Don’t disregard safeguards against hacking

WHAT LESSON can our elections commissioners learn from the current banking scandal that is being investigated by the Senate? (Think of all that free TV exposure for reelectionist senatorial candidates.) The lesson, dear Reader, is that even the most sophisticated computer systems can be hacked, and that disregarding safeguards against hacking is an open invitation to anyone with malicious intent (politicians included) to take advantage. There have to be as many safeguards as possible.

When the Automated Election Law was passed in 2007, Congress was aware of the frailty of the automated systems, and so provided many safeguards, both in and outside the systems, to protect the vote: the source code review (to ensure that there were no extraneous instructions), the digital signatures of the Boards of Election Inspectors or BEIs (to ensure that the election returns submitted were authentic), the UV lamps (to check that the ballots are not fake), the VVPAT (so voters can verify that the machine had read their ballots correctly), and the random manual audit (to double-check the accuracy of the count).

It is safe to say at this point that the Commission on Elections has played fast and loose with those safeguards, either because it had blind faith that the counting machine is incorruptible (stupidity), or it had other plans (cupidity). And it was helped, sad to say, by a gullible people so entranced by the voting machine that they were willing to overlook its mistakes.

For national elections, cheating would be difficult except in a close race (which it will be this year), where all that has to be done is to change the vote count in a few selected places, like the candidates’ strongholds. But local elections are a different matter. Hackers have less machines to tamper with. That’s why several gubernatorial, mayoral, or congressional candidates were caught flatfooted. They were leading in the local polls, yet found themselves losing in the count. Suspicions were aroused, because apparently there were people moving around claiming that they could change the election outcomes in exchange for a hefty fee. They refused, and they lost.

The Comelec pooh-poohed all complaints and said the records of the counting machine would gainsay all these complaints. The winners, it said, won fair and square. But that was exactly the point: The machine, having little or no safeguards, could not be relied upon to be the final arbiter. Duh.

Remember the 60-30-10 patterns that a mathematician from Ateneo de Manila discovered in the 2013 elections? It seemed that the patterns were found nationally and locally. It seemed that even in the bailiwicks of the candidates, the patterns did not deviate. In other words, it seemed programmed. The Comelec reaction? Pooh-pooh.

When Andy Bautista became Comelec chair, he assured the nation that all the safeguards would be in place for the 2016 elections. That has not happened. In fact, when the Supreme Court recently ruled affirmatively on Dick Gordon’s plea (he authored the Automated Election Law) asking for the VVPAT safeguard to be observed, the Comelec said there was no time to do it. No time? After nine years? If the Comelec didn’t want to follow the law, why did it not ask Congress, all these years, to remove it from the law?

What is the VVPAT, anyway? It is the voter-verified paper audit trail, which means that when the voter puts his ballot into the machine, the machine spits out a receipt that shows the voter what it recorded of his ballot. Which is why the Comelec argument that the VVPAT requirement is satisfied by the ballot itself makes no sense. The VVPAT is there to check if the machine recorded the ballot correctly.

Anyway, the Comelec asked the Supreme Court to reconsider its decision. And after listening to oral arguments on the request on Thursday, the high court, deliberating for only one hour, reaffirmed its decision by a vote of 13-0. (The original vote was 14-0.) So come what may, the voter will be able to see for herself if the machine was accurate. After which, she puts that receipt in a separate ballot box (no, she doesn’t get to bring that receipt out), which can be used for cross-checking purposes if there is any question later. Isn’t that great?

What about the other safeguards? Well, the UV lamp is being used, and the source code review still cannot be done (even after two elections) because of too many restrictions on its review. The Comelec is struggling with digital signatures because of the changing membership of the BEIs. The random manual audits were big flops in the past two elections, thanks to the PPCRV (Parish Pastoral Council for Responsible Voting), which was tasked with handling it. I understand that the Namfrel (National Movement for Free Elections) and Picpa (Philippine Institute of Certified Public Accountants) will do it for the May elections, and I certainly hope they do a better job.

But there is hope. Assuming that the ballots actually reflect the wishes of the voters (which is still a big problem), there is still the problem of errors or failures in transmission from the precinct to the municipality to the province to the Comelec to Congress.  Dagdag-bawas rears its ugly head. But that seems to have been solved. Gus Lagman has suggested, and the Comelec has approved, the establishment of a public website, where all the precinct results will be uploaded. With the help of software that Namfrel will provide for free, anyone can compute municipal, district, provincial and national results. If there is any difference with official results, questions can be asked and, hopefully, answered.

We’ll get there yet, Reader. Slow by slow.

Read more...