Enhanced Privacy Electronic Voting System (EPEVS)

EPEVS provides privacy by enabling users to determine who can assess their data via USSD instructions.

Africa has enormous potentials for development because of its vast natural resources, arable land, and workforce. Sadly, due to limitation in its leadership capacity, election interference, and poor electoral systems, it is almost impossible for most Africans to select the right leadership, which in turns leads to under development. 

In addition to the poor electoral system, the cost of elections is exceptionally high, for example, my country Nigeria is spending over $625 million for the 2019 elections, and a considerable part of the amount is spent on voter identification registration, and administration. Despite this vast cost, the number of registered voters is about 50% of the eligible voting population, and elections most times are violent due to ballot box snatching and voter intimidation. This voting problem leads to poor leadership and corruption within the government; and limits our ability to develop our countries. 

To address this problem, a strong technology backed voting system that provides user privacy and the ability for users to control their votes/data needs implementation. 

The Enhanced Privacy Electronic Voting System (EPEVS) is a cost-effective solution that allows users from developing countries register to vote using USSD/SMS. It provides privacy, and control for the user by enabling users to determine who can assess their data via USSD/SMS instructions.

EPEVS provides secure voter registration, SMS voting, and the system permits users to share data with other third parties for identification for instance, to open bank accounts. 

EPEVS is a new application of technology and innovation in numerous ways:

1. EPEVS addresses a significant problem in developing countries that affects all aspects of country development – Leadership.
2. EPEVS ease of:
   1. Registration – via geolocation systems to ease information required;
   2. Issuance – via virtual cards and tokenization
   3. Authentication – 2FA using a registered phone line and passcode
   4. Life cycle management – using specific shortcodes to update records
3.  Federation – EPEVS users can generate authentication codes for third-party organizations. 

We designed EPEVS primarily for elections in developing countries. However, we considered the secondary use of identity validation by third parties.

We have ensured privacy in design by:

1. Registration – the government is responsible for the data collection process. This way we transferred privacy concerns and risk to the government during the registration process.  However, once the process of registration is complete, data is no longer accessible to the staff handling the registration.
2. Authentication – to prevent unauthorized access to data, we encrypt the data and users may only access their data via a registered mobile line and passcode. This way even if the phone lost or stolen, EPEVS maintain the privacy of data.
3. Lifecycle Management – using a USSD command and passcode users can update limited field, i.e., location. However, EPEVS prevents a change of name or date of birth.
4. Federation – we would create a frontend for authentication of user details. The data owner may generate a code and provide to a third party in need of identification. The third party validates the code on the frontend. Using this method prevents unauthorized access to data without the owner consistent.    

We would not integrate EPEVS directly into other identification systems, because integrating directly may lead to third parties writing or modifying the user’s data. However, our approach is to give the user a method of controlling who can access their data by providing codes for third parties to validate using EPEVS web front-end.  

1. Session length – the connection timing between the user and service provider is higher than the regular USSD connection.
2. Cost of sessions – since the purpose is government related, EPEVS might be almost free for the user depending on the country of use.
3. Security – the returning codes would have less information to display to safeguard user data and to improve the usability of the systems – i.e., users not bothered with too much information.
4. Character limits and inputs – by design the number of characters that the user needs to provide would significantly be moderate. 

Regarding interoperability, we considered the following:

1. Telecommunication providers – we intend to use EPEVS across all networks within the country. The interconnection will enhance communication from any line of a different service provider.
2. Third party application – we intend to create APIs that allow third party use of the validation service. However, we would limit the data exchange on a need-to-use basis. 

EPEVS addresses concerns with reduced bandwidth and lower literacy/numeracy levels by:

1. Creating an offline mode during the registration process of users'.
2. USSD/SMS the system primarily utilizes USSD and SMS connectivity which do not require data.
3. Usability – we considered the literacy level by providing simple commands and limits in character inputs.  

Success of EPEVS is for developing countries to select the right leaders, which in turn would bring about development in all sectors of the country. Running EPEVS in one country (supported by WBG) can influence other countries by sharing the knowledge gained from the process. The WBG can assist in developing this solution and implementing in various countries.  

In 5 years, most countries would adopt this technology based on the significant benefits. 

I currently work with the African Development Bank as an IT Auditor. I am submitting the EPEVS concept independently from my organisation.

I am currently an IT security expert and understand the problems faced in developing countries due to my experience working for a development bank.  

The solution can generate revenues from a number of sources:

1. Third parties such as banks can pay for validation of users;

2. Users registered to vote using SMS can be charged a convenience fee for usage;

3. Government can fund the project because it would help significantly reduce cost of elections; 

4. Telecom provides may charge a fee per successful USSD command - this can be shared. 

The Mission Billion Challenge can advance my work in terms of ensuring governments of developing countries implement a secure technology backed voting system for elections (EPEVS). In addition, the discussions with the stakeholders of the Mission Billion Challenge can lead to changes in government and funding policies from the World Bank and other donor agencies. 

The key barriers for implementation are:

• Unwillingness for governments to implement technology as they may lose control over rigging or influencing elections. 
• Solution: Donor agencies to make technology backed elections a prerequisite for funding projects or assistance; Include Technology voting systems as part of ease of doing business metrics for countries especially developing countries.
• Legislative changes in developing countries to support registration, voting and acceptance of new systems, 
• Solution: Change management and acceptability; incentives for changes for donor agencies;