Were The IEBC Servers Hacked?

Kenya Elections 2022: Were The IEBC Servers Hacked?

By John Walubengo

Were the Independent Electoral and Boundaries Commission (IEBC) servers hacked? This seems to be the million-dollar question before the Supreme Court. So, one has to be careful about what to discuss and what not to discuss in a matter before the court. We shall therefore try to look at the issue from an academic point of view.

The hacking story has been around social media for a while but was officially presented in the John Githongo Affidavit to the Supreme Court under the 2022 Presidential Petition No. 1. It has since gained wide coverage in mainstream media and social media and generated intense public interest.

But what exactly is hacking?

In general, hacking means gaining unauthorized access to data in a system or computer. More specifically, section 14 of the Computer Misuse & Cybercrime Act (2018) makes unauthorized access an offence by stating as follows:

A person who causes, whether temporarily or permanently, a computer system to perform a function, by infringing security measures, with intent to gain access, and knowing such access is unauthorized, commits an offence and is liable on conviction, to a fine not exceeding five million shillings or to imprisonment for a term not exceeding three years, or to both.

So legally speaking, if anyone is proven to have hacked the IEBC systems, they will be liable, on conviction, to a fine not exceeding twenty-five million shillings or imprisonment for a term not exceeding twenty years or both.

But clearly, the petitioners may not be too interested in jailing anyone – even though their self-confessed witnesses face the risk of jail. The interest is to demonstrate that the Presidential results in Form34A uploaded onto the IEBC servers were hacked and manipulated in favour of one of the leading candidates.

Is the IEBC Server Hackable?

We shall avoid going into the merits or demerits of the allegations and instead ask the question:- is it possible to hack IEBC servers?

The simple answer is yes. After all, even the US Department of Defence, with all its huge cybersecurity budgets, gets hacked once in a while. There is nothing like a 100% secure system within the information security domain. So IEBC servers can, and perhaps did, get hacked.

However, within the context of winning a Presidential election, one should go further and ask the question: would hacking and changing presidential figures on a digital server give one candidate an advantage over the other?

The answer to that question requires one to understand whether IEBC uses the Presidential tallies on the digital Form 34A or the physical Form 34As to make the final declaration on who becomes the President-elect.

IEBC Form 34 A Verification Process

In practice and procedure, IEBC uses BOTH the digital and physical Form 34As to make that determination. Essentially, the digital Form 34A is an advance copy that is subsequently compared with the physical/hard copy that will arrive at the National Tallying Center (Bomas of Kenya) where the verification exercise is done.

During verification, the physical Form 34A is compared to the digital Form 34A online. In the event of discrepancies, the physical Form 34A takes precedence in terms of which tallies to use in order to declare the winner of a presidential election.

In summary, hacking the IEBC Servers in order to change Form 34As may not yield any advantage to the hackers – unless they also have a mechanism to change the physical forms signed previously at the polling stations such that they match the newly introduced hacked figures.

Is that physical hack of Form 34As possible?  Perhaps that’s the homework for Supreme to interrogate and tell us.

John Walubengo is an ICT Lecturer and Consultant. @jwalu


This is a series of blogs about the 2022 Kenya Election. KICTANet has deployed 87 election tech observers covering 21 counties in Kenya.

 5,966 total views,  2 views today

David Indeje information

Related Posts

Submit a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.