Should electronic auctioning system be secured?

The platform is an ideal opportunity for Rwandans to freely bid for any auctioned property wherever they may reside.

Sunday, August 16, 2020

Finally, on 5 August 2020, the long-awaited electronic auctioning system [https://cyamunara.gov.rw/auction/] was launched by the Ministry of Justice.  

As noted by the Ministry, the digital bidding platform aims at making the enforcement of orders more efficient and transparent.

On the face of it, the system will reduce the processes involved in the enforcement of orders and curtail malpractices occasioned by human interaction. Additionally, the platform will make it possible for even potential bidders outside the country to participate in the auction exercise.

In particular, the online auction system will significantly address a glaring loophole of corruption prevalent in auction process. Aside from being a solution to corruption, online auction is among the most significant e-business applications.

In fact, day-to-day use of online auction reflects an acceleration of e-government. This is an ideal opportunity for Rwandans to freely bid for any auctioned property wherever they may reside.

The new electronic auctioning system had earlier been gazetted in the Ministerial Order No. 05/MOJ/AG/20 of 12/05/2020 relating to the electronic execution of enforcement orders, which determines the organisation, management and the use of the electronic system of execution of enforcement orders.

As previously noted in this column, the Electronic Auctioning System, known in Kinyarwanda as ‘Cyamunara’ platform, was developed in a way that the whole auction process will be done electronically.

Additionally, the use of electronic auctioning system must be conformable to Law no 22/2018 of 29/04/2018 relating to the civil, commercial, labour and administrative procedure, especially Article 255 outlining the steps to follow. The provision states:

"The distrainer or the distrained have the right to decline the offered prices not more than twice in case no price reaches at least seventy-five percent (75%) of the reference value. At the third round, the auctioned property is given to the bidder who offered the highest price.”

To illustrate, the property at auction whose actual price actually is determined by a qualified expert cannot be sold less than 75% for the first and second auctioning stages. But, the third time is final; regardless of the bidder’s price offer provided it’s the highest. This has been one of the most contentious issues in the auctioning process. Where a loan defaulter would fight tooth and nail to challenge the bidder’s offer if it’s less than the current market value of the property.

And a frequent question has been: how long would the auction be adjourned, if prospective bidders offer less than expert’s determined value? Could the adjournment be indefinite? Of course, this could be a wish of a loan defaulter. So, how could the bank—that is in doing business—recover its money?

To do justice, it’s of paramount importance to set a limit on the number of auctions. That’s why it’s perfectly reasonable, as noted in Article 255, that at the third round, the auctioned property is given to the bidder who offered the highest price.

The introduction of online auction gives a new impetus to make electronic auctioning systems secure from any cyber threats.

Security and confidentiality of electronic auctioning systems must be guaranteed. It’s critical to have an online auction system with safe communication and collaboration between legitimate users.

There’s a need to identify and authenticate legitimate users, thus identifying and granting access to bid information, content, and other supporting services.

Over and above, provision of a security system with fine-grained access control that will allow, on the one hand, legitimate users access to resources, while on the other, protecting sensitive information from hackers and unauthorized users.

Database system security is a critical considerationIn order to make sure that no unauthorized or authorized user can access any data in the database system, the system should clearly identify data held, conditions for release of information, and the duration for which information is held.

To put it in a nutshell, encryption must be the golden rule to protect information as it may be processed over the Internet.

It’s noteworthy that attacks against information technology systems are very attractive. And it is expected that the number and sophistication of cyber-attacks are bound to happen as seen in other technologically-administered services.

Cybersecurity concerns with the understanding of surrounding issues of diverse cyber-attacks and devising defense strategies (i.e., countermeasures) that preserve confidentiality, integrity and availability of any digital and information technologies.

Technically, ‘Confidentiality’ is the term used to prevent the disclosure of information to unauthorized individuals or systems. ‘Integrity’ is the term used to prevent any modification or deletion in an unauthorized manner.  ‘Availability’ is the term used to assure that the systems responsible for delivering, storing and processing information are accessible when needed and by those who need them.

As Rwanda is on the path to regulating data privacy, relevant authorities must ensure that there’s an intelligible privacy policy. Bidders’ contact information, what personal information you collect, how and why it may be shared with third parties. Any legal basis for collecting personal information must fully comply with applicable policy and regulatory frameworks. Equally, any international data collection must comply with international data protection standards.

All these concerns must be addressed to ensure that personal data of the legitimate users of the electronic auctioning system is not compromised.

The writer is a law expert.