2022 Philippine Elections

The 2022 polls’ IP address issue simplified, and why watchdogs aren’t sounding alarms

Dwight de Leon

This is AI generated summarization, which may have errors. For context, always refer to the full article.

The 2022 polls’ IP address issue simplified, and why watchdogs aren’t sounding alarms

Raffy de Guzman/Rappler

(1st UPDATE) An election lawyer, who was once part of the Comelec as chief of staff of the late poll chief Sixto Brillantes Jr., says all these allegations all boil down to one thing: was there dagdag-bawas?

MANILA, Philippines – Allegations that the 2022 automated elections were rigged have not died down a year later, and among the recent issues raised by poll skeptics is the Commission on Elections’ (Comelec) use of a single private IP address to transmit results.

They said it is proof that the vote was rigged.

Rappler approached election experts and long-trusted watchdogs, which have officially written to their members to explain in layman’s terms the nitty-gritty of the controversy.

The bottomline: with the evidence presented thus far, they remain unconvinced, and have not jumped to the conclusion that the elections were stolen.

What is the claim, exactly?

TNTrio – an IT group led by former ICT chief Eliseo Rio – studied raw files uploaded to the Comelec’s website.

Rio’s group found that several election returns (ERS) that the transparency server received from different vote-counting machines (VCMs) have the same IP address.

An IP address is a string of numbers assigned to every device so it can connect to the internet.

Specifically, the IP address in question is, which is private.

Their allegation was that it meant the ERs were coming from a single “fabricated source,” since the group could not believe how 20 million votes were reflected in the transparency server one hour after the polls closed on May 9, 2022.

What did the Comelec say?

The Comelec confirmed in July that 20,300 modems for 10,100 VCMs used a single IP address.

It said the modems were brand new, and were purchased because thousands of modems were found defective during various tests ahead of election day.

The poll body explained that the primary telecommunications company involved in the transmission of results recommended that modems that are 4G-capable be purchased instead of 3G ones like in previous elections, even if it meant that they only have a single IP address.

The commission asserted that the use of a single IP address did not undermine the accuracy of the polls, and that the new modems underwent tests and a certification process.

Rio’s group, however, correctly pointed out that this information only came to light a year after the polls, further casting doubts on the electoral exercise’s integrity, but the Comelec insisted that no law states that the IP address used for the modems should be different from one another.

How do Namfrel and PPCRV appreciate the theory of Rio’s group?

In simple ways, the country’s leading poll watchdogs are not buying what Rio’s group is selling.

The National Citizens’ Movement for Free Elections (Namfrel), founded in the 1950s, takes pride as a pioneer in election monitoring in the Philippines. Its commitment to clean elections took center stage during the 1986 snap elections, which resulted in the ouster of dictator Ferdinand E. Marcos.

Meanwhile, the Parish Pastoral Council for Responsible Voting (PPCRV), a non-partisan organization affiliated with the Catholic Church, began poll-watching efforts in 1992. For numerous elections now, it has conducted a parallel count, matching electronically transmitted ERs with physical copies printed by the vote-counting machines to ensure there was no dagdag-bawas (vote-shaving or vote-padding).

These two watchdogs also have IT experts from their teams, and the media has constantly relied on them to provide perhaps a sober take on numerous issues hounding the elections. Both groups also have a history of calling out the Comelec when there are controversies that need urgent attention.

What’s their take on the IP address issue?

According to the two watchdogs, there is nothing illegal and surprising about the use of a single private IP address because it’s common practice.

The rationale behind it: the number of IP addresses out there is not infinite. Designers just did not anticipate that billions of devices would one day connect to the public internet.

The manner by which IP addresses are assigned by telcos to users is called NAT (Network Address Translation), a networking technique that allows devices on a private network to communicate with the internet using a single, shared IP address. 

But designers of the internet did not anticipate that billions of devices would one day connect to the public internet. Because the number of IP addresses out there is not infinite, internet service providers adopted a variant of NAT, CGNAT (Carrier-Grade NAT), to provide internet access to their customers. 

 GNAT works by allowing multiple customers to share a single, public IP address. This is done by assigning unique port numbers to each customer’s device. In Metro Manila, for instance, users from whole city blocks may actually share one single IP.

Namfrel further laid out the likely scenario on election day last year: a telco service provider (TSP) allocated a block of public IP addresses. Modems with the private IP address connected with the TSP’s infrastructure, and subsequently assigned a unique public IP address for the transmission of election returns. When the process was completed, the said unique public IP address was released and reassigned to another modem that needed to connect.

Rio’s group alleged that the single private IP address use confirms their theory that the results came from a single workstation that “cloned thousands of VCMs.”

But Namfrel said that the Comelec’s raw files, as well as the private IP address recorded, “do not support evidence that supported the existence of a secret LAN (local area network).”

So there’s no man-in-the-middle attack?

A man-in-the-middle (MITM) attack is a security breach where an attacker inserts himself between two parties and potentially alters the communication between the two.

Namfrel said that if there was no LAN, there would be no MITM attack. It added that raw files do not confirm suspicions that the transparency server received spurious election returns.

PPCRV pointed out that the “very real proof” of an MITM attack is if physical ERs printed before results were transmitted by VCMs did not match those reflected in the transparency server.

The hard fact, however, is that PPCRV’s parallel count yielded a 99.84% match rate between the physical ERs and electronically transmitted ones.

“This is precisely why we at the PPCRV do our unofficial parallel count. This is to check against MITM. Our hundreds of thousand volunteers nationwide painstakingly collect the pre-transmission copies of the printed election returns and send them to the PPCRV national headquarters,” PPCRV IT lead William Yu told Rappler.

The 2022 polls’ IP address issue simplified, and why watchdogs aren’t sounding alarms
But why was the results transmission so fast?

Rappler had already echoed the watchdogs’ explanation on this in the past, but the emergence of the IP address theory gave skeptics renewed confidence to insist there was election fraud on the basis of the speed of transmission.

To recall, 1.5 million votes were reflected on the transparency server 17 minutes before the closing of the polls. Rio’s group claimed the process takes at least 30 minutes.

The process is like this: after polls close at 7 pm, the election board (EB) prints eight election returns and then moves on to transmission. It takes less than a minute to print every ER.

Doing the math then, it’s not out of the ordinary that the first results came in at 7:08 pm.

An ER transmission also does not amount to a lot of data. A payload size of each one, as per Namfrel, is 10 kilobytes. A selfie you send to a loved one may even be bigger in size and may take longer to send than transmitting an election return.

“Namfrel finds the transmission and reception of some 39,512 ERs from as many VCMs deployed in the same number of clustered precincts within one hour from close of polls possible,” the group said.

“A single TikTok video has more data than an election ER and we simultaneously stream and consume a lot of that concurrently,” PPCRV added.

Final word

Rio is undeterred and is also unconvinced by the watchdogs’ explanations. The Duterte-era ICT chief – who is also a retired brigadier general and former telco regulator commissioner – continues to offer his rebuttals on social media.

He is able to rally a lot of people online, including people who question the supposed “complicity to election fraud” of Namfrel and PPCRV, watchdogs whose statements are grounded on facts.

The watchdogs, in fact, did not let the Comelec have it easy, flagging the poll body in the past elections for the initial lack of transparency in its operations, particularly the preparation of SD cards and printing of ballots.

Namfrel – like Rio’s group – is also not satisfied with the “transmission logs” that the Comelec released in March, saying the documents were actually “reception logs” due to insufficient data expected in a transmission log.

“Namfrel believes that the issues raised are rooted on the non-transparent automated election
system (AES) and the lack of transparency in its implementation,” the group said.

In August, Rappler spoke with election lawyer Emil Marañon, who was part of former vice president Leni Robredo’s presidential campaign team in 2022.

We asked him if he, a defender of the AES, had a change of heart after hearing the IP address theory raised by skeptics. Our question came after former senator Francis Pangilinan became the most prominent opposition figure to offer his support for Rio’s group.

Marañon, who was once part of the Comelec as chief of staff of the late poll chief Sixto Brillantes Jr., said all these allegations all boil down to one thing: was there dagdag-bawas?

“Was there even a single vote change? It’s so easy to believe these legal theories if you don’t understand the system. But there are safeguard mechanisms by which you can actually detect changes in the vote,” he said.

“You complete your theory of fraud. You don’t stop midway by saying one IP address, and then you leave everyone hanging. So what?”

Check our other stories on the legitimacy of the automated election system in 2022:

– With Gemma B. Mendoza/Rappler.com


Sort by
  1. NP

    Comelec & Smartmatic are obviously hiding TnTrio requested documents that could prove that the 2022 elections were either clean or rigged… A simple task that Comelec could have easily provided if there is nothing to hide. Now, the SC is involved… because of Comelec’s inaction to be Transparent.

  2. ET

    With the possible collaboration among “Cambridge Analytica,” “Smartmatic” and some COMELEC officials and programmers, a near perfect Automated Election System Scam (AESS) could have happen. What Marcos Sr. had begun, Marcos Jr. will have perfected.

Summarize this article with AI

How does this make you feel?

Download the Rappler App!
Avatar photo


Dwight de Leon

Dwight de Leon is a multimedia reporter who covers President Ferdinand Marcos Jr., the Malacañang, and the Commission on Elections for Rappler.