Supreme Court Rules on NASA's Application to Audit IEBC Servers

  • The Supreme Court has rejected the National Super Alliance's request for "unfettered" access to audit the IEBC servers.

    The court has instead granted NASA read-only access to select data and equipment IEBC used to conduct August 8 poll and transmit election results.

    Issuing the directive, Justice Isaac Lenaola stated that the petitioners would be granted a read-only copy of information relating to the number of servers.

    "The petitioners will be granted limited access to IEBC servers to protect the integrity of its systems & guard against compromising the identity of its users, and suppliers," he explained.

    The Court directed the Registrar of Supreme Court to supervise ICT officer and two independent IT experts who would undertake the exercise of looking into the IEBC servers.

    They are required to avail a report on Tuesday by 5 pm.

    Here is what NASA has been allowed to access:

    1. The number of servers used in the August 8 polls.

    2. Firewalls used to protect the Kenya Integrated Election Management Systems (KIEMS) from hackers without disclosure of software version.

    3. The operating system of KIEMS without releasing the software version.

    4. Password policy and password matrix used to access KIEMS.

    5. The System user types and levels of access.

    6. IEBC election tech system redundancy plan comprising of the business continuity plan and disaster recovery plan.

    7. Certified copies of certificates of penetration tests conducted on the IEBC ICT system prior to and during the election.

    8. Specific GPRS location of each KIEMS kits used during the election for the period between 5th August and 11th August.

    9. Polling stations for and their allocation for each KIEMS kits used during the August polls.

    10. Technical partnership agreements for IEBC Technical system including the list of partners access they had to the system and Application Programming Interface (API) used.

    11. Log-ins and trail of users of KIEMS between August 5 until now.

    12. Original and certified copies of Forms 34A and 34B used to declare results.

    13. Scanned and transmitted copies of Forms 34A, 34B, and 34C.