Dr. Temario Rivera of AES Watch pointed out that Comelec did not fulfill the requirements set by the law with the absence of a comprehensive source code review and digital signatures, the failure of final testing and sealing, and the absence of a contingency plan.
By RONALYN V. OLEA
MANILA – In the fourth automated elections, the Commission on Elections (Comelec) was once again found violating the provisions of the Automated Elections System (AES) Law.
In an interview with Bulatlat, Dr. Temario Rivera of AES Watch pointed out that Comelec did not fulfill the requirements set by the law with the absence of a comprehensive source code review and digital signatures, the failure of final testing and sealing, and the absence of a contingency plan.
Rivera said Comelec’s non-compliance with the law was demonstrated by the immensity of technical glitches, corrupted SD cards, malfunctioning of machines, among others.
“It is gross inefficiency if we are to be rather kind and benign with Comelec or worse, there might be deliberate attempt to sabotage and manipulate the elections,” Rivera said.
Rivera said there has been no comprehensive and definite source code review since the automated elections in 2010. He said Comelec did not provide ample time for the reviewers.
Republic Act (RA) No. 9369 defines source code as “human-readable instructions that define what the computer equipment will do.” Source codes contain instructions for counting and canvassing votes – which, if manipulated, could lead to fraud.
A source code review is the process by which experts test the source code to check compliance with technical requirements; spot possible flaws; and, ensure that there is no malicious code that may be used in fraud.
“Under AES, no way that you can fully trust the machines in the absence of honest-to-goodness source code review,” Rivera said.
In an opinion piece, AES Watch Spokesperson Nelson Celis, revealed the non completion of the source code review and its certification on time. Comelec extended the source code review until March 2019, two months before the elections. The law states that three months before the elections, the Technical Evaluation Committee (TEC), through an independent international certifying entity, should have already certified that the AES is operating properly, securely and accurately.
In an article, Lito Averia, an IT expert from the National Citizens Movement for Free Elections (Namfrel), said that only selected parts of the source code were reviewed. The review did not include compilation of the source code (a process of converting the source code into its machine-executable version) and a test run of the programs.
In an interview with ANC, Celis also said the “meet-me rooms,” which allegedly host undeclared servers and intercept data from the vote counting machines (VCM) to the Comelec servers are against the Omnibus Election Code.
He said the VCMs should be directly sending election returns to the municipal board of canvassers, not to the queuing server.
Besides the source code review, Rivera said, Comelec did not also implement the digital signature, which will trace and identify specifically the source of transmitted VCM-counted votes.
Sections 22 and 25 of RA 9369 state that the election returns/certificates of canvass transmitted electronically and digitally signed shall be considered as official election results and shall be used as the basis for the proclamation of a winning candidate.
Rivera said corrupted SDs can also be programmed to alter VCM votes. “We don’t know if the so-called corrupted SDs were done deliberately,” he said.
The political analyst also said the final testing and sealing of VCMs was done a week before the elections. He said that under the law, the machines should have been certified by a technical evaluation committee three months before election day.
Poll watchdogs Kontra Daya, BaBaE! Network and Namfrel noted during the conduct of final testing and sealing in some key polling places in Manila and Quezon City that one out of 15 VCMs was potentially not working. They also observed difficulty in initializing VCMs, paper jam during the printing of election returns and defective voter registration verification machines (VRVMs).
Even more glaring, Rivera said, is the absence of any contingency plan as required by law.
These issues, Rivera said, were the same problems seen by poll watchdogs since 2010.
“Comelec knew these problems, which have been recurring, bu they refused to act on these,” Rivera said.
Rivera lamented that even the Joint Congressional Oversight Committee (JCOC), which is mandated to monitor the issues surrounding the automated elections, has not been decisive in addressing the problems raised by poll watchdogs.
“Kabit-kabit na. [There’s also] lack of accountability of public officials involved in the process,” Rivera said.
Rivera agreed with other watchdogs’ verdict that this midterm elections is the worst so far in terms of lack of transparency.
Rivera said that with the current system, voters have no way of determining if the votes being transmitted and canvassed are correct or not.
AES Watch has been pushing for transparency at the precinct level through a hybrid election system. Rivera explained that the votes at the precinct level would be counted manually through the use of a computer and a projector. Transmission and canvassing will be done electronically. The votes then can be counter checked.