Comelec failed to review source code, says poll watchdogBy Jerome Aning
Philippine Daily Inquirer
A poll watchdog on Tuesday alleged that the Commission on Elections (Comelec) in conducting the May 13 automated balloting illegally relied on an official certification of the source code for the computer machines used in the 2010 polling and the aborted 2011 balloting in Mindanao.
Nelson Celis of the AES Watch bared a violation of the Automated Election Systems (AES) Law (Republic Act No. 9369) with the Comelec’s technical evaluation committee unable to review the source code of the precinct count optical scan (PCOS) machines used in this month’s balloting.
Celis said in a statement that under Section 11 of RA 9369, the technical committee must certify that the automated election systems, including its hardware and software components, were operating properly at least three months before the polling.
Such a certification should be made on documented results, such as the successful completion of a source code review and the audit on the accuracy, functional and security controls of the AES software, among others.
“Unfortunately, there was no more time for the technical committee to check the source code, which was delivered by [software owner] Dominion Voting Systems three days before the elections, [when the] machines [had] been deployed nationwide. Too late,” Celis said.
He said the committee’s certifications were based on the source code used in the 2010 elections and the source code intended for the aborted 2011 elections in Autonomous Region in Muslim Mindanao.
The source code is a software or program that instructs the PCOS machine how to read, tally and transmit votes after scanning and storing the images of ballots fed into it.
After senatorial candidate Richard Gordon filed in the Supreme Court a suit seeking to compel Comelec to disclose the source code, Dominion and the independent third-party reviewer, SLI Global Solutions, turned over the source code to Comelec Chairman Sixto Brillantes Jr., who ordered the code delivered for safekeeping to the Bangko Sentral ng Pilipinas as required by law.
The technical committee, composed of representatives from the Department of Science and Technology and the Comelec’s information technology (IT) department, certified the AES on Feb. 12, 2013. This was affirmed by the Comelec in Resolution No. 9641 issued three days later.
Critics of the PCOS machines have pointed out that the lack of a review of the source code could be used in electronic rigging of votes through hacking the software.
Speculations about vote-rigging turned up a few days after the elections when the canvassing of votes by the Comelec revealed a mysterious “60-30-10” pattern of votes, wherein administration, opposition and independent senatorial candidates consistently obtained 60 percent, 30 percent and 10 percent of votes in the province tallies received by the Comelec.
In his Facebook account, IT expert and AES Watch convener Pablo Manalastas suggested that citizens who had reason to doubt the Comelec count, could do their own tally by downloading the computer records of the canvassing on the poll body’s website (http://2013electionresults.comelec.gov.ph) comparing them with ‘borrowed’ election return (ER) printouts held by the political parties and the accredited citizens’ arm, Parish Pastoral Council for Responsible Voting.
Manalastas, a retired math professor at Ateneo de Manila University, suggested using the simple Excel program to conduct a mini-canvass by comparing the computer and hard copy results.
“If this check yields canvass results that are wildly different from the results that were used by Comelec to declare winners, then the citizens’ group has reason to complain and file an electoral protest, and can use the printed ERs and Excel files as documentary proof to support their protest,” he said.
Manalastas said there were other ways to do a ‘citizens’ recount but they all involved using the images of the ballots stored in the compact flash card of each PCOS machine, or the original ballots themselves. This, however, may not be readily allowed by Comelec.
Law of large numbers
Manalastas earlier theorized that the “60-30-10” pattern may be explained by the “law of large numbers,” a rule in statistics that basically means that as more and more votes are randomly counted over time, the results will tend to average out and follow an expected pattern.
However, former diplomat Ado Paglinawan, a US-based political activist and consultant, dismissed the application of the law of large numbers theory.
Writing on his blog (http://pedestrianobserver.blogspot.com), Paglinawan said the law was inapplicable in the Comelec canvassing for the Senate race because the results were coming from groups of provinces that did not represent the Philippines as a whole.
He claimed the certificates of canvass (COCs) from provinces, chartered cities and overseas absentee voting centers received by Comelec came from batches that did not represent a random national count.
Paglinawan pointed out the 14th canvass report, which only contained results from Davao del Norte, North Cotabato and Tawi-Tawi; the 15th, which contained COCs from Marinduque and Samar, and the 16th, which only contained Lanao del Norte results.
Revenge of the machines
Paglinawan elaborated on two theories about how electronic cheating could have happened. One states that there were “strategically inserted default mechanisms” in the AES that favored nine administration and three opposition candidates and locked all 33 candidates in “pre-determined rankings.”
His second theory, which he dubbed “the revenge of the machines,” states that the insertion of default mechanisms just “overheated” the AES and “scrambled on its own to default into a 60-30-10 template on the national level.”
“The PCOS was just meant to scan and read the ballot, count the returns and transmit its tally. Brought about by Comelec’s endless improvisations and collapsing of the minimum required safeguards in the AES law, it has virtually opened the system to hacking and fraud,” he said.