The biometric system that the Election Commission proposes to use in the next general election is foolproof, said the National Registration Department.
The department, the custodian of the data of about 27 million people, including 12million registered voters, also said it had other details of every Malaysian, including their family trees and thumbprints, in its database.
“This cannot be altered,” department director-general Datin Jariah Mohd Said told the New Straits Times last week.
She refuted allegations that the department would be used to tamper with the data of Malaysians to give the ruling party an edge during the polls.
The department stores and updates the profiles of citizens from the time of their birth, that is, when birth certificates are issued.
It updates the data when citizens apply for identity cards at the age of 12.
These forensic evidence, documents and history could not be forged, she said.
It does sound quite convincing that biometric verification can be used in the next election.
But the truth is at best partial. The EC voter verification system is NOT foolproof unless it is properly planned, designed and audited to have the response time and security required.
Here are some serious flaws in using biometric technology for elections in Malaysia.
1. Database is Accurate
It is as accurate as the audit done on the entire capture to archive process. Is there both an internal and external audit done? We may never know. We just have to assume that it is done right and publicly declared by recognised auditors.
2. Not Designed for Huge Amount of Access at the Same Time
The NRD system was designed solely for NRD internal use. The network, security and database will not be able to cope with the load to verify electoral voters. If you had recently gone to get a new IC, you will instantly be able to tell that the internal use is already giving slow response times. What more when the queries come from all over the country at the same time every second continuously. There are 12 million voters in 2008 with an expected increase for the next GE. Traffic is dependent on voter turnout and all expectations will see a high percentage, if not higher than GE12 in 2008.
3. Malaysia is a Developing Country with a large part Under Developed
We only look at major cities like Kuala Lumpur whenever we think of Malaysia. But there are many locations where voting centers are found have poor mobile network coverage especially GPRS/EDGE which such biometric verification requires. Any infrastructure which is on a best effort basis cannot be relied to give voter confidence. What happens when the network is down? What happens when there is power failure and device can’t be charged? What happens when the chip reader is faulty and doesn’t work? What happens when the buttons don’t work? What happens if … there are many instances when high tech devices won’t work as they are not properly taken care of.
4. Hand Held Reader Microcode Can Be Customised
There will be a need for a large order for hand held scanners. In the 2008 General Election, there were a total of 7,950 voting centers with 21,822 voting stations nationwide. There is a need for EC/NRD (needs to be sorted out for security reasons) to custom order at least 21,822 units for primary use and 16,000 units for emergency use.
Who will audit these units that it works properly and not programmed for additional vote rigging purpose? This is one major area of fraud exposure. It is not in the NRD audit control. Who then shall provide a reasonable level of trust for these devices?
An example is that if details on a MyKad is different from the NRD database, the device can still return an appearance of a match.
Another challenge is a malfunction of the device. A manual backup system is needed and clear policies as which system will be the authoritative one. The EC must think and work this out very soon and not just make rhetorics about biometric systems.
5. Malaysia is not yet ready for Biometric for Voter Verification
We have yet to see a Government system working properly, fast and reliable for usage that is unplanned and not designed for. Even in standard use they are not designed for heavy loads. What more with so little time to plan and test for such an important event that needs infrastructure and security fully tested and audited? IT projects of such importance must be procured and implemented with proper design and planning. Not a rush job.
For now, there will be a general lack of confidence all round on EC’s proposed use of biometric verification. Not until biometric technology has affected many more areas of Malaysian life to be well tested and trusted.
That’s why Bersih’s demand for use of indellible ink is more practical and failsafe. No worries for technology failure.