Obi asks INEC to publish certificates of candidates ‘to boost public trust’ - TheCable

When Peter Obi, Nigeria's leading opposition figure, publicly demanded that INEC publish the educational certificates of all presidential Candidates, he wasn't just making a political play - he was inadvertently pointing to a fundamental engineering problem: how do we build a system that citizens can trust to verify credentials without relying on opaque, bureaucracy-heavy processes?

The call, widely reported as "Obi asks INEC to publish certificates of candidates 'to boost public trust' - TheCable", has triggered a necessary conversation about transparency in Nigeria's electoral system. But from a technologist's perspective, this is also a conversation about API design - cryptographic verification, and the difference between a scanned PDF and a machine-verifiable credential. In this article, we'll explore not only the political implications but also the concrete engineering choices that could make such a system trustworthy, scalable, and resistant to tampering.

Let's step inside the engineering challenges - because getting this right could set a precedent for how public data is handled across the continent.

The Core of the Trust Deficit: Why Published Candidate Certificates Matter

Nigeria's Independent National Electoral Commission (INEC) is responsible for vetting candidates who run for public office. The law requires candidates to present evidence of educational qualifications. Yet, for years, the actual certificates submitted to INEC have remained hidden from public scrutiny - accessible only through expensive litigation or informal leaks. This opacity creates a fertile ground for rumours, disinformation, and legitimate doubts about leaders' credentials.

Peter Obi's demand is simple: make those certificates publicly available in an accessible format. But "accessible" is where the engineering nuance begins. Publishing blurry scans on a government portal would be a token gesture. A truly trust-boosting system must enable independent verification by journalists, civil society. And rival parties - ideally without requiring human intervention from INEC staff. That means digital infrastructure, not just a PDF dump.

Think of it like SSL/TLS certificate transparency logs. Browsers don't just show you a website's certificate - they expose a public, append-only log that anyone can audit. The same principle applies here: candidate qualification documents should be published in a cryptographically verifiable way that prevents retroactive tampering and allows automated checking.

From Paper to Digital: The Technological Foundations of Verifiable Credentials

At the heart of any such system lies the concept of Verifiable Credentials (VCs) as defined by the W3C. A VC is a tamper-evident, cryptographically signed set of claims - in this case, the claim that "Candidate X holds a BSc in Political Science from University Y. " The issuer (e, and g, the university or INEC as a notarising authority) signs the data with their private key. Anyone can verify the signature using a public key, without needing to phone the university.

The difference between a scanned certificate and a VC is analogous to the difference between a photocopy of a birth certificate and a digitally signed document with an embedded QR code that links to a verification endpoint. One is trivial to forge; the other is computationally infeasible to modify. According to the W3C Verifiable Credentials Data Model 1. 1, a VC includes metadata, claims, and proofs. For INEC, the proof could be a simple JSON Web Signature (JWS) as per RFC 7515. Or a more advanced zero-knowledge proof if privacy is a concern.

This isn't theoretical. Estonia's e-Residency programme issues digitally signed business credentials. The Sovrin Network uses Hyperledger Indy to issue academic VCs. Nigeria could adopt a similar stack - preferably a permissioned ledger to avoid blockchain hype - and make certificate holders the custodians of their own verifiable data.

What a Public API for Candidate Certificate Verification Could Look Like

If INEC were to build a minimal but effective API, it would need three core endpoints: /candidates, /candidates/{id}/certificates, /verify. The first two should be public and read-only, returning structured data in JSON format (preferably using JSON-LD for linked data). The verify endpoint would accept a hash or a credential ID and return the current verification status: valid, revoked, or expired.

A well-designed API would follow RESTful conventions, use API keys only for rate-limiting (not for controlling access to public data). And include ETags for caching. INEC could deploy it on a platform like AWS API Gateway or Cloudflare Workers with a regional edge cache to handle spikes during election cycles. The real trick is to make the data both machine-readable and human-friendly: return a JSON response but also include a link to an optimised PDF with an embedded digital signature for lay users.

To prevent man-in-the-middle attacks, every response should include the server's TLS certificate fingerprint. And because Nigeria's internet connectivity is variable, the system should support offline verification via QR codes printed on physical forms. A mobile app could scan the QR, download the VC, and verify it against the issuer's public key stored locally or fetched from a trusted directory.

Cryptographic Proofs vs. Simple PDFs: A Technical Comparison

Many commentators have suggested that INEC "just upload the certificates as PDFs. " That sounds simple, but it introduces several failure modes. A PDF can be altered using any PDF editor; the alterations may be invisible to the human eye. Even if the PDF is watermarked or encrypted, the receiver must trust the platform that displays it there's no built-in way for a third party to verify that the PDF today is identical to what INEC published yesterday.

Cryptographic proofs solve this. Using a hash pointer (e - and g, SHA-256 or SHA-3) to link each certificate to a publicly anchored timestamp - for example, in a blockchain or Merkle tree - makes tampering evident. Suppose INEC publishes a daily Merkle root of all candidate certificates on a public channel (Twitter, DNS TXT records. Or a journal). Any third party can take a candidate's certificate, compute its hash. And check if it's part of the Merkle tree. This is the technique used by Certificate Transparency (RFC 6962).

In contrast, a plain PDF has no such property. If INEC only offers PDFs, the system would rely on the trustworthiness of INEC's web server. If that server is compromised (insider attack, breach), the PDFs could be replaced silently. With cryptographic receipts, the break becomes noticeable even years later - because the original hash commitment exists that's a fundamental architectural advantage.

Real-World Implementations: Examples from Other Democracies

Several countries already use technology to provide public verification of candidate or official credentials. In Brazil, the Superior Electoral Court maintains a public portal where all candidate declarations (including education and assets) are available in open data format (JSON/CSV) with digital signatures. During the 2022 elections, 28,000 candidates' data were published - and journalists routinely cross-check them using automated scripts.

In India, the Election Commission publishes affidavits of candidates as scanned documents. But also provides a structured PDF with a digital signature (visible as a blue ribbon in Adobe Reader). This is a half-step: the signature proves the PDF hasn't been altered after creation. But it doesn't prove that the content matches what was physically submitted. Still, it's an improvement over undigitalised processes.

For a deeper engineering lens, look at the Trust over IP Foundation's governance frameworks. They define how verifiable credentials can be issued, held,, and and verified in a decentralised webNigeria could adopt a streamlined version - not necessarily full decentralisation. But enough cryptographic binding to satisfy the "boost public trust" objective that Peter Obi and TheCable have highlighted.

Challenges in Building an INEC Certificate Publication System

Let's be honest about the difficulties. First, the data itself is heterogeneous. Nigerian universities issue certificates in varying formats, with some being handwritten. INEC would need to digitise, normalise, and then sign each one. And that's a massive data cleaning operationSecond, there's the political economy: incumbents may resist transparency that could hurt their chances. Third, technical challenges include ensuring the system is usable offline (because rural polling stations lack internet) and resistant to DDoS attacks during peak media interest.

Another subtle engineering issue is data privacy. A candidate's certificate may contain their photograph, date of birth. And other personal information. Publishing it broadly could violate Nigeria's Data Protection Regulation (NDPR). A compromise is to publish only a summary - e g., degree, institution, year - and store the full certificate behind a secure verification endpoint where only authorised parties (like election petitioners) can view it after authentication. This hybrid model balances transparency with privacy.

Finally, key management is non-trivial. INEC would need to generate, store, and rotate signing keys securely. Using a Hardware Security Module (HSM) or a cloud key management service like AWS KMS would be advisable. If private keys leak, all certificates become suspect. INEC's IT team would need to add a robust certificate lifecycle management protocol.

How Software Engineers Can Contribute to Electoral Transparency

This isn't just a task for INEC. Open-source communities can and should build prototype verification tools. For instance, a developer could write a small Rust or Go service that fetches candidate data from INEC's (hypothetical) API and verifies the signatures. The code could be forked and audited by civil society groups. Python libraries like `vc-py` or `didcomm` exist for handling VCs - they could be adapted for Nigerian use cases.

What would a minimum viable product (MVP) look like? A static site hosted on GitHub Pages that takes a certificate hash as input, queries a public Merkle root (pushed to GitHub as a plaintext file every day). And returns "Verified" or "Suspicious". No database, no backend - just client-side cryptography in the browser that's something a single engineer could prototype in two weekends using the Web Cryptography API (SubtleCrypto). Then the onus shifts to INEC to implement the backend.

If you're a developer reading this, consider building such a tool and sharing it publicly. The technical community's role in democracy is larger than we often acknowledge.

The Bigger Picture: Open Data and Public Trust in Institutions

The demand summarised as "Obi asks INEC to publish certificates of candidates 'to boost public trust' - TheCable" fits into a global movement for open data in governance. When institutions publish machine-readable data with cryptographic guarantees, they reduce the information asymmetry between the government and the governed. This isn't a panacea - disinformation can still flourish - but it narrows the attack surface for "fake certificate" claims.

Trust isn't built by statements; it's built by verifiable infrastructure, and a public, signed,And timestamped repository of candidate certificates would be a concrete, auditable proof that INEC is acting in good faith. And if implemented correctly, it could become a template for other public data - from asset declarations to court judgments.

The political class may resist, but the technology is ready. The question is whether Nigeria's electoral commission will choose the path of transparency or the path of opacity. The engineering community stands ready to help either way,

In conclusion, the request by Peter Obi and TheCable for INEC to publish candidate certificates is more than a political talking point - it's a call for engineering-led transparency. The tools already exist: W3C Verifiable Credentials, public key infrastructure, Merkle trees. And open APIs. What is missing is political will and investment in secure digital systems. As software engineers, we have a duty to push for these standards, to prototype them. And to demonstrate that transparency isn't just a ideal but a technically feasible reality.

Call to action: If you're a developer in Nigeria or elsewhere, start a side project this week that verifies a public dataset using cryptographic signatures. Share it on GitHub and tag it #OpenGovTech. Let's show what's possible,

What do you think

Should INEC be required to publish candidate certificates in a machine-readable, cryptographically signed format,? Or would a simple PDF scan with a manual verification hotline suffice?

Is the risk of privacy infringement (exposing sensitive personal data) greater than the benefit of public trust when certificates are fully open?