(First published in The Philippine Star issue of Feb. 17, 2013)

POLLS’ INTEGRITY: Threats to the integrity of the May 13 elections are not necessarily overcome if/when Comelec Chairman Sixto Brillantes Jr. uses public funds to bail out private firm Smartmatic from its contractual disputes with software supplier Dominion Voting System.

The security problems of the Precinct Count Optical Scan voting machines do not start and end with Dominion’s copyrighted operating system that it has developed for Smartmatic’s PCOS system.

There are a myriad other issues, some of them dating back to 2010, that the Commission on Elections has continued to ignore even as the nation careens toward Election Day just three short months away.

Such problems that the authorities, technical groups, poll watchdogs and media should address involve the use of compact flash cards and personal digital signatures required by law to authenticate returns being transmitted to the Comelec servers.

* * *

TWIN TRAPS: The problem of false poll results being transmitted by the PCOS from various locations has been discussed in great detail in media and citizens’ forums. It is a wonder the Comelec still does not see the gravity and urgency of the problem.

Based on reports we have read, some threats to the integrity of returns transmitted after the computerized count are traceable to at least these Comelec resolutions:

• The decision to use the machine’s digital signature instead of the personal digital signatures of the Board of Election Inspectors manning the precinct. Their BEI’s digital signatures are required by law to authenticate the transmitted returns as true and correct.

• The decision to use compact flash cards that can be rewritten or edited or even replaced by Smartmatic personnel assigned to the precinct for technical support. Without the BEI’s knowledge, fake returns in a new CF card can be inserted before transmission.

* * *

DAGDAG-BAWAS: The automated dagdag-bawas (plus-minus) operation is hard to detect in the case of candidates vying for one of multiple positions -- such as those for senators, party-list seats, provincial board members and town/city councilors.

The cheating in those slates is easier to hide because the final figures do not add up neatly. This is where a weak candidate, if he can afford it, can invest some millions to turn the tide.

When losing local candidates get zero or unbelievably few votes in their bailiwicks where friends and relatives had voted, they cannot put together quickly a protest because of the absence of a paper trail. All the dirt is in the machine.

* * *

WINNERS & LOSERS: By the time a protest gains traction, the bogus winner will have been proclaimed and the burden of ousting him weighs heavily on the protester.

The Comelec then goes to town with the hurried announcement that the election was successful. It congratulates, and pays, its beloved partner Smartmatic.

The winners -- genuine and bogus – join the post-election merriment and drown out the protesting voices. And the smart operators, meanwhile, go laughing all the way to the bank.

* * *

DIGITAL SIGNATURES: Among the reports on automation potentially subverting the elections is one by Rene B. Azurin who writes “Strategic Perspective” in BusinessWorld. In his Feb.7 article, he said:

“Even if one tried to nurture some ember of hope that our Commission on Elections is not complicit -- whether deliberately and maliciously or through sheer and utter incompetence -- in a conspiracy to electronically control (and rig) Philippine elections, that hope should have dissipated completely when the current set of Comelec commissioners agreed -- just like their predecessors -- to system provider Smartmatic’s proposal to use so-called machine digital signatures rather than the personal digital signatures of every member of the various Boards of Election Inspectors. It is these BEI officials who are, by law, mandated to authenticate and certify election returns.

“Indeed, with that single inexplicable decision, the Comelec has effectively removed all accountability for election results from the election officials responsible by law and transferred this to Smartmatic personnel with no legal standing whatsoever.

* * *

“THE DIGITAL signatures requirement has been raised before, but Comelec, then and now, refuses to listen. In an earlier column (BW, July 15, 2010), I described the fact that certified computer hacking forensic experts -- like Al Vitangcol III and Drexx Laggui -- who formed the Joint Forensic Team assigned to forensically examine the Smartmatic PCOS [Precinct Count Optical Scanner] machines used in the May 2010 polls reported that ‘Examination of the PCOS machines revealed that there was no evidence to prove the existence of digital certificates in the PCOS machines, contrary to the claims of Smartmatic. The technicians of Smartmatic were not even able to show to the forensic team the machine version of the digital signature.’

“Further, the forensic team’s audit of the files on the Smartmatic machine’s main compact flash card showed that there were ‘No BEI keys with which to sign results… (and) nothing was found to show that digital certificates were in the cards or in the machines.’

“Now for the 2013 automated poll exercise, our Comelec commissioners again want to do away with personal digital signatures even if many observers and election watchdog groups have been screaming that our poll automation law (RA 8436 as amended by RA 9369) specifically requires that ‘The election returns transmitted electronically and digitally signed shall be considered as official elections results and shall be used as the basis for the canvassing of votes and the proclamation of a candidate.’

“In addition, the Terms of Reference of the Comelec contract with Smartmatic specifies that ‘The system shall transmit digitally signed and encrypted election results and reports enabled by public/private key cryptography to provide authenticity, integrity, and non-repudiation utilizing at least a 128-bit encryption scheme.’”

Visit the author's website to read more Postscripts.
Follow him on Twitter @FDPascual.