Sunday, July 31, 2011

Biometrics voter verification - myth and reality

First of all, this is not a scientific discussion as most facts are based on assumption. Why I carried on with this post is simple:

Unless it is proven me wrong otherwise, else I still have doubt over feasibility of implement biometrics (fingerprint) verifications during the elections.

The Elections Commissions (EC) announced that they will implement biometrics voter verification system to counter possible phantom voters. This announcement is echo by the Government that biometrics verification is the best way to determine validity of voters.

One of the Bersih 2.0's 8 demands is to deploy indelible ink during the voting process to eliminate possible multi voting by a physical person.

It seems EC has countered Bersih 2.0's demand on the use of indelible ink but the two are coming from the same source, i.e. voter with valid documentation (MyKad), but addressing different issue.

EC mentioned that its biometrics verification is based on information stored in MyKad, i.e. voter's MyKad number and his/her fingerprint. If the verification device matches fingerprint stored in MyKad against the physical voter presence with his/hers physical fingerprint via the fingerprint reader, then it should be a valid voter, if the voter is designated to vote at the said polling station. There is no verification against authenticated hosts, i.e. National Registration Department's (NRD) servers, which can be very costly and challenging for polling station that may not have proper network access to the NRD hosts.

Let's start with use of indelible ink. Indelible ink provide quick and easy way to identify whether the voter indeed voted, without the need of equipment. This prevents one person from voting more than once in the elections, and effectively prevent both phantom voters, and voters who have been found appeared in the electoral roll more than once.

However, for biometrics verification, based on information released from the EC, is only good to deter possible phantom voters who should not exist in the first place. It does not address one voter with multiple votes, here is why:

If the electoral roll contains a voter appeared in different poling stations, using biometrics verification does not help since electoral roll allows the said voter to vote in more than one polling station. It is in effect legitimate the said multiple vote casting instead of invalidating or deterring.

There is no way for one to verify voter based on visual contact except via biometrics devices, and biometrics devices are in turn based on information stored on MyKad, and software application installed on the computer where verification device is attached to.

The above assumes that electoral roll is tainted, both Bersih 2.0 and the Oppositions have raised doubt over accuracy of the electoral roll with evidence in the past, yet it is still not rectified.

Second, biometrics verification has its own flaw, thus, it is always coupled with other method of verification should fingerprint matching failed:

1. Women during their periods, may find their fingerprint less clear thus may have difficulty picking up by biometrics sensor to effectively match with record stored in MyKad;

2. For some reason, fingerprint was distorted due to injury, verification can be difficult as the source is damaged;

3. Damaged MyKad. No one will notice their MyKad is faulty until they use it, since it is not meant for daily use, it is hard for one to confirm that their MyKad is effective;

The above may have invalidate valid voters from exercising their duty, unless EC does have contingency for voters in the above categories. EC has thus far never address this issue. Even if EC has alternatives to address the above, does it means it is possible to manipulate by damaging MyKad, for example, and avoid the biometrics verification?

If I let my imagination runs, concur with the above, extending the damaged MyKad scenario:

Throughout the years, there have been many incidents that MyKad faulty at some point, thus when MyKad holder found out, they have to get their replacement MyKad from NRD.

The question now: what is the treatment of the faulty MyKad? If it is supposed to destroy, how? Will it be possible that these damaged MyKad falls to unauthorized hands? We do not know.

If this is possible, then the damaged MyKad point raised above allows these MyKad holder to avoid biometrics verification, and if the name appeared in the electoral roll, and EC allows alternatives to verify without biometrics, isn't this defeat the purpose of biometrics verification all together?

The list can go on with wild assumptions, that I will not want to speculate further.

Conclusion: the use of biometrics verification, set aside implementation cost involved, has serious flaws to address, and addressing such flaws requires transparency of the entire process, not just voting process, but issuance of MyKad, and treatment of faulty MyKad, which is too big the task for all to appropriately address for all concerned.

In addition, it does not prevent multiple voting if there's no central servers to store up to date information, i.e. whether the same MyKad is already used in one polling station and try on another, which electoral roll has such duplications.

Even if the error is minimal, it may indeed influence the elections result and may not reflect the true will of the majority.

No comments:

Post a Comment