FAQ: The Ñ issue and alleged fraud in the elections
A lot of people have been speculating lately about the possibility of fraud in the 2016 Philippine elections, especially in the tight vice presidential race between Camarines Sur Representative Leni Robredo and Senator Ferdinand "Bongbong" Marcos Jr.
One controversy revolves around a basic cryptographic function (called a hash) and the letter "Ñ," a.k.a. the squiggly-topped cousin of the more familiar "N." To simplify the issue and make it more understandable, here's a basic FAQ list on the issue.
Q: Ok, so how did we get into this mess in the first place?
A: It all started when one of Rappler's tech team members observed that certain candidates in the result files from the transparency server weren't matching with the list of candidate names initially provided by the Commission on Elections (Comelec). Upon further investigation, we noticed that the letter "Ñ" was encoded with a question mark ("?") in the results. So, for example, Mr Kid Peña would show up as Kid Pe?a. We made the decision to immediately alert Comelec and Smartmatic about the issue.
Q: Wait, rewind. Transparency server?
A: The transparency server is one of 3 servers which receives results from Smartmatic's vote counting machines (VCMs). The transparency server is jointly operated by the Comelec and Smartmatic under the auspices of the Parish Pastoral Council for Responsible Voting (PPCRV), a church-affiliated organization that works to ensure fair elections. Various accredited media and watchdog groups were allowed access to results coming from this transparency server.
Q: Ok, so back to your story. What happened after you reported the problem with the "Ñ"?
A: Smartmatic and Comelec acted swiftly to fix the problem. The subsequent result transmissions were corrected to use "Ñ" instead of "?".
Q: That's a good thing, right?
A: Ostensibly, yes. Although Comelec/Smartmatic personnel probably shouldn't have made any untested changes at that critical juncture, it is my opinion that they were acting in good faith with the best of intentions. The change was purely cosmetic and was only applied to the results *output* from the transparency server. There were no changes to the VCMs or any other underlying systems in relation to fixing this particular problem.
Q: Ok, so what's the problem?
A: This is where things get a bit technical, so please bear with me. Each result transmission is accompanied by a hash, which is basically a 32-character digital fingerprint generated from and uniquely associated with that result file.
By computing the hash (ie, fingerprint) of each result file and comparing it against the hash provided by Smartmatic, we could determine if the result file was corrupted or changed in some way. After Smartmatic's patch to correct the ""Ñ" problem, the computed hash no longer matched the provided hash. In other words, something changed.
Q: Aha! So they did manipulate the results?!
A: No, not exactly. The hash mismatch occurred because Smartmatic generated the hash (or fingerprint) *before* they encoded the Ñ's correctly, while our hash was computed *after* the question marks were converted.
However, and this is the critical point, they did *not* change any other data, specifically votes. This can be (and has been) easily proven by converting the Ñ's back to question marks in any result file and comparing the computed hash against the provided one – and they match! This means that the *only* change they made was to fix the Ñs. Any other change would've still resulted in a hash mismatch.
Of equal (if not greater) significance, the results from the transparency server match the independently tallied results transmitted from the voting machines to the other two systems (ie, Comelec Central Server and CCS). Any malicious manipulation of the transparency server would have to be replicated to the other servers, which is no easy feat.
Q: But how do you explain the surge in Robredo's votes which allowed her to overtake Marcos?
A: Leni Robredo's surge is a subject for another FAQ, but it should be clear by now that the Ñ/hash issue is completely unrelated.
Q: Hmmm... sounds like there was no funny business after all.
A: I'm confident there was no cheating in so far as *this* specific issue is concerned. This was the case of a simple mistake followed by a lapse of judgment in a high pressure situation. Nothing more, nothing less.
Q: How can we prevent this from happening again?
A: That’s a hard question to answer. While I applaud Comelec and Smartmatic for providing visibility into the election process via code reviews and the like, I think a lot of these problems could be avoided with even greater transparency.
Proposals along these lines include allowing independent 3rd parties to manage the transparency server, as well as perform random counts and voting machine inspections. Another idea is to make the results files publicly accessible for anyone to download and analyze.
After all, democracy should have nothing to hide. – Rappler.com
Rob Locke is Rappler's Lead Technology Architect.