Vulnerabilities of the automated elections

Is our automated election system (AES) susceptible to hacking? As a former chair of the House of Representatives Electoral Tribunal and the Senate Electoral Tribunal, as well as a former member of the Presidential Electoral Tribunal, I can state with confidence, based on the election protests decided by these three tribunals, that so far no one has found a way to hack the AES.

The political parties, media, and the candidates are entitled to original copies of the election returns or certified summaries of the election returns at the precinct level. When the election returns are electronically transmitted from the precincts to the district, city or municipal boards of canvassers for tallying, the political parties, candidates, and the media can easily verify the accuracy of the tally by the boards of canvassers.

The political parties, candidates, and the media are also entitled to copies of the certificates of canvas issued by all the first level boards of canvassers, which allows everyone to verify the accuracy of the tally at the next level—the provincial boards of canvassers. The same parties are also entitled to copies of the certificates of canvass issued by the provincial boards of canvassers. This again allows the political parties, candidates, and the media to verify the tally at the last level—the Commission on Elections (Comelec) acting as the national board of canvassers for the senatorial elections, and Congress acting as the board of canvassers for the Presidential and Vice Presidential elections. Hacking the electronic transmission of the election returns or the certificates of canvas can easily be discovered and exposed.

The AES, however, is still subject to two vulnerabilities. The ballots, as well as the flash cards containing the AES operating system, are manually delivered over several days by one logistics company. The delivery starts from the Comelec warehouses in Metro Manila and ends at some 100,000 precincts all over the country. The first vulnerability is that unscrupulous persons can pilfer a percentage of the ballots and ask their chosen voters to insert the pilfered ballots, already shaded, into the voting machine when they vote. This type of cheating, although difficult to carry out because the ballots are precinct-specific and cannot just be inserted into any voting machine, may still be resorted to by desperate parties. The way to stop this cheating is for the watchers of political parties to ensure that all the ballots are counted before the start of the voting. If there is a shortfall, then the watchers must watch carefully that every voter inserts only one ballot into the voting machine.

The second vulnerability is that unscrupulous persons may tamper with the flash cards so that these cards, which are precinct-specific just like the ballots, will print out predetermined results in the election returns. This type of cheating can be prevented by the Random Manual Audit that the law requires to be conducted in the precinct, in the presence of representatives of political parties, right after the close of voting on election day. The Random Manual Audit will determine if the manual count tallies with the voting machine count. A variance will show a tampering with the flash card, unless the variance can be attributed to undershading of ballots. The voting machines can read only ovals with 20 percent or more shading.

In past elections, the Comelec conducted the Random Manual Audit one week after voting day despite the clear mandate of the law that it should be conducted on election day itself. After election day, nobody watches the ballot boxes which are just dumped in the bodega of the city or municipal treasurer. In at least two election protest cases, the tribunal found that ovals were shaded on the ballots after election day to render the ballots void in the recount when a protest is later filed. Clearly, it is useless if the Random Manual Audit is conducted after election day.

Finally, the Random Manual Audit is conducted at the rate of only two precincts for every legislative district or a total of just 700 precincts nationwide. This number is insufficient to deter tampering with the flash cards. There must at least be 2,000 precincts that should be randomly audited at the close of voting on election day.

——————

acarpio@inquirer.com.ph

Read more...