EC website down: Incompetence, or more than meets the eye?
By Edwin Yapp April 5, 2013
- EC website down sporadically for more than 36 hours; overseas voters can't download forms for postal voting
- No excuses for this to happen, expert says; democratic process possibly undermined by unpreparedness, ineptitude
Periscope by Edwin Yapp
NETIZENS have been up in arms over the fact that they can’t access Malaysia’s Election Commission website since the the country’s Parliament was dissolved at about noon on April 3.
According to news portal Malaysiakini, many overseas postal voters were upset with the fact that they couldn’t access the EC’s website, and that it was still not accessible since 4.30pm on April 4.
The EC website contains a critical document, the Overseas Voter Application Form, otherwise known as “Borang B1,” which overseas voters are required to fill if they want to vote by post.
Quoting Natalie Chia, who resides in Taiwan, Malaysiakini said that a Taipei-based group of Bersih 2.0 supporters had come to the rescue by distributing “Borang B1” to Malaysians in Taiwan and China.
A check at midnight on April 4 by Digital News Asia (DNA) confirmed that the website was still not accessible. However, the EC’s website was reported to have been accessible earlier the same morning, according to a DNA reader who checked at that time.
It would thus seem that the EC website availability seems sporadic at best.
An IT expert DNA spoke to remarked that the situation seems a little strange and he wondered if it was high traffic that brought down the website. Upon further investigation, Colin Charles, an open source and database expert, noted that the machines of “spr.gov.my,” “web.spr.gov.my,” and "www.spr.gov.my" were not dead.
“You can ping them, but their HTTP server suggests that you're getting a ‘connection refused’ message,” he told DNA via email. “The machines are alive [but] the web service itself [seems] dead.”
Concurring with this view is Dhillon Andrew Kannabhiran, CEO of security organization Hack In The Box, who told DNA in an email that since the pages aren’t loading completely, the problem has likely to do with resource exhaustion, likely because of the lack of memory or high CPU loading, which would have led to the slow response times.
Asked why this would happen, Charles said that there is a possibility that the EC's IT team did not know how to “scale out” its infrastructure requirement.
“Scaling-out [the database and web server] is what needs to happen, assuming the EC is just snowed under with traffic,” he explained. “Having more capacity is what is important.
"Being the EC, they might not be allowed to use cloud-like services, so to burst [increase capacity], they do need [extra] hardware in the rack and load balance their systems properly.”
While the jury is still out as to why this has happened, and although the EC has not made any public statement explaining its position as of press time, I still find this whole debacle incredulous, as this issue should have never arisen in the first place.
Granted, a surge in web traffic can hit any web server and incapacitate it, even if it has sufficient bandwidth and capacity.
After all, this is the basis of what is commonly known as a Distributed Denial of Service Attack (DDoS) attack, in which hundreds of thousands of requests swamp a server in a bid to take it down.
Asked if this was a DDoS attack on the EC’s website, Dhillon confirmed that it wasn’t.
Without speculating on or entertaining any conspiracy theories that some may like to espouse as to why the EC website is down at this very crucial time in Malaysia’s electoral history, I think a fair question to ask is why this surge in traffic was not anticipated in the first place by the EC.
Surely the EC and its IT personnel could have, and should have, been more prepared for such a scenario, given that the announcement of the dissolution of Parliament was imminent.
After all, speculation had been rife in the past two weeks that Prime Minister Najib Razak was going to dissolve Parliament at any time.
So is this an oversight on the EC’s part or is there something more nefarious going on?
And even if I were to concede that the EC did not anticipate such a high loading on its web servers so soon after Parliament was dissolved, and the services are not blocked in any way, the other issue that must trouble all of us is why hasn't the EC addressed and solved the problem by now, more than 36 hours after its website went down?
Why is it still down most of the time? Is this a case of incompetence or just a case of “tiada apa” (nonchalant) attitude? Or both?
Personally, as a tech journalist, a citizen and a voter, I find the EC’s ill preparedness not only an embarrassment to the country but also plain unacceptable.
That the agency which is in charge of running all Malaysia’s elections was caught off guard with such a fundamental issue and was not able to stabilize the situation after 36 hours is just unthinkable. It is inexcusable.
The EC should have been much more prepared and should have planned for such a scenario where traffic is expected to surge after Parliament was dissolved. It should have put in place various contingencies, increased the bandwidth and capacity of its servers to cope with the higher traffic, or scaled out its infrastructure, as mentioned by Charles.
And when its website went down, it should have mobilized its technical people to solve this issue immediately.
It should have had put its support teams on standby and alerted vendors and service providers to come to the rescue, and attend to the problems as soon as they happened, ensuring that the downtime merely four to six hours at most.
“The stripped-down page could point surfers to mirrors of the key content everyone is after – the “Borang B1” PDF form," he said.
For now, it’s anybody’s guess as to what will happen to all those overseas postal voters who would have liked to download form “Borang B1,” but couldn’t get to it in time by the deadline. Malaysiakini reports some overseas voters are pleading with the EC to extend the deadline, but nothing has been decided.
Meanwhile, the forms can be downloaded here.
Malaysia’s aspiration of being a developed nation cannot just be about boasting how well it has done on reports such as the one announced by the Economic Transformation Program some two weeks ago.
It should be about getting the basics right, and ensuring that its citizens get a fair shot at the ballot via postal voting, through the use of technology, when it matters most, and not merely when it’s convenient.
At a time when the nation needs its technology service from a government website to be up and running 24/7, the EC's web services should be considered essential services.
As such, the Commission needs to adhere to the same standards upheld by commercial companies such as airlines and banks, touting a 99.99999% uptime for its services.
After all, what’s the point of being called a developed nation by 2020 when the fundamental right to vote in a democratic system is undermined by alleged sheer incompetence or lackadaisical attitudes of the very agency that can make or break an election?