Why the Comelec FTS is not enough
MANILA, Philippines - The Comelec started conducting the final testing and sealing (FTS) of the precinct count optical scan (PCOS) machines a little over a week before the May 13 elections. As Comelec chairman Sixto Brillantes Jr earlier announced – that “all is set” for the midterm polls – Malacañang asked the poll body to resolve the glitches reported in the first few days of the test.
The election law, Republic Act 9369, requires that the FTS of the PCOS machines be made by the Board of Election Inspectors (BEI) at least 3 days before elections are held. There will be a total of 77,829 PCOS machines to be tested in each of the clustered precincts nationwide.
In 2010, problems with the compact flash (CF) cards discovered during the FTS prompted the nationwide recall and replacement of these memory devices. In his statement over the weekend, Chairman Brillantes gave assurances that “all the things critics have been saying have been addressed.”
The FTS will run through a list of procedures to test the PCOS machines and the corresponding paraphernalia that will be used on election day. 10 ballots will also be filled up and tested on each machine.
The FTS will likewise go through the procedure of tallying the votes on the machine which will then be compared with a manual count conducted by the BEI. Once the machines are tested, they will be sealed and opened only on May 13 at the start of the polls.
What will not be done in this election’s FTS is a dry run of the transmission to the municipal and central canvassing servers.
Initial reports by Kontra Daya volunteers on the FTS in Pasay City last week already revealed several glitches. Our field monitors reported cases of ballot rejection, paper jams and ballots smudged by pen ink at the P. Villanueva Elementary School. In Jose Rizal Elementary School, the PCOS machine had to be rebooted several times. In the FTS in UPIS on Monday, May 6, the yellow plastic seals that held the printer and the compact flash bays had no replacement seals in the kit. The BEI needed to call the local Comelec to proceed with the testing.
Yet while most of the public's attention is focused on the vulnerabilities of the PCOS machine, and while the FTS is supposed to address the deployment of these machines, there are two other computers that have not been thoroughly tested or scrutinized. These are the canvassing machines in the municipal and national servers.
One such glaring problem was found out by congressmen after the elections when they saw the impossible figure of 256 million registered voters in the canvassing servers in the House of Representatives. The same glitch appeared on election day itself when the total registered voters appeared to be 153,902,003 (more than the population of the country at that time) at the national canvassing in the PICC.
Comelec and Smarmatic explained this away as a problem in addition among the main server and its two backups. However, note that this number is not divisible by 3 – which means that one of the 3 computers does not match the other two.
We had no independent guarantee that the votes were not tampered or changed by the PCOS machine or the server. The source code for these servers was neither subjected to review nor certification in 2010. We do not hear any such certification this 2013.
Other vulnerabilities still exist even with the FTS in the PCOS. Does the backup CF card contain the same program and data as the main CF card? What function does it have in the whole election system? With the absence of the source code to review, we will never know.
Bruce Scheiner, a well-known security and cryptography expert, outlined 5 major characteristics of an effective automated election system – accuracy, anonymity, audit, scalability and speed. Anonymity is needed to guard the secrecy of the ballot. No one should be able to know who you voted for. Scalability issues are related to the system being able to handle large-scale elections. We have seen problems in scalability in the Comelec-Smartmatic AES where the large precincts led to long queues in the morning of May 10.
Speed refers to the time it takes from tally completion to proclamation. It took more than two weeks to proclaim our senators and more than that for the partylists, vice-president and presidential posts in the 2010 elections.
Accuracy refers to the way the AES records the voter’s intent into a tally. This would include informing the voter through feedback that the machine has read his or her votes and asks the voter to verify this fact. The Comelec disabled the display of the Smartmatic PCOS and just printed out a “Congratulations!” message. Accuracy also would include the correctness of the tally that the machines do.
Scheiner pointed out that “Accuracy is not measured by how well the ballots are counted; it’s how well the process translates voter intent into properly tallied votes.”
A proper audit would show where the system failed to uphold the accuracy requirement. A voter should be able to check the consistency between his or her ballot and the recording made by the AES. In the event that machines fail, there should be a way to recount votes independently from the machines and its tally.
It is not enough to fulfill one of the 5 characteristics above (the Comelec chose speed over everything else), all of them must be satisfied on election day.
Technologies such as the AES will still not solve other types of fraud such as harassment, ballot snatching, pre-shading of the ballots and pre-selected voters. However, an improperly designed, poorly executed and opaque implementation will make things even worse. – Rappler.com
Dr. Tapang is a convenor of Kontra Daya. This article is a modified version of a piece that he wrote shortly after the 2010 elections.