IEBC May Be Required to Host Servers Locally, According to Proposed Regulations
The Independent Electoral and Boundaries Commission (IEBC) could soon be mandated to have its servers hosted within Kenya, as per proposed regulations.
The Computer Misuse and Cybercrimes (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024-
aim to localize critical information in the country.
The IEBC, responsible for crucial operations like voter registration and voting, falls under this category.
The proposed regulations state that “an owner of critical information infrastructure shall ensure that the information is located in Kenya.”
However, if an owner wishes to have their infrastructure located outside Kenya,
they must submit an application to the National Computer and Cybercrime Coordination Committee, headed by a Director-General.
The committee will review the application, assess its compliance with security standards outlined in the Act, and provide a decision within 30 days.
The IEBC, as both a data controller and processor, holds the voters’ roll,
which is classified as personal data under the law.
The management of electoral data, including the voter register and transmission of election results,
has been a contentious issue in Kenya’s electoral history.
During the 2017 presidential election petition hearing at the Supreme Court,
the IEBC faced criticism for failing to open its servers despite court orders.
It was revealed that the servers were hosted in France by a company called OT Morpho,
the supplier of the Kenya Integrated Election Management System (Kiems) used in the 2013 and 2017 elections.
The Supreme Court’s nullification of the August 8, 2017 presidential election results was partly due to the IEBC’s refusal to open the servers.
The court ordered a fresh, fair, and credible election to be held on October 26, 2017.
However, prior to the new election, Raila Odinga, then a presidential candidate,demanded that the IEBC server be relocated from France to Kenya.
Odinga alleged that the French IT firm was involved in subverting the will of Kenyans by allowing unauthorized access to the IEBC servers.
He called for the French Embassy to intervene and prevent the two employees from interfering in Kenya’s elections.
In addition to the IEBC, the proposed regulations also cover 15 other sectors considered critical infrastructure.
Among them include defense, education, civil administration, public order and safety, transportation, financial services, and health.
If the regulations come into force, the IEBC will be required to comply with the local hosting requirement.
Thus ,ensuring the security and integrity of Kenya’s critical information infrastructure.