Zimbabwe’s uneven electoral field: Data protection laws used to deny digital voter roll inspection · Global Voices
Advox

Image courtesy Ameya Nagarajan
This piece was written as part of  Advox's partnership with the Small Media Foundation to bring you the UPROAR initiative, a collection of essays highlighting challenges in digital rights in countries undergoing the UN's Universal Periodic Review process.
As Zimbabwe heads for elections in August this year, electoral watchdogs continue to implore the government to implement meaningful electoral reforms such as availing the digital version of the voters’ roll.
However, the body charged with election administration, the Zimbabwe Electoral Commission (ZEC) is firmly resisting these calls citing the need to comply with the Cyber and Data Protection Act 2021. In the interests of transparency and public interest, the conduct of electoral officials has only served to impugn the credibility and integrity of the whole electoral process. Earlier this year, voters received unsolicited text messages from the ruling ZANU PF party, which has been in power for 43 years, highlighting significant information security breaches.
Although physical copies of the voters’ roll can be accessed at the ZEC offices, stakeholders argue that the digital version is vulnerable to manipulation by political actors with an interest in determining the electoral outcome. In April this year, ZEC chairperson Priscilla Chigumba told parliament that releasing the electronic version of the voters’ roll, as demanded by opposition political parties, would violate the Cyber and Data Protection Act. Chigumba said that the cyber law has placed additional responsibilities on the commission in terms of the format in which data should be disseminated to the public, in order to protect voters’ personal data.
She added that there is need to ensure that the Electoral Act be aligned with the Cyber and Data Protection Act in the interests of ensuring that voters have ready access to the voters roll while guarding the public from identity theft. Her remarks to parliament come shortly after the High Court rejected a lawsuit by Harare North member of parliament Allan Markham, of the main opposition party Citizens Coalition for Change (CCC), seeking to compel ZEC to release the electronic version of the voters’ roll for inspection and audit. In a ruling, Justice Never Katiyo concurred with ZEC that releasing the digital version of the roll would compromise the security of its database. Markham has since taken the matter to the Supreme Court.
However, civil society groups accuse the election management body of deliberately violating the constitution, under the guise of complying with the cyber law. Section 11 (5) (h) of the Cyber and Data Protection Act provides that a Data Controller, in this instance ZEC, shall process sensitive data if the processing of data is authorised by a law or any regulation for any other reason constituting substantial public interest. Furthermore, Section 21 (3) of Zimbabwe’s Electoral Act authorises ZEC to “…within a reasonable period of time provide any person who requests it, and who pays the prescribed fee a copy of any voters’ roll either in printed or in electronic form as the person may request.”
However, the ZEC has a consistent track record of denying opposition parties and the public access to the voters’ roll. In a statement, independent watchdog, the Election Resource Centre (ERC) argued that ZEC is legally obligated by both laws to avail voters roll data as it constitutes substantial public interest, and its availability is necessary for electoral participation and the realisation of political rights.
“The continued denial of the voters roll especially to persons with a legitimate interest in the voters roll and free and fair elections…under the guise of data protection is unlawful and detrimental to the credibility of the 2023 harmonised elections,” the ERC said.
In emailed responses to a Global Voices enquiry, human rights lawyer Nompilo Simanje pointed out that the feedback from ZEC as represented by Chigumba highlights a critical legal issue that there is a need for harmonisation of laws. “While access to the voters’ roll is provided for in terms of the Electoral laws, ZEC indeed also has obligations in terms of the Cyber and Data Protection Act which places obligations on the use, transmission and dissemination of data,” she said.
Simanje said that this is an issue where a balance has to be found between promoting access to information and promoting the right to privacy.
Popular Zimbabwean journalist Hopewell Chin’ono tweeted that without a voters’ roll, the election is already rigged in favour of the ruling party ZANU PF.
President Emmerson Mnangagwa of Zimbabwe announced that Zimbabwe’s elections will be held in August.
The constitution says it must be held before 26 August.
It means the opposition has only 2 months to have its candidates ready, have its polling agents ready and have its… pic.twitter.com/Tmkat78nRl
— Hopewell Chin’ono (@daddyhope) May 13, 2023
The stakes remain very high for the ZANU PF government, as elections slated for August draw closer. A state security affiliate known as Forever Associates Zimbabwe (FAZ) headed by Central Intelligence Organization Co-deputy Director Brigadier General (Rtd.) Walter Tapfumaneyi is reportedly working with ZEC to manage the polls in favour of incumbent President Emmerson Mnangagwa. FAZ has been allocated USD 10 million to prepare for the elections, although the arrangement is not constitutional.
In April this year, a number of eligible voters received accurately targeted campaign SMS messages from the ruling party, with details such as voters’ full names and where message recipients had registered to vote. Several citizens raised concerns about how they had received these targeted campaign text messages from the ruling party, inferring that this data was obtained from ZEC’s servers. Data analysis group, Team Pachedu tweeted that voters in new constituencies were receiving unsolicited messages from the ruling party ZANU PF.
ZEC has illegally leaked the new voters roll with phone numbers to ZANU-PF.
Voters are now receiving unsolicited ZANU-PF messages including those in new constituencies.
The Data Protection Act and multiple laws have been violated.
We demand an explanation!@ZECzim @Potraz_zw pic.twitter.com/2eCXPyfpes
— Team Pachedu (@PacheduZW) April 3, 2023
These personal data breaches, being administered under a biometric voting system, pose a substantial threat to citizens’ freedom of expression, privacy and political association rights.
The group also alleges that ZEC is deliberately refusing to avail the digital version of the voters’ roll for auditing in order to manipulate the electoral outcome. In the tweet, the group alleges that ZANU PF political operatives are moving voters en masse from rural areas to urban areas, where the opposition has always held strong political support.
Rigging alert in Chitungwiza!
ZANU-PF is mass-moving voters from rural constituencies to urban constituencies to gain an illegal and unfair advantage over the opposition.
This is why ZEC is refusing to release the voters roll for auditing.
We demand an explanation!@ZECzim pic.twitter.com/w0EWvDbUAX
— Team Pachedu (@PacheduZW) May 12, 2023
These data breaches are not new on Zimbabwe’s electoral stage. In the run-up to the country’s 2018 elections, the then main opposition party, the Movement for Democratic Change Alliance, raised concern over significant data security breaches in relation to the election. These ranged from selective access to voters’ personal data, voters receiving bulk campaign SMS texts from the ruling party, the integrity of voters’ biometric data, and the failure of ZEC to fully divulge the ballot paper’s hidden technological capabilities and security features.
In a research paper titled “Dynamic data obfuscation ahead of Zimbabwe’s elections” technology and law expert Arthur Gwagwa posits that, in the case of Zimbabwe, a pattern is emerging where the country is gradually acquiring outsourced biometric based technologies, often from China, sometimes to control when such information can be accessed and under which conditions. He notes that the government may encrypt or use similar technologies to hide information that gives it an advantage, while it uses information security doctrine and rule by law to cement its position.