to achieve their goals is to compromise insiders into doing their bidding. The existence of a united stakeholder group will help mitigate some exploitative possibilities for would-be nation-state actors.
So, the EC must properly engage the NPP and NDC, the only two parties with seats in parliament that have realistic chances of producing a winning presidential candidate in the 2024 elections.
Finally
The EC must acknowledge the challenging historical context in which it operates. Recognising these difficulties will be a positive first step.
The maturity of the EC will be judged, in part, on its ability to bring key stakeholders together. The nation’s elections, democracy, and perhaps its future once again depend on the EC, as they did in March 1978 when the UNIGOV referendum was held. On that occasion, in the opinion of most Ghanaians, the EC despite all the odds, rose to the challenge and acted impartially in the interest of Ghana and showed no bias towards any of the two sides in that contest.
You may like
General News
NPA Announces Petroleum Price Floors For September 16 – 30, 2024
Published
2 months agoon
September 16, 2024By
Melody 911FMThe National Petroleum Authority (NPA) has announced the ex-refinery and ex-pump price floors for the period of September 16 to 30, 2024.
The price floors, which are the minimum prices at which petroleum products can be sold, are as follows:
– Petrol: GHS 9.04 per liter (ex-refinery) and GHS 12.31 per liter (ex-pump)
– Diesel: GHS 9.74 per liter (ex-refinery) and GHS 12.99 per liter (ex-pump)
– LPG: GHS 10.97 per kilogram (ex-refinery) and GHS 13.13 per kilogram (ex-pump)
– MGO: GHS 9.74 per liter (ex-refinery) and GHS 10.68 per liter (ex-pump)
– Local Kerosene: GHS 9.92 per liter (ex-refinery) and GHS 11.72 per liter (ex-pump)
The NPA has entreated Bulk Import, Distribution and Export Companies (BIDECs), Oil Marketing Companies (OMCs), and LPG Marketing Companies (LPGMCs) to comply with the announced price floors.
The NPA has also announced that the ex-refinery price floors exclude the premiums charged by International Oil Trading Companies (IOTCs) and the operating margins of BIDECs.
Similarly, the ex-pump price floors exclude the Marketers’ and Dealers’ Margins of OMCs/LPGMCs.
These margins will be independently determined by the companies, as pertains under the Price Deregulation Policy.
Overall, the announcement of the price floors for September 16 to 30, 2024, is a positive development for consumers and companies in the petroleum industry.
It will help to ensure that prices are stable and predictable, while also allowing companies to make a reasonable profit.
Source: dailyguidenetwork.com
General News
Cancel all prospective mining licences now
Published
2 months agoon
September 16, 2024By
Melody 911FMThe Youth in Natural Resources and Environmental Governance (Youth-NREG) Platform has joined the calls for a ban on all illegal mining activities commonly referred to as galamsey.
Youth-NREG in a statement dated Monday, September 16, urged the government to “Cancel all prospective mining contracts and/or licenses” until a solution for the galamsey menace is found or reached.
The group bemoaned the devastating impact of galamsey stating that “irresponsible mining is not only an environmental issue but also a matter of injustice and against the right to clean environment and good health of present and future generations.”
The management of Channel One TV and Citi FM will embark on a campaign titled ‘I Stand Against Galamsey’ on Monday, September 16 aimed at urging the government to take decisive and sustainable action against illegal mining activities that are destroying the environment and polluting water bodies.
The campaign’s objective will be amplifying the voices of various associations, organizations, and unions calling for an end to the illegal mining menace.
Youth-NREG also called on all “Ghanaian youth to support and actively contribute interventions that will lead to the restoration and protection of our ecosystem” in its statement.
Below is the group’s statement.
PRESS RELEASE
YOUTH CALL AGAINST IRRESPONSIBLE MINING AND THE DESTRUCTION OF FOREST RESERVES & WATER BODIES
The Youth in Natural Resources and Environmental Governance (Youth-NREG) Platform, which is made up of young climate and environmental advocates in Ghana is deeply concerned about the rampant irresponsible and illegal mining activities (galamsey) that continue to devastate Ghana’s forest reserves, agricultural lands, and water bodies.
Some 34 forest reserves and 4 major rivers have so far been severely damaged by such activities, leading to the loss of biodiversity, ecosystem services, and livelihoods. This ongoing destruction threatens the very survival of citizens and amounts to Ecocide, a crime against our environment and future.
We acknowledge the calls from various stakeholders, including religious leaders, civil society organizations, the Media Coalition Against Illegal Mining, and environmental advocates, for decisive action against these activities.
The Government of Ghana on the other hands has the ultimate responsibility in enforcing existing laws, holding accountable those responsible for this environmental destruction, and ensuring the restoration of the ecosystems that have been devastated.
In the light of this, the Youth-NREG Platform calls on the Government of Ghana to take the following actions:
1. Stop all forms of illegal mining activities with immediate effect.
2. Suspend temporarily all legal mining activities to comprehensively review and enforce existing policies and regulations.
3. Cancel all prospective mining contracts and/or licenses.
4. Ensure that all companies and individuals involved in or found guilty of irresponsible mining and the destruction of forest reserves or water bodies are surcharged and are made to bear the cost of restoring the damaged ecosystems.
5. Clearly make budgetary allocations from the national budget to support the District or Municipal Assemblies in fighting galamsey or irresponsible mining.
6. With immediate effect repeal LI2462 which we find very destructive to our environment and future.
7. Collaborate closely with community leaders, media and civil society organizations to improve surveillance, monitoring, and enforcement across the country’s forest reserves and rivers.
8. Present a blueprint of pragmatic livelihood alternatives for young people involved in irresponsible or illegal mining activities.
The time for action is now. Irresponsible mining is not only an environmental issue but also a matter of injustice and against the right to clean environment and good health of present and future generations. We therefore urge the Government of Ghana to lead the charge in holding perpetrators accountable and ensuring that the damages caused to our natural resources are reversed especially when Ghana has signed onto international protocols and conventions that enjoins us to promote and ensure environmental protection.
We at Youth-NREG remain resolute and unswerving to working with government, civil society, media, religious bodies, traditional leaders and other stakeholders to protect Ghana’s environment and promote sustainable development for future generations.
We call on all Ghanaian youth to support and actively contribute to interventions that will lead to the restoration and protection of our ecosystem. Let us remember that our survival as humans depends on how well we manage the environment!
General News
Security forces to be deployed at borders to prevent grain smuggling
Published
3 months agoon
August 27, 2024By
Melody 911FMDefense Minister Dominic Nitiwul says the government will deploy security personnel to all border towns across the country, especially the northern part, to prevent the smuggling of grains to neighbouring countries.
It forms part of the government’s ban on the export of grains to avert possible food shortages in the country following months of drought.
Defense Minister Dominic Nitiwel says the move aims to protect the citizenry.
“We will act well. We are deploying security personnel] across the borders, particularly in the northern part. We are also [deploying] to the east and the south. And so we will ask citizens to support the security agencies.
“If, for some reason, there is some unapproved route or approved route or somebody sees something that is going on that is not nice, please let us know so that we can act appropriately. It is for the good of all of us that we should not make our citizens suffer.”