By Nnaoke Ufere, PhD*
Dr. Ufere collaborated with election technology experts, electronic transmission system analysts, former INEC officials, former party election agents, and ethical hackers to examine Nigeria’s electronic transmission system.
Electronic transmission is all the rage in Nigeria today, often presented as a cure for a long history of electoral malpractices. The expectation is that technology will remove human interference and deliver instant transparency. This view is both misleading and dangerously naive. Election technology does not prevent bribery, inducements, coercion or rigging.
In the current environment, poorly implemented electronic transmission creates new vulnerabilities and, as discussed later in this article, is likely to enable election manipulation, hacking, and rigging that is faster, more scalable, and harder to detect in real time. This should concern every Nigerian who expects credible results and a change in leadership in 2027.
Against this backdrop, a closer examination of the current state of electronic transmission infrastructure, threat vectors, and sources of vulnerabilities becomes necessary.
To do this, I assembled a group of experts in election technology, electronic transmission systems, threat and vulnerability analysis, former INEC electoral officials, former party agents, and ethical hackers.
The goal was not to undermine electronic transmission system and reform, but to analyze and stress test the whole electronic pipeline: device capture → packaging/encryption → network transport → server ingestion → storage and processing → portal publication and display.
From there, we narrowed the discussion to a central issue. We asked a simple question: if a determined bad actor wanted to interfere with the transmission of results on election day on February 20, 2027, where would they focus, and what conditions would make success more likely?
While familiar electoral manipulations such as vote buying, voter intimidation, ballot box stuffing, artificial ballot scarcity, inaccessible polling stations, and voter suppression remain relevant, our focus was deliberately limited to technology threat vectors and system vulnerabilities. The emphasis was on the technology and the transmission of election results.
In approaching this, the group began with constraints that are already visible in Nigeria. Many polling units operate with weak or inconsistent network coverage. Power supply remains unstable in large parts of the country. Technical support teams are often stretched thin during elections. Collation centers operate under pressure late into the night, when fatigue and urgency affect judgment.
In addition, there is the ongoing learning curve within INEC in deploying and managing electronic transmission at scale, where deficits and deficiencies in training, coordination, and system familiarity can affect performance under real election conditions. At the same time, cyber security threats in Nigeria continue to evolve, with tactics becoming more adaptive and harder to anticipate.
These structural and operational gaps create not just vulnerabilities, but also opportunities for exploitation. The risk is amplified by the political context surrounding the 2027 elections. Unlike any other election in recent memory, the contest is expected to be highly consequential and intensely competitive.
The incumbent, President Tinubu, faces significant weaknesses as public confidence has declined due to policy failures, increasing the motive and incentive to retain power by any available means. At the same time, emerging presidential candidates present a level of competition the ruling party has not previously encountered, posing a credible threat to its hold on power.
This context is further reinforced by the question of means. The incumbents and ruling party possess structural advantages that other candidates and opposition parties do not. Control over key institutions, including INEC and the National Assembly, creates the capacity to shape or delay reforms that would otherwise address identified vulnerabilities.
This institutional leverage, combined with the existing system gaps, increases the risk that weaknesses in the electoral process could be exploited rather than resolved before the general elections.
Taken together, opportunity, motive, and means form a reinforcing triangle that makes it easier to exploit weaknesses in Nigeria’s election technology. System vulnerabilities create openings, political incentives drive the intent, and institutional control provides the capacity to act. Unless these factors are addressed together through timely and credible reforms, the integrity of the electoral process will remain at risk.
Building on these realities, the discussion then turned to how hacking would most likely occur. The consensus was clear. A bad actor would not attempt to shut down the entire transmission system. That would trigger immediate intervention and scrutiny.
The focus would shift to targeted, low-visibility interference within the transmission process itself. This could include deploying malicious code that slows the upload of results in selected areas, causing repeated failures in the transmission layer that require manual retries, or exploiting network and system weaknesses to introduce delays during key processing at the central server and reporting on the public portal. The aim would be to create selective disruption that blends into routine operational challenges rather than draw immediate attention.
I will not discuss how these threat vectors and system vulnerabilities could be exploited, as doing so would undermine national election security. Instead, I will identify where these vulnerabilities exist in the system to draw the attention of INEC and the public. The objective is to prompt rigorous stress testing and ensure that these weaknesses, where they exist, are addressed before the February 20, 2027 elections.
Findings and Technology Risks Across the INEC Electronic Transmission Pipeline
This analysis identifies critical technology risks across the full electronic transmission pipeline, from device capture to public result publication. These risks are not isolated. They are interconnected weaknesses that, if left unaddressed, can compromise data integrity, system reliability, and public trust.
1. Weak Device Trust and Data Integrity at Source
At the point of capture, the system lacks strong guarantees that data originates from a trusted device and remains unchanged from the moment of capture.
Devices are not sufficiently bound to polling units through verifiable cryptographic identity. There is limited assurance that captured EC8A images and associated metadata have not been altered before packaging and transmission. The absence of hardware-backed security controls, such as secure boot and device attestation, increases the risk of undetected device-level compromise.
This creates a foundational weakness. If data integrity is not assured at the source, every downstream process inherits that uncertainty.
2. Inadequate Cryptographic Protection and Key Management
The packaging and encryption layer does not demonstrate a fully verifiable chain of custody for transmitted data.
While encryption may be applied, there is insufficient evidence of strong payload signing tied to device identity, robust key lifecycle management, and enforced integrity validation at every stage. Without these controls, data can be altered prior to encryption or fail to be properly validated upon receipt.
The lack of non-repudiation mechanisms means that the system cannot conclusively prove the origin and integrity of submitted results.
3. Exposure to Network-Level Disruption and Interference
The transmission layer depends heavily on public telecommunications infrastructure, which introduces availability and reliability risks beyond INEC’s direct control.
Connectivity gaps, especially in rural areas, create delays and inconsistent upload patterns. These delays are not merely operational issues. They create windows of uncertainty where data remains outside the central system.
In addition, without strong endpoint authentication and protections such as certificate pinning, the system may be exposed to interception attempts or redirection risks, even if such attempts are difficult to execute at scale.
4. Weak Controls at Server Ingestion Points
The ingestion layer represents a critical control point, yet current protections appear insufficiently strict.
There is limited assurance that only authorized devices can submit data, that duplicate or replayed submissions are reliably detected and rejected, and that malformed or manipulated payloads are blocked.
Without strict input validation, replay protection, and strong authentication, the ingestion layer becomes a potential entry point for unauthorized or inconsistent data.
5. Lack of Immutable and Verifiable Storage
Once data reaches central systems, there is no clear guarantee that records are stored in an immutable, append-only structure.
This creates exposure to both insider and external risks. Privileged access, if not tightly controlled and independently audited, can enable modification, deletion, or substitution of records.
In addition, incomplete or non-verifiable audit logs limit the ability to reconstruct events and verify the integrity of stored data after the fact.
6. Limited Transparency in Processing and Aggregation
The processing layer lacks full traceability between aggregated results and their originating polling unit records.
Without a transparent and auditable linkage between source data and computed totals, discrepancies can arise without clear mechanisms for verification.
If multiple submissions exist for a polling unit, the rules governing which version is accepted are not always visible or consistently enforced. This creates ambiguity and potential for silent overrides.
7. Inconsistencies and Gaps in Portal Publication
The public portal serves as the transparency interface, yet it is dependent on upstream processes that may already be compromised.
Delays in publication, incomplete datasets, and lack of version history reduce public confidence. If the portal displays only the latest record without showing prior submissions, it becomes difficult to independently verify whether changes have occurred.
In addition, system performance under peak demand remains a concern, as outages or slow access can further erode trust during critical periods.
8. Absence of End-to-End Verifiability
Across the entire pipeline, there is no fully implemented mechanism that allows independent verification of data integrity from capture to publication.
A secure system should provide a continuous, cryptographically verifiable chain linking:
- the device that captured the data
- the payload transmitted
- the record stored on central servers
- and the result displayed to the public
The absence of this chain is a central weakness. It allows discrepancies to emerge without a definitive method to resolve them.
9. Systemic Dependence on Human and Infrastructure Reliability
Even within a technology-enabled system, outcomes remain highly dependent on human behavior and uneven infrastructure.
Device handling, upload timing, and operational decisions under pressure introduce variability that technology alone does not eliminate. When combined with inconsistent network coverage and power supply challenges, these factors amplify existing system vulnerabilities.
Overall Risk Assessment
The primary risk is not a single point of failure but the interaction of multiple weaknesses across the pipeline.
Where device trust is uncertain, transmission is inconsistent, ingestion controls are weak, and auditability is incomplete, the system becomes vulnerable to undetected data inconsistencies, delayed reporting, and disputes over result integrity.
These risks are compounded by the absence of end-to-end verifiability. Without it, confidence in the system depends largely on institutional trust rather than technical assurance.
What INEC Must Do Now Before Elections To Avoid System Failure, Disputed Results, and Loss of Public Trust
Every stage of the system must be strengthened before the next election.
Polling unit and device capture stage
1. Results must be tightly bound to their source documents.
2. The system must reject any submission where recorded figures and EC8A images do not match.
3. Duplicate submissions must be clearly flagged and never silently accepted.
4. A one-time upload policy with append-only version control must prevent overwriting of records.
5. Each capture must require on-device confirmation with visible timestamps.
6. Operator acknowledgment must be required before submission.
7. Devices must be cryptographically bound to specific polling units.
8. Devices must be restricted from uploading outside assigned locations.
9. No override authority should exist at the polling unit level.
Transmission layer
1. Transmission must include built-in redundancy mechanisms.
2. Alternative transmission methods must be tested for weak network areas.
3. Expected delays must be mapped in advance.
4. Delay expectations must be communicated publicly before election day.
5. End-to-end encryption must be enforced.
6. Integrity validation must ensure altered payloads are rejected.
7. Strong server authentication must be implemented.
8. Systems must resist redirection to unauthorized endpoints.
9. Replay protection must prevent resubmission of captured data as new records.
Ingestion layer
1. Validation rules must be strict and consistently applied.
2. No submission should overwrite another without a visible record.
3. Every upload must carry a timestamp that cannot be altered.
4. All submissions must be logged permanently.
5. The full history of submissions must be preserved and accessible.
Processing and aggregation layer
1. Aggregation must be transparent at every stage.
2. Every figure must link directly to a polling unit record.
3. Each figure must be traceable to its EC8A image.
4. No aggregation step should occur without an auditable trail.
5. All transformations must be traceable back to original source data.
Server layer
1. Immutable audit logs must record all uploads and system actions.
2. Audit logs must be tamper-resistant.
3. Systems must enforce strict role separation for administrators.
4. No single administrator should be able to alter records independently.
5. Cryptographic hashes of uploaded images must be generated and stored.
6. Hash records must support independent verification of data integrity.
Portal layer
1. A public version history must display all submitted records.
2. Version history must include timestamps.
3. Version history must include device identifiers.
4. The portal must be engineered to handle peak demand.
5. The portal must display complete and consistent data.
6. Each published result must be verifiable against its source document.
Real-time monitoring and oversight
1. Real-time monitoring systems must detect delays as they occur.
2. Systems must detect gaps in uploads.
3. Systems must detect inconsistencies across records.
4. Detected patterns must be visible to election officials.
5. Detected patterns must also be visible to the public.
6. Independent monitoring of upload timelines must be established.
7. Monitoring must verify completeness of polling unit submissions.
Operational controls
1. Every upload must be logged.
2. Every retry must be logged.
3. Every correction must be logged.
4. There must be no ambiguity about which record is final.
5. Party agents must obtain copies or images of EC8A forms at polling units.
6. Party agents must compare polling unit copies with portal records.
7. A strict chain of custody must be maintained for all result sheets.
8. Chain-of-custody procedures must apply prior to scanning and upload.
Communication and public trust
1. Communication must be timely.
2. Communication must be clear and direct.
3. Communication must be supported with verifiable data.
4. Issues must be explained immediately when they arise.
5. Public expectations around delays must be managed in advance.
6. Communication must account for low-connectivity environments.
In sum, electronic transmission can strengthen electoral credibility, but only if these controls are implemented with discipline and urgency. Without them, the system will remain vulnerable to delays, inconsistencies, loss of trust, and the risk of a compromised election. The 2027 presidential election is too important to be undermined by weaknesses that can still be corrected before voting begins.
The responsibility now rests with the Tinubu administration, INEC, and the National Assembly to act in the national interest and implement these safeguards without delay. It also rests with citizens to demand accountability and insist on reforms that protect the integrity of their vote. The stakes are clear. What remains uncertain is whether the will to act will match the urgency of the moment.
*About the Author
Nnaoke Ufere is a leading voice in African public thought and policy. He writes a weekly opinion column for the African Mind Journal, where his work shapes national conversations on leadership, governance, and reform. He is the author of Covenant With Nigerians: Reversing Our Country’s Decline. Nnaoke graduated from the University of Nigeria, Nsukka with a first class honors degree in Electrical/Electronic Engineering in 1981. A Harvard MBA alumnus and PhD holder in Strategic Management from Case Western Reserve University, Ufere is an influential author, public intellectual, and global development analyst whose insights on U.S.-Africa relations and institutional accountability continue to challenge the status quo and inspire change.
