‘Audit system now’
IT expert: code changes imperil poll credibility
A computer expert with the poll watchdog AES Watch on Friday urged the Commission on Elections to open its automated election system to an independent audit to determine what really happened to the system during the counting of votes on the eve of Election Day.
“This [audit] should happen now. We can’t wait for another six years to resolve this issue,” said lawyer Glen Chong, an information technology expert and a member of the transparency watchdog AES Watch.
The appeal came on the heels of the poll body’s admission that the hash code of the data packet in the transparency server was indeed changed on the evening of May 9 while they were already transmitting the results from the vote counting machines.
Comelec Chairman Andres Bautista said that Smartmatic project manager Marlon Garcia made the unauthorized change for a “cosmetic” reason—to change the “?” in some names to “ñ,” and said this did not affect the outcome or integrity of the elections.
But the camp of vice presidential candidate Senator Ferdinand Marcos Jr. issued the same challenge to the Comelec.
“It has become clear that our assertion that hash codes had been changed at 7:30 p.m. on May 9 is true. This is a matter of grave and immediate concern,” said Abakada party-list Rep. Jonathan dela Cruz, Marcos’ campaign adviser.
Dela Cruz said two witnesses confirmed there were alterations made and a video has been circulating on social media that changes indeed were made, prompting Bautista and officials of Smartmatic, the poll body’s partner in the automated election system project, to admit that changes in the system had indeed been made.
But Chong of AES Watch said assurances from the Comelec and Smartmatic that the changes were merely cosmetic were not enough. Nor was it enough to show the original and change script to prove there was no cheating.
“Any IT expert worth his salt will not accept that,” Chong said.
Dela Cruz said the insertion of a new script put in question the results of the close vice presidential race as well as the senatorial contests.
“We do not agree with Chairman Bautista’s claim that the change was something innocuous,” he said.
Dela Cruz said the law prohibits any form of unauthorized tampering with electronic devices or their components used in the automated elections.
Furthermore, he said, Comelec rules also provide that changing the hash code requires an en banc resolution but as admitted by Bautista himself, even he was not informed about it.
“In addition, if the alteration was something innocuous, why did they have to change it in the first place while in the middle of transmission? Why did they deny the change only to admit it later on?” Dela Cruz demanded.
He said the inability of the Comelec to safeguard the AES system from unauthorized tampering has cast a cloud of doubt over the integrity of the entire process.
AES Watch co-convenor Bobby Tuazon described the recently concluded election as a “disaster.”
“After monopolizing the election technology in three automated elections [2010, 2013, 2016], it is time for Smartmatic to call it quits,” Tuazon said.
He added that Smartmatic “practically counted the votes by using a system that is not transparent thus leaving the country’s millions of voters in the dark whether their votes were properly and accurately counted.”
Tuazon said the AES Watch had alerted the public on the following scenario that might happen during and after the May 9 elections. Among them:
-There will be danger of double transmissions.
-The manual delivery of 92,509 SD cards from the precincts nationwide was vulnerable to double transmissions, tampering, and delayed ERs transmitted;
-Tampering of the system:
-Vote Counting Machines malfunction.
-Improper and delayed final testing and sealing.
“In just three days after the elections, more than 2,000 machines have been reported malfunctioning, and possibly more not disclosed… resulting in manual voting, [that affected] 1.5-million voters,” Tuazon said.
Chong, also a member of the Reform Philippines Coalition, said the changes Smartmatic made threw the entire electoral process under cloud of doubt.
A hash code is the key or seal to any system. If it changes, it means the system was modified by someone.
Bautista has admitted that the Venezuelan technician from Smartmatic, the Comelec’s IT service provider, had changed the script without proper authorization from the Comelec, contrary to the law and to the agency’s rules.
Chong said the admission that the protocols were violated means there was a breach in the system, which should alarm the Comelec.
He said an independent audit of the system was necessary to erase all doubts about the integrity of the elections.
To speed up the process, Chong added, the Comelec can just give them the Internet Protocol address so they make the audit. “The Comelec has to do the audit now before the official canvassing starts to erase any doubts,” he said.
The Comelec and the Parish Pastoral Council for Responsible had earlier denied the hashcode in the transparency server had changed but when a video of the change circulated online, they were forced to admit the changes.
Chong added that he could not see any overriding reason for Smartmatic to introduce changes in the system that had surely put the integrity of the elections in doubt.
“What was the overriding necessity to put the integrity of the entire elections in doubt just to change the question mark to an ñ?” he said in Filipino.
“We all understand that this was a typographical error, so if the change was cosmetic, why would you do it? You could let it go without any effect. Why risk the whole integrity of the elections for just a mere typographical error?” he said.
Chong also presented a graph showing how the insertion of a change in the script or system coincided with the steady drop of the lead of Marcos until he was overtaken by administration candidate Rep. Leni Robredo at 3:08 a.m. on May 10.
He said from the first to the fifth update, Marcos was able to build a substantial lead to around 1 million votes. But when the change in the script was introduced between 7:30 p.m. to 8 p.m., his lead suddenly narrowed. Thereafter, beginning at 8:59 p.m., his lead decreased and after four updates, his lead was down to just 5,000 votes.
On the other side, Chong pointed out, Robredo kept her lead beginning at 3:30 p.m. and went on a uniform, steady and slow rise.
“This one slide showing the lead of Robredo, beginning at 3:30 a.m. and up to 26 updates until 5:51 p.m. of May 10, built up in a very slow and steady rise like a ladder. This is very uniform…. There was no instance in which Marcos was able to bring down the lead of Robredo,” Chong said.
Chong also said the Comelec could not just play down the change in the system because it means that Smartmatic may have introduced other changes as well.
He stated that the change may have either been made in the Network Operating Center (NOC), which is the “super” command center of the AES, or in the redundancy server or the backup system, which the public does not about.
“Every system has to have a redundancy server or a duplicate copy or backup running parallel to the NOC because when the main system crashes, you can have another system to back you up and the system will still work. In the case of the AES, we don’t know where this redundancy server is and who controls it. So it may be that the script was changed not in the NOC, which Comelec said is heavily-guarded, but in the redundancy center,” he said.
He added the script can only be changed in the NOC and the redundancy server. “It cannot be changed in the transparency server because it is just a repository of data. It is just a slave system so you cannot introduce changes there. If the hashcode of the date packet of transparency server was changed, then it means the system was changed in either the NOC or the redundancy server.”
Chong said the opening of the NOC system and the redundancy platform is important so that everyone can see what changes were introduced that led to the change in the hashcode.
“There we could see the logs made in the system as well as the commands made. We will then know what happened in the system and its effects on the numbers transmitted,” he said.
He said he was also able to establish a theory of electronic vote shaving and padding, not only in the vice presidential race, but also in the senatorial race.
“After the injection [of the new script], I will show you that there is a change in the vote share of the dubious candidates. I will show you how they did it,” he said.
Chong said he was not part of the Marcos camp, and was disclosing the breaches in the AES because a similar incident happened to him in 2010, where he was leading in the evening, but lost in the morning.
“This was the right thing to do and in the interest of the Filipino people,” Chong said. “If this incident happened to the side of congresswoman Robredo, I will also expose this because it is my duty as a citizen of this country to preserve the votes and the integrity of the elections,” he said.
Comelec Commissioner Rowena Guanzon said she would push to hold Smartmatic accountable for altering the program in automated elections ystem, but insisted that these changes did not affect the outcome.
In a press briefing, Guanzon said that she and her fellow Comelec commissioner will request for a formal investigation against Smartmatic’s action in violating the agency’s protocol.
“I personally along with another commissioner, will request for a formal investigation of this matter so that we can determine that this Smartmatic has financial and other liabilities under their contract for breaching the protocol,” Guanzon said.
“This automated election system is not own by Smartmatic, it is owned by the Commission on Elections, representing the people of the Philippines, it is owned by the government. They were not supposed to change anything without our knowledge and permission,” the poll commissioner said.
She noted that Smartmatic has a performance bond which the Comelec has the power to decide whether or not they will release the P1.2-billion contract to them.
“I can vote to refuse payment, unless I am satisfied that the breach was benign,” Guanzon said.
She said the controversy of the “cosmetic tweaking” would not help, because the vice presidential race was so hotly contested.
“When the people are guarding their votes, and the candidates are guarding their votes, and Senator Marcos and Congresswoman Leni Robredo are in a very tight race, it doesn’t help,” Guanzon said, adding that her knees grew weak when she heard about the incident.
On Wednesay, Marcos’ lawyer Francesca Huang bared that the transparency server from which the partial and unofficial count of the Parish Pastoral Council for Responsible Voting (PPCRv) had been breached and allegedly gave out corrupted results favoring Robredo.
But Guanzon reiterated that the changes made in the programming script did not alter the automated election system as well as the results of the elections as feared by Marcos.
“Thank God that the result of the elections were not altered as a result of their unauthorized action,” she said.