Technical Assessment Rejects NIN for NBA Elections, Says Existing Authentication Is More Secure

LegalLinkz


A comprehensive technical risk assessment has advised against the proposed introduction of the National Identification Number (NIN) as an additional voter authentication requirement for the forthcoming 2026 Nigerian Bar Association (NBA) National Elections, concluding that the current authentication framework is more secure, reliable, and better suited for the election.

The report, titled “Technical Risk Assessment: NIN as a Voter Authentication Factor for NBA 2026 National Elections,” examined the proposal to require lawyers to authenticate their identities using their NIN before being allowed to vote.

It concluded that the proposal introduces significant technical and operational risks without providing any meaningful improvement over the existing authentication system.

According to the assessment, the current voting framework already employs a robust Two-Factor Authentication (2FA) model, requiring voters to use their Supreme Court Number (SCN) alongside a One-Time Password (OTP) sent in real time to their registered phone number or email address.

- Advertisement -
Ad image

The report notes that this security architecture is comparable to the systems deployed by Nigerian banks and financial institutions to authorize high-value transactions.

The assessment identified six major risks associated with integrating NIN into the electoral process.

First, it observed that whether the ECNBA connects directly to the National Identity Management Commission (NIMC) database or uses a licensed third-party provider, the system would still face significant challenges in matching NIN records with the NBA Voters Register, as both databases are maintained independently and contain different identity records.

Secondly, the report warned that introducing an external NIMC verification API into the voting process would create a critical dependency capable of disrupting the entire election.

It noted that any outage affecting the NIMC platform or a third-party verification service during the voting period could prevent eligible voters from accessing the platform and casting their ballots.

- Advertisement -
Ad image

The assessment also highlighted the likelihood of legitimate voters being denied access due to discrepancies between names contained in the NIMC database and those appearing on the Supreme Court Roll.

Such differences, it noted, frequently arise from marriage, corrections of names, use of initials, hyphenation, or variations in administrative records maintained by different institutions.

In addition, the report expressed concern about the disproportionate impact the proposal could have on lawyers residing outside Nigeria.

It explained that many diaspora lawyers either do not possess a NIN or may experience difficulties updating their records from abroad, thereby exposing them to a higher risk of authentication failure despite being constitutionally eligible to vote.

From a cybersecurity standpoint, the assessment warned that integrating the voting platform with an external NIN verification system would introduce a new attack surface into an otherwise certified and independently tested electoral platform.

According to the report, such integration could expose the system to vulnerabilities beyond the control of the ECNBA and its service providers.

The report further observed that there is no technically safe way to manage failures of an external NIN verification service during a live election. It explained that if the system rejects all voters whenever the external service fails, eligible lawyers would be disenfranchised.

Conversely, if the platform allows voting without NIN verification during service outages, the proposed security measure becomes ineffective.

Summarising its findings, the assessment concluded that the proposed NIN integration offers no additional security benefit beyond what the existing SCN and OTP authentication framework already provides. Instead, it identified three critical risks and three high-severity risks, all of which, according to the report, cannot be adequately resolved before the scheduled July 18, 2026 NBA elections.

The report therefore concluded that the existing Two-Factor Authentication system remains the more secure and reliable mechanism for protecting the integrity of the NBA’s electronic voting process and advised against introducing NIN authentication at this stage.

Kindly find attached:

Technical Risk Assessment- NIN_260708_093228

author avatar
LegalLinkz
Share This Article
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *