[This is the May 27, 2010 Interim Report of a 2010 Election Observers Team of Global Filipino Nation (GFN), a non-partisan international organization of offshore and onshore Filipinos in 30 countries committed to "Building the Global Filipino Nation for Good Governance." This report does not necessarily reflect the views of the GFN Convenors. Questions about this Interim Report may be directed to firstname.lastname@example.org.]
I. THE ELECTION RESULTS TRANSMITTED FROM THE PRECINCTS DO NOT HAVE DIGITAL SIGNATURES OF THE BOARD OF ELECTION INSPECTORS.
Based on industry standards, the digital signature on the precinct Election Return (ER) is a summary (hash value) of the ER encrypted using the BEI's secret key. The digital signature serves two purposes:
a. It identifies the BEI personnel and the precinct number from which the ER came; and
b. It ensures that the precinct ER is not modified in any way by dagdag-bawas (immutability of precinct data).
Because of the importance of digital signatures in maintaining data integrity and security, REPUBLIC ACT 9369 states in SEC. 19 A. In the election of president, vice-president, senators and party-list system; and B. In the election of local officials and members of the House of Representatives:
"Within one hour after the printing of the election returns, the chairman of the board of election inspectors or any official authorized by the Commission shall, in the presence of watchers and representatives of the accredited citizens' arm, political parties/candidates, if any, electronically transmit the precinct results to the respective levels of board of canvassers, to the dominant majority and minority party, to the accredited citizen's arm, and to the Kapisanan ng mga Brodkaster ng Pilipinas (KBP).
"The election returns transmitted electronically and digitally signed shall be considered as official election results and shall be used as the basis for the canvassing of votes and the proclamation of a candidate."
Also in SEC. 25. "Authentication of Electronically Transmitted Election Results. - The manner of determining the authenticity and due execution of the certificates shall conform with the provisions of Republic Act No. 7166 as may be supplement or modified by the provision of this Act, where applicable, by appropriate authentication and certification procedures for electronic signatures as provided in Republic Act No. 8792 [Electronic Commerce Act] as well as the rules promulgated by the Supreme Court pursuant thereto."
REPUBLIC ACT 8792, SEC. 5. Defines "e. "Electronic Signature" refers to any distinctive mark, characteristic and/or sound in electronic form, representing the identity of a person and attached to or logically associated with the electronic data message or electronic document or any methodology or procedures employed or adopted by a person and executed or adopted by such person with theintention of authenticating or approving an electronic data message or electronic document."
SEC. 8 also stipulates. "Legal Recognition of Electronic Signatures. - An electronic signature on the electronic document shall be equivalent to the signature of a person on a written document if that signature is proved by showing that a prescribed procedure, not alterable by the parties interested in the electronic document, ..."
SEC. 9 provides. "Presumption Relating to Electronic Signatures. - In any proceedings involving an electronic signature, it shall be presumed that:
a. The electronic signature is the signature of the person to whom it correlates; and
b. The electronic signature was affixed by that person with the intention of signing or approving the electronic document unless the person relying on the electronically signed electronic document knows or has notice of defects in or unreliability of the signature or reliance on the electronic signature is not reasonable under the circumstances.
FIRST ISSUE: Comelec Bid Bulletin No. 10 27 April 2009 Public Bidding / 2010 Elections Automation Project, dated 15 April 2009, states:
"The digital signature shall be assigned by the winning bidder to all members of the BEI and the BOC (whether city, municipal, provincial, district). For the NBOCs, the digital signatures shall be assigned to all members of the Commission and to the Senate President and the House Speaker. The digital signature shall be issued by a certificate authority nominated by the winning bidder and approved by the Comelec."
There were fears at that time that if Smartmatic gets a copy of the secret keys of the BEIs, it would theoretically have the power to change the ERs. Smartmatic did not pinpoint a trusted third party, Digital Certificate Authority, up to the time of the SECOND ISSUE.
SECOND ISSUE: Comelec Resolution 8786, dated March 4, 2010, no longer required the use of digital signatures. The Resolution stated:
"WHEREAS, there is a need to amend or revise portions of Resolution No. 8739 in order to fine tune the process and address procedural gaps;
x x x x x x x x
SEC. 40. Counting of ballots and transmission of resultsf) Thereafter, the PCOS shall automatically count the votes and immediately display a message 'WOULD YOU LIKE TO DIGITALLY SIGN THE TRANSMISSION FILES WlTH A BEI SIGNATURE KEY?', with a 'YES' or 'NO' option;g) Press 'NO' option. The PCOS will display 'ARE YOU SURE YOU DO NOT WANT TO APPLY A DIGlTAL SIGNATURE?' with a 'YES' and 'NO' option;h) Press 'YES' option."
WHY WOULD COMELEC SUDDENLY REMOVE THIS VERY IMPORTANT FEATURE OF THE SYSTEM?
- The Bid Bulletin Specifications required Digital Signatures to be available by 11 November 2009 to Comelec personnel, from BEIs to the Board of Canvassers to the Operators of the Comelec Server, its back-up and to the Servers of the dominant majority, minority, accredited citizens arm and KBP- for lab and field test, mock election test, testing and sealing, and on election day.
- The Technical Specifications in the same Bid Bulletin required: " Component 1A- Election Management System (EMS)
- Makati Rep. Teodoro Locsin said on 26 May that he was wrong in his position on the absence of the digital signatures of the Boards of Election Inspectors on the election returns. Locsin, at the hearing of the House committee on suffrage and electoral reforms, said the digital signatures of the precinct count optical scan machines were enough compliance with the law. He had said earlier that the BEIs should have encoded their own signatures on the electronically transmitted results. "I admit I was wrong. There is a real reason why a PCOS signature is a practical equivalent of a digital signature," he said.
RA 9369 AND RA 8792 RECOGNIZED PEOPLE, NOT MACHINES, AS AUTHENTICATORS THROUGH DIGITAL SIGNATURES. COMELEC HAD THE SAME PRESCRIPTION IN ITS BID BULLETIN AND ITS PRONOUNCEMENTS until that issuance of Comelec Resolution 8786.
- Observers are at a loss as to the valid operational justification to remove the digital signatures of the BEIs.
The Comelec was quoted as saying "the move [not using the digital signatures] was aimed at removing one step in the transmission process to minimize human intervention and protect the results of the balloting.
Will three keys to be entered prior to transmitting significantly delay the transmission process, given that the transmission has been observed to take several minutes?
Was the intent to protect the results and provide comforting assurance? Indeed what happened in minds of objective observers is the REVERSE. No assurance can be made that the transmitted results are the same as the actual votes.
- The Philippine Computer Society (PCS) disclosed that Comelec considered the i-button key of the BEI Chairman and the PINs of the two BEI members as sufficient equivalents for a digital signature
2. The system shall require authorization and authentication of all users, such as, but not limited to, usernames and passwords, with multiple user access levels. (For customization)"
"Component 1B- Precinct-Count Optical Scan (PCOS)
7. The system shall require authorization and authentication of all operators, such as, but not limited to, usernames and passwords, with multiple user access levels."
"Component 1C- Consolidation/Canvassing System (CCS)
The consolidation/canvassing system (CCS) shall be secure, fast, accurate, reliable and auditable, and able to:
1.12 Allow the BOCs to digitally sign all electronic results and reports before transmission;"
The PCS members did not agree that the i-button and PIN features were sufficient to protect the authenticity, integrity, confidentiality and veracity of the transmission of the ERs. It was their consensus that these features were not the security features contemplated by RA 9369.
- There was a significant divergence from the law, including non-compliance with the provisions of the Bid and the Automation Contract.
- There is now a dark cloud on the authenticity, integrity, confidentiality, veracity and accuracy of the vote counts in the ERs.
- The process prejudices the entire electoral process. Several voting result irregularities, discrepancies in printouts vs. transmitted results, malfunctioning of PCOS machines, slowdown in transmission, and worse, reports of unauthorized vote shaving and changing for a fee, have come into light. II.
II. THE NUMBER OF DISENFRANCHISED VOTERS IS SUFFICIENT TO AFFECT GREATLY THE RESULTS OF THE ELECTIONS.
Voters Lists were posted on the walls outside the clustered precincts (with a maximum of 1000 registered voters) only on voting day.
Although precinct assignments were mailed to individual voters by barangay captains, most received theirs late in the voting day or not at all. Voters have great difficulty in locating and identifying their clustered precincts. Long queues developed with voters waiting several (from one to six) hours before voting. As a result, many, especially women and the elderly, decided to forego voting.
Comelec's consultant on queue management estimates the number of disenfranchised voters to range from 2 million to 8 million.
This number can easily affect the results in the presidential, vice presidential and senatorial race especially the close ones.
III. THE AUTOMATED ELECTION SYSTEM (AES) WAS IMPLEMENTED LIVE WITHOUT THE APPROPRIATE FIELD TESTING, AND LAW-SPECIFIED TESTING IN ACTUAL ELECTIONS.
RA 9369 SEC. 6 states "for the regular national and local election, which shall be held immediately after effectivity of this Act (in 2007), the AES shall be used in at least two highly urbanized cities and two provinces each in Luzon, Visayas and Mindanao ..."
"In succeeding regular national or local elections, the AES shall be implemented nationwide."
Furthermore, the Bid Specifications, Annex E, stated that "There shall be as many field tests as may be necessary until the requirements for the tests have been satisfied provided that the tests shall not go beyond December 5, 2009. All systems shall be tested on site, i.e. in selected locations nationwide covering different test voting centers, test consolidation sites, and test canvassing sites. The test shall also include live transmission of precinct results. COMELEC personnel shall operate all systems in the test."
No such tests were conducted by December 5, 2009. In fact, a precinct test using 10 sample ballots were conducted in selected precincts starting in February 2010. No field tests in an entire municipality, city and even province were conducted. This is further aggravated by the fact that 4,690 polling centers have no cell phone signal from telecommunication firms affecting about 5 million registered voters.
Worse, on May3, seven days before elections, Comelec and Smartmatic discovered malfunctioning of Compact Flash cards with erroneous votes for local elections. They hurriedly imported new ones and reconfigured all 76,340 CF cards for use in May 10. This reconfiguration action was not fully tested and certified, thereby resulting in documented irregularities where precinct transmissions
showed 10 votes (used during the testing) and other unexplained wrong data in many ERs.
IV. THE SOURCE CODE REVIEW WAS NOT COMPLETED AND INITIAL FINDINGS WERE NOT ADDRESSED.
Comelec commissioned SysTest Lab of the USA to review the source code. SysTest Lab, after three months, submitted a report with some 4,000 comments for action by Comelec. There was no official announcement by Comelec whether these SysTest comments were addressed.
Comelec also opened up to political and other interested parties the review of the source codes in February 2010. No one agreed to it as only a part of the source code was made available, and one month's time was given. To the parties, it would not be a real source code review but only a walk-through.
The lack of transparency in this source code review, among others, led the Supreme Court to order Comelec to produce the relevant documentation on these items.
The non-transparent action led to suspicions and worries by citizen watchdogs that insufficient testing and checking would happen—leading to the use and non-recognition of a malicious code, the emergence of irregularities, and possible manipulation of the vote results. Simple mistakes like registered voters reaching 153 million in the House server are indicators of such probable errors.
V. NO AUDIT WAS DONE ON THE AES PRIOR TO THE ELECTIONS. THERE WAS ONLY A MANDATED RANDOM MANUAL AUDIT THAT, UP TO THIS WRITING, HAS NOT BEEN COMPLETED.
RA 9369 Sec. 24 Random Manual Audit states "Where the AES is used, there shall be a random manual audit in one precinct per congressional district randomly chosen by the Commission in each province and city. Any difference between the automated and manual count will result in the determination of root cause and initiate a manual count for those precincts affected by the computer or procedural error."
A Random Manual Audit (RMA) was conducted for 5 precincts for each congressional district or a total of 1,145 of the 76,340 precincts nationwide.
The RMA precincts were raffled 12 noon of election day but the choice of the RMA precincts was made public only after the close of voting. As observed in Pampanga, the RMA in one precinct in Telabastagan was started at 8pm election day and the results were not disclosed to the observers.
The results of 30 RMA precincts were released and announced as of 15 May 2010. Last 20 May, Comelec announced results of about 300 RMA precincts were completed with few discrepancies.
PPCRV and Comelec announced some .07% discrepancies in about 400 ERs audited as of 21 May. No target completion was announced.
This should be compared to the Bid Bulletin Specifications "Component 1B- PCOS Machine -
10. The system shall count the voter’s vote as marked on the ballot with an accuracy rating of at least 99.995 %."If in 400 ERs audited, .07% discrepancy is noted, how much more discrepancy can be expected for the rest of the 76,340 ERs?
VI. SEVERAL VOTER AND SECURITY FEATURES WERE DISABLED PRIOR TO THE ELECTIONS.
5.1 RA 9369, SEC. 7. requires "Minimum System Capabilities ... (e) Provision for voter verified paper audit trail;" so the voter can verify whether his votes were the same as those read and counted by the PCOS machine. The AES disabled this feature. The voter was only notified that his vote was read through the word "CONGRATULATIONS" shown in the PCOS LCD.
5.2 The same section requires "(k) Data retention provision;"
A memory card and Compact Flash Card designed to maintain the copy of the vote data and precinct, candidates’ data per PCOS.Comelec was reported to have started destroying the CFC cards 15 May.
5.3 The AES disabled the Ultra Violet scanning capability (to detect fake and unauthorized ballots) of the PCOS when Comelec discovered that the ink used in printing the ballots were not sufficiently dense to be read by this UV scanner.
Instead, Comelec procured 76,340 UV handheld scanners to take the PCOS UV feature. However, during the elections, the UV lamps were not used.
CONCLUSION AND RECOMMENDATIONS:
There has been a noticeable improvement in the peace and order aspects of the elections compared to past national elections. There was initial satisfaction with the early voting results. BUT later events put to question the authenticity, integrity, confidentiality, veracity and accuracy of the vote counts in the ERs. The dark cloud rose from disabling critical, legally specified security features, particularly relating to the digital signatures. Thus, no one (both perceived winners and losers) can be sure whether the vote results are true and correct, and reflect the real will of the Filipino people.
Accordingly, the Election Observers Team of Global Filipino Nation challenges the legitimacy of the election results.
To resolve this very critical issue, GFN recommends the following:
- In the short-term, impound PCOS machines, the memory and CF cards, and perform forensics on these using the actual ballots.
- Comelec would promptly comply with Supreme Court directing the Comelec to make public the documents requested by Petitioner about Comelec's preparation and compliance with the requirements of the law.
- An independent, non-partisan qualified party would conduct a full-blown audit of the Automated System (including recommended improvements to include automated registration, purging of voters lists, precinct mapping, and Internet Voting) as inputs to the Advisory Council. The audit should cover:
- With the lessons learned in the automation of 2010, the following projects should be pursued in time for the 2013 elections:
a. Compliance with RA9369 and other related legal issuances covering national and local elections;
b. Compliance with the Terms of Reference and Project Specifications of the Bid;
c. Reasonableness of Pricing and Expenses involved in the Project vs. Contract, and approved changes;
d. Evaluation of the Technology used; e. Evaluation of Internal Controls of the System; and f. Evaluation of Performance by Comelec and Smartmatic management and project staff.
a. As a priority, complete the computerization of the Automated Fingerprint Information System (AFIS), started by Comelec several years ago, to complete and purge the Registered Voters List.b. Complete the computerization of the Voters Registration Information System (VRIS) and that of the Project of Precincts (POP) in order to prevent disenfranchisement, "flying and ghost" voters, and "ghost" precincts.c. Finalize the amendments and corresponding Implementation Rules and Regulations for RA 9369.
GLOBAL FILIPINO NATION is a non-partisan international organization of offshore and onshore Filipinos in 30 countries committed to "Building the Global Filipino Nation for Good Governance." It has been active for more than eight years in major governance issues such as The Overseas Absentee Voting Law, the Dual Citizenship Law, economic initiatives, and social issues and programs for migrant workers.
GFN 2010 ELECTIONS OBSERVERS TEAM
The GFN Team covered municipalities and cities in Pampanga, Quezon and Iloilo.
1. Victor S. Barrios is an international banker and economist. He has served as Sr. Adviser to initiatives of multilateral financial institutions in over a dozen countries in Eastern Europe and Asia. He is a Convenor of Global Filipino Nation.
2. Jun S. Aguilar, an OFW entrepreneur, is an engineer by profession who has served various international companies in the Middle East for 13 years. He is CEO-President FMW Group Holdings Inc., Chair of the Filipino Migrant Workers Group and Convenor of Global Filipino Nation.
3. Theodore B. M. Aquino, a California Registered Civil Engineer and a Global Filipino Nation Convenor, is a strong advocate for Filipino Dual Citizenship rights and good governance. He has his own consulting engineering practice in California and in several occasions provided pro bono consulting services to the Republic of the Philippines through the UNDP TOKTEN (Transfer of Knowledge Through Expatriate Nationals) Programme.
4. Elsa A. Bayani served as an RN from U.K. and U.S.; Arkansas State Chair of National Federation of Filipino American Association; and TV host Fox Network Asian American Focus, Little Rock Arkansas. An advocate for children in prison, youth and the elderly, she serves as Chairman of Our Barangay Inc. to connect 42,000 barangays to the Internet and a Convenor of Global Filipino Nation.
5. Tim C. Bayani, a registered criminologist, served the Arkansas State Dept. of Correction and Phil. National Police Commission. He was the Dean of Criminology Manila College. He is a member of the FBI-Law Enforcement Executive Dev. Association.
6. Robert Ceralvo’s company provides wifi products/services to projects in the US, notably Google. He has been in the IT industry for almost thirty-years and founded several start-ups. He has been actively involved with IT organizations and a Global Filipino Nation Convenor. His motto is: Technology to the People.
7. Romeo Z. Cayabyab is a Sydney-based audit consultant and university lecturer specializing in treasury operations, risk management, systems and operations control. He is also the founder and publisher of the emanila.com group of websites including TheFilipinoAustralian.com.
8. Hermenegildo R. Estrella, Jr. is a Management Systems Advisor for public and private consulting projects. He held senior management positions in IBM Philippines, Ayala Investment and Development, and Citibank. He is currently a Board Member and Officer of My Wellness City and SIETAR Philippines. He served as the IT/Election Specialist/Consultant of the Global Filipino Nation Foreign/ Election Observers Group.
ANNEX (and Full Report) available at: