Forthcoming research investigates whether biometric voter register was misappropriated for political campaigns in Kenya

This brief was written by the Centre for Intellectual Property and Information Technology (CIPIT) of Strathmore University in Kenya. CIPIT is currently investigating how the privacy of Kenyan citizens was affected by the use of biometric data during the just concluded 2017 general and repeat elections.

Key points
  • The Centre for Intellectual Property and Information Technology (CIPIT) is conducting research that investigates how misuse of the biometric data collected by the Independent Electoral and Boundaries Commission (IEBC) could affect Kenyan’s privacy.
  • Increasingly more sensitive personal data about Kenyans is being collected by government agencies and private corporations. Such data can be mined for patterns that inform automated decisions uses beyond the original consent for which a person authorized so risking their privacy.
  • Our research is looking to verify reports that existing databases on telecommunication subscriptions, population registers and voter registers were mined to identify and reach out to unregistered voters based on their geographical location.
  • Kenyans need a data protection legislation to actualize their privacy rights to protect them from unauthorized data processing that facilitates discrimination, social sorting and mass surveillance.
News & Analysis
Centre for intellectual property and information technology law's logo

Overview

CIPIT is currently investigating how the privacy of Kenyan citizens was affected by the use of biometric data during the just concluded 2017 general and repeat elections. The IEBC is mandated by law to register voters, verify their registration details and conduct elections. Accordingly, the IEBC is the custodian of the public voter register. There have been reports that individuals received SMS texts from candidates vying for various political seats during the campaign period of the elections. These texts were allegedly accurate as to where the individuals were voting and to some extent, their political inclinations. Our research objective is to investigate such geo-targeting and profiling claims via telecommunication networks and their implications on the voter’s privacy and security.

CIPIT’s Research Fellow on ICT Dr. Robert Muthuri said:

“Biometric technology was adopted to implement the Kriegler Commission recommendations in a bid to restore public trust and enhance electoral justice. Given the sensitive data being collected, such data technologies must be adopted responsibly. Otherwise those governing these technologies could reinforce inequity, limit accountability and infringe on the privacy of individuals with significant consequences. For instance, knowledge that biometric data was used to sway the elections, could incite further violence, defeating the purpose for adopting biometrics in the first place. Therefore, our adoption of data technologies cannot be ad hoc; a clear regulatory framework for privacy will help stipulate appropriate system requirements to manage the data lifecycle for biometric and other emerging data technologies.”

Following the recent swearing-in of the president that concluded the electioneering period, and with the selection of parliamentary committee on ICT underway, we call on Parliament to re-initiate sector-wide stakeholder consultations on the Data Protection Bill with a special focus on:

- The protection of biometric data and other types of sensitive personal data types;

- Regulation of the growing trend by corporates to collect excessive and unwarranted amounts of biometric and other types of sensitive and personal data;

- Regulation of emerging data technologies.

Background on Biometric Technology in Kenyan Elections

Kenya was motivated to invest in biometric technology to rebuild the trust broken by entities that exploited the vulnerabilities of producing, storing and authenticating a manual register. Firstly, biometric voter registration would ensure an accurate voter register. Biometric verification at the polling station would ensure the person seeking to vote is who s/he claims to be, and the results could be transmitted to IEBC, reducing chances of tampering while offering a trace-back for audit. The extent to which biometric technology has improved the credibility of Kenyan elections is still a contested claim; the March 2013 elections and the recently nullified August 2017 elections were plagued with functional failure and limited transparency respectively, despite being one of the most expensive election worldwide, at $25.4 per voter against the world average of $5 per voter.

The next report in this project will be a more in-depth analysis of biometrics and elections.

CIPIT is happy to brief you with further background information and/or more information regarding these recommendations.