South Africa’s general elections are approaching, and will allow every registered South African to have a say in the future of the country.
Given the importance of the elections, it is critical that the voting process runs smoothly. If there is even a shadow of doubt about the integrity of the elections, there will be an uproar.
This is why it’s important that the IEC’s electoral system is both transparent and optimised.
MyBroadband sat down with the IEC’s Chief Information Officer Libisi Maphanga to learn more about the electoral process in South Africa and how it remains secure.
Maphanga explained that the primary vote counting process is completely manual.
Once all the votes have been counted, the final results slip is scanned at the IEC’s local office in order to digitise the results. The results are then immediately sent to the IEC’s data centre.
Maphanga said that all parties accessing digital information from the IEC are accessing it from this data centre and they have adopted a centralised architecture.
Auditors are then brought in to check the voting data and ensure that everything is the same on the slip as it is in the system.
Before the results can be finalised, they also go through an automated exception management process that checks that the auditor hasn’t missed any discrepancies or irregularities.
“For example, if a station has 2,000 voters, and the slip has 3,000 votes, it will be flagged as an exception and then we will look into it,” said Maphanga.
Once both the auditors and the exception management process are happy with the data, it can be released “unofficially” by the IEC on its website.
The IEC’s API service also allows news sites to develop live election results platforms for their readers by giving them access to the voting data.
The official announcement regarding the election results must then happen between 2-7 days from when the voting took place.
To make sure all goes smoothly, all IEC staff undergo training ahead of the national elections to ensure they are prepared.
“We have by-elections every month, so most of the staff – particularly those from municipalities with by-elections – never really get away from the system,” said Maphanga.
He said that members of each party are also included in the training process so that when they monitor the election process on the day, they know how operations work.
Staff also go through at least two “dry runs” in the month before the elections take place.
“Basically we simulate election day, and we get everyone across the country in our offices to spend two or three hours processing and capturing results,” said Maphanga.
Maphanga said that while their system operates off a single server, there are rigorous measures in place to ensure there are no hiccups.
There is substantial power redundancy in place, including a generator and two UPS devices, to ensure that power functionality is maintained at all times.
Additionally, the IEC has an agreement with Eskom that no power station maintenance may take place on the day of the elections.
Server maintenance processes happen once every month to ensure that all power sources are working optimally, which complement a digital monitoring system that sends real-time information about any faults in the system.
The server also uses multiple processors which run in parallel – each processor using a small portion of its total capacity so that even if individual processors were to malfunction, the system would continue to run smoothly.
The IEC also backs up data every day, as well as executing more rigorous backups every week and month. These backups are stored on tapes and disks, and are kept off-site.
All data is also replicated in real-time to an off-site secondary server, which is ready to continue operations should something happen to the main server.
Maphanga added that the server has never malfunctioned in almost 9 years of operation.
Maphanga said the server has been equipped with a variety of powerful firewalls and other security measures to thwart any hacking attempts come election day.
However, he added, nothing is foolproof.
“When you get to very complex hacking that might include injections in the most sophisticated way, you’re never sure.”
If someone was to hack the server, Maphanga said the server’s powerful monitoring functionality would immediately discover the breach and alert the IEC.
“We monitor at many points, and if there is something we’re unhappy with, we’ll pick it up,” Maphanga said.
Additionally, the IEC gets auditors to come in and test the system before election time.
“They ensure that there are no gremlins or hidden code in the system.”
Despite all of these security measures, Maphanga believes the most important security measure the IEC has put in place is transparency.
Every single stage of the election process is open for all parties to witness, ensuring that nobody can accuse the election body of interfering in the process in any way.