New software is installed not because of the data but because of new enhanced features, user friendliness, changed requirements and possibility to make better use of the data by way of analytics for improved decision better.
Of course in any new software installation from an existing system to a new system, existing data can easily be migrated but one of the bizarre reasons given by the Electoral Commission (EC) was that the data could not be migrated so a new voters’ registration exercise was needed. This came with its own political ramifications and the rest as they say is history.
In software change management, there are certain related pre-determined operational and systems risk universe that have pre-determined mitigating factors. This includes post implementation activities that may end up at times having parallel runs to test the integrity of the new installation against known results in the old system. Of course depending on the challenges, one can choose to have a turnkey operation of completely shutting down the old system for the new in small less sensitive projects.
The challenges in data migration mostly involve incomplete or truncated data transfer, duplication of data transfer for which a data reconciliation can resolve. This really has nothing to do with the actual new software but the migration architecture that may have been used and can be corrected. Banks for that matter; seldom do such software changes getting to the end of the year when they need to prepare their financials. In changing software anything is possible some which cannot be envisaged until the project starts. This needs time depending on the scale of the project to resolve. It is in this wisdom that it is advisable that six months into an election, changes should not be made to the Electoral Commission’s system but the EC project team decided to go against this cardinal rule.
After the registration and the exhibition of the provisional register, the following amongst others have been reported:
- Duplicated voter identification card numbers with two voters having the same number.
- Deleted names which is different from missing names.
- Names without pictures
The above, if not human errors are a source of concern since it hinges on the integrity of the new software that is to be used in the 2020 elections in December. Deleted names can be associated with both human and software errors but duplicated numbers and names without pictures are more of software than human error and this should not be taken lightly. The pictures were captured under the voter’s name and saved and cards printed. If the register has the person’s name but no picture, this is not a human error. If the two people have same card number, this is not a human error.
Software patches can always be written to correct software errors but in an election such errors have far reaching effects of affecting the Constitutional and human rights of self-determination by the citizenry. How do we know that an error would not occur on the voting day where people’s votes can be doubled or some deleted? How do we know that the system cannot reduce one party’s vote for the other? At this point where is the redress system? The harm would have been caused and results will be declared since there are timelines to the election process.
The EC made us to believe that the old register had data integrity issues as a result of being over bloated, having foreigners, ghost names etc but this was not related to the integrity of the software. Now the new one has both data and software integrity issues which in my opinion is more devastating. As at now, no one is talking about the biometrics because that aspect was largely not tested during the exhibition exercise. What happens if A’s finger print has been wrongly matched to that of B? At which point is this going to be corrected, unless the EC has an ultimate plan of using the manual register on voting day. To put it in layman terms, a typist who makes an error on a document can retype or at best say sorry but what about a driver of a vehicle who makes an error. You will be dead and what use is the sorry.
I think the EC’s final work must be certified by the Data Protection Commission to assure us, data subjects, that our information has not been compromised especially the biometrics. Remember that access to this database has in the past without our consent been made available to private institutions such as banks for a fee to verify our identity which has its own legal implications.
It will be interesting to know how the EC can get out of this self-inflicted software integrity challenges relating to the compilation of a new voters register without a devastating impact on the stable democracy of the country. With this, it can be said that Ghana’s democracy is at crossroads.
The author Dr. Kofi Anokye Owusu-Darko, holds an EMBA (IT Management) and an LLM (IT & Telecommunication)