Why IEBC didn't grant agents access to server

The Independent Electoral and Boundaries Commission (IEBC) did not provide a forensic image of the server hosting Form 34C to agents of the petitioners challenging President-elect William Ruto's win, citing security fears.

At the same time, discrepancies emerged from an inspection of select ballot boxes, even as a recount of ballots matched the figures in Forms 34A.

A report by the Registrar of the Supreme Court on the scrutiny of IEBC's ICT systems said that the polls body argued that the said image would expose its systems and infrastructure data.

That was in contravention of one of the Supreme Court's orders that had stated that the IEBC make available the same image to the parties.

Registrar Letizia Wachira quoted IEBC as saying that "granting access to a copy of the image to the parties' agents would also include granting the agents privileged access to the image once recreated as a server and therefore access to all virtual servers and the entire election technology and other enterprise applications hosted in the same server".

According to the report, the IEBC delivered the said image to the court yesterday, as part of a commitment that involves parties "to apply for access."

Similarly, the report states that the electoral agency did not provide the details of the owners of system administration passwords, with the IEBC telling the registrar that the move had been "excepted by the order".

"Exposure of names and identity of system administrators possesses grave security threat to administrators."

In court, parties had argued that foreigners and ungazetted officials had been granted administrative access to the IEBC servers, with IEBC lawyers saying that the said rights, specifically to foreigners, were part of contractual obligations. The commission is set to give clarification on the same this morning.

The commission did not also issue its sealed contracts with different partners citing non-disclosure agreements.

The registrar's report, however, acknowledged that the IEBC had complied with most of the directives relating to scrutiny of its servers, listed in four orders issued by the Supreme Court on Tuesday.

Among the materials provided include penetration test reports, with the commission complying to grant supervised access, among other issues.

A review of the IEBC logs, as stated by the registrar, did not reveal suspicious activity. The said finding is listed under a section labelled party interrogations into the system.