How UNN adopted a secure, scalable e-voting platform

Prior to the implementation of UNN Votes, the university's electoral process was fraught with logistical inefficiencies and security vulnerabilities that undermined the integrity of the results.

• Outdated and Cumbersome System: The previous e-voting system, built in 2020, required a laborious pre-registration process. Students had to appear in person over a one-week period with a printed school fees receipt. An electoral official would then manually verify the receipt and input the student's details into the system. This process was slow, prone to data entry errors, and created significant administrative overhead.
• Pervasive Electoral Malpractice: The old system was ineffective at preventing electoral misconduct. The manual verification process was susceptible to bribery and double registration. The atmosphere on election days was often tense, with issues of voter intimidation and violence so severe that the presence of the Department of State Services (DSS) was required to maintain order.
• Critical Security Flaws: The underlying PHP-based system was vulnerable to common web exploits. During one election, the system was actively hacked, and votes were manipulated, further eroding student trust. There was a clear and urgent need for a platform built on modern security principles to protect the sanctity of the ballot.

To address these challenges, we developed the UNN Voting App (UNN Votes), a secure, scalable, and user-friendly web application designed to compliment the university's existing infrastructure while radically improving the electoral process.

Technical Architecture

The platform was built from the ground up using a modern, serverless technology stack chosen for security, performance, and rapid iteration.

• Frontend: Next.js (React) was selected for its server-rendered architecture, which allows for robust authentication on every request before rendering content. This choice also facilitated exceptional speed of development and ease of long-term maintenance.
• Backend: The application utilizes Next.js Server Actions for backend logic, creating a tightly integrated and efficient full-stack experience. All code was written in TypeScript for enhanced type safety and code quality.
• Database: PostgreSQL was used as the primary data store for its reliability and robust feature set.
• Cloud Infrastructure: The entire application is hosted on Vercel, leveraging its serverless platform for automatic scaling to handle peak election-day traffic without manual intervention. The architecture was supported by:
• Upstash Redis: For high-performance rate-limiting and managing background jobs via queues.
• Cloudflare R2: For scalable and cost-effective object storage for biometric data.
• Inngest: For managing complex, event-driven workflows.

Key Technical Features

• Dual Biometric Authentication: To ensure one student, one vote, a two-part biometric system was implemented. During a streamlined three-day registration period, students provided their registration number to verify their eligibility. The system then captured both facial and fingerprint data.
• Facial Recognition: Implemented using OpenCV with a finely-tuned confidence threshold for accurate matching.
• Web-Based Fingerprint Verification: The university utilized a specific model of DigitalPersona fingerprint readers whose proprietary SDK was not designed for web-based verification. To overcome this, we engineered a custom JavaScript implementation based on advanced fingerprint recognition algorithms to match the captured fingerprint template against the stored data directly in the browser, a significant technical achievement.
• Adaptive Student Data Integration: Due to the university's strict data privacy policies, direct API access to the Student Information System (SIS) was not available. We devised a resilient workaround:
• Administrators upload an Excel file containing the list of eligible students.
• The system parses the sheet into JSON, batches the data, and uses a queue (Upstash Queues) to process each entry.
• A sophisticated algorithm checks if a student record exists, updates it if the new data is for the current academic session, or creates a new entry. This ensured the voter database was always up-to-date while handling potential duplicates and incomplete data from the source files.
• Role-Based Access Control (RBAC) & Security: Every request is authenticated using JWTs and secure session cookies. A strict RBAC system was implemented to ensure separation of duties: field officials could only register students, while high-level administrators could manage user roles, upload eligibility lists, and control the election's start/stop times.
• Real-time Results Dashboard: A live dashboard provided transparent, real-time monitoring of election results. The system was configured to poll the PostgreSQL database at frequent intervals, delivering instantaneous updates to all stakeholders. The university's generous allocation of database resources ensured this feature operated at breakneck speed without performance degradation.

Implementation

The project was executed in a rapid, agile manner over a three-month period from discovery to launch.

• Integration: The primary challenge was integrating with university data without direct API access. The Excel-based import system proved to be a robust and successful solution.
• User Training & Onboarding: A WhatsApp group was created for the electoral committee, who acted as beta testers. This direct line of communication enabled rapid feedback loops and iterative improvements. The use of Next.js was instrumental in allowing for quick prototyping and deployment of fixes based on their feedback.
• Launch and Trial-by-Fire: The application had no pilot program; its first major test was the full-scale SUG election on the Nsukka campus. On election day, the platform successfully mitigated multiple real-world attack vectors, including SQL injection attempts, brute-force password attacks, and a DDoS attack. During the DDoS attack, we dynamically adjusted the rate-limiting window and implemented a CAPTCHA. While the homepage and login endpoints experienced a brief 10-minute disruption, the critical vote-casting and results-monitoring endpoints remained fully operational with impeccable uptime.

The deployment of UNN Votes was an unqualified success, transforming the university's electoral landscape and delivering measurable improvements.

• Drastic Reduction in Election Time: The entire election process, from the casting of the first vote to the final count, was completed in less than 10 hours—a 160% improvement over the multi-day affair of the previous system.
• Elimination of Electoral Disputes: The combination of biometric verification and a transparent, real-time dashboard led to the results being declared "free and fair" by all parties. The number of official post-election complaints and petitions dropped to near-zero.
• Proven Security and Reliability: The application maintained exceptional uptime and successfully defended against multiple cyberattacks on election day, proving the resilience and security of its modern architecture.
• Enhanced University Reputation: The project's success has positioned UNN as a leader in leveraging technology for transparent governance. As a direct result, another Nigerian university has entered discussions to integrate a similar solution for its own campus elections.
• Restored Student Trust: The app provided an accessible, fair, and transparent voting experience, restoring the student body's faith in the democratic process and ensuring that the legitimate winners were elected without controversy.