Skip to main content

New Paper: South African Electoral Commission’s Mobile App for Voters - Scott Timcke

In the December 2024 recent issue of the African Journal of Information and Communication, Nawal Omar and I  have a study on the IEC's mobile app, and how it handles data privacy and security dimensions. More broadly, while digital tools can enhance voter participation and streamline electoral processes, they must be developed and deployed with utmost attention to security and privacy - the cornerstones of democratic integrity. The trust citizens place in electoral systems extends to the digital tools that support them, making cybersecurity not just a technical requirement but a democratic imperative. These matters will become more acute in the years ahead

Here is the title, abstract and other details:

South African Electoral Commission’s mobile app for voters: Data privacy and security dimensions
Nawal Omar, Scott Timcke

In 2014, the Electoral Commission of South Africa (also known as the “IEC”) launched a mobile app to support voter participation in electoral processes. The app, called IEC South Africa, can be used to verify, update, and confirm a voter’s registration details and voting station. It also provides an interface for special-vote applications and real-time election results. This study conducted a privacy and security analysis of the app, through a compliance review of the IEC’s privacy policy in terms of the South African data protection legislation, followed by an analysis of the app’s APK files, permissions, third party trackers, and vulnerabilities, including API (application programming interface) calls. The analysis revealed several security and privacy concerns, including inadequately secured API keys, the potential for unauthorised access, and the potential for data breaches. In addition, the presence of advertising and analytics trackers suggested third party data-sharing, raising concerns about transparency and user consent. The study draws attention to the need for the IEC to take action to address the app’s security and
privacy weaknesses. The study also demonstrates the importance of data minimisation, transparent practices, and adherence to privacy policies in order to maintain user trust and security in electoral technology.

Keywords
elections, voters, technology, mobile apps, data privacy, data security, South Africa, Electoral Commission, IEC

Recommended citation
Omar, N., & Timcke, S. (2024). South African Electoral Commission’s mobile app
for voters: Data privacy and security dimensions. The African Journal of Information and
Communication (AJIC), 34, 1-21. https://doi.org/10.23962/ajic.i34. 18132
Labels:

Comments

Post a Comment

Popular posts from this blog

Beyond a buzzword: Can Ubuntu reframe AI Ethics? - Anye Nyamnjoh

The turn to Ubuntu in AI ethics scholarship marks a critically important shift toward engaging African moral and politico-philosophical traditions in shaping technological futures. Often encapsulated through the phrase “a person is a person through other persons”, Ubuntu is frequently invoked to highlight ontological interdependency, communal responsibility, relational personhood, and the moral primacy of solidarity and care. It is often positioned as an alternative to individualism, with the potential to complement or “correct” Western liberal frameworks. But what does this invocation actually do? Is Ubuntu being used to transform how we think about ethical challenges in AI, or is the emerging discourse merely softening existing paradigms with a warmer cultural tone?   The emerging pattern A recurring pattern across the literature reveals a limited mode of Ubuntu engagement. It begins with a description of AI-related ethical concerns: dependency, bias, privacy, data coloni...
Post a Comment
Read more

Towards Tech Self-Determination: The case for an African AI Safety Institute - Scott Timcke

As AI foundation models become ubiquitous, the African continent faces a reckoning.  Almost all of the digital technology Africa uses is imported. The anchoring effects of technical codes, standards and specifications act as a kind of shadow regulation that limits how much direct control Africans can have on these systems. Africa cannot afford to be a passive recipient of technologies developed elsewhere, with little consideration for disruptions to local contexts. Instead, a proactive, comprehensive approach to AI safety must emerge, one that is holistic in nature.     A Strategic Imperative for Preserving Self-Determination The traditional approach to tech governance - characterized by reactive regulation (or the lack thereof) - is inadequate. By contrast, an African AI Safety Institute could rise above the narrow confines of technical assessment. Its mandate could extend far beyond simple compliance or risk mitigation to better understanding the ways in which alg...
Post a Comment
Read more