I am pretty proud to be able to host my first guest article on my website. It was written by a Philippine friend. Pau is currently taking up her law degree (4th year student) and did quite some work on the automated elections here in the Philippines for the May 10 elections. Her being cyber-affin, concentrated on this topic from a judicial perspective and local make be very happy to publish her article here. Maybe here article can fill the gaps and answer the raised questions of my article in a very sophisticated manner. Enjoy the following…
The Philippine Constitution provides that “[t]he Philippines is a democratic and republican state. Sovereignty resides in the people and all government authority emanates from them (Section 1, Article II). For me, there are at least three aspects in this provision that provoke questions in my head. One is the fact that it asserts that the country is a democratic state and by being a democratic state we mean that it is a government by the people; the supreme power is held by the very people that constitutes the population of the country (The New Merriam-Webster Dictionary). Second is that it is a republican state and in so far as republicanism is concerned, it implies the adoption of a representative type of government which necessarily points to the enfranchised citizens as the ultimate source of established authority (Moya v. Del Fierro, 69 Phil 199, 1939). Third, is that sovereignty resides in the people such that the government authority emanates from them. It is the supreme political power in a state; the power to govern without external control (The New Merriam-Webster Dictionary). From the standpoint of the national legal order, state sovereignty is the supreme legal authority in relation to subjects within its territorial domain (Brownlie, 2003). For me, sovereignty refers to competence in the legal sense—a competence to rule, a competence to direct the movement of power. These concepts titillate my imagination on how the Philippine government, through its people, conducts itself politically. This is a fundamental state policy, being the first section in the second article of its Constitution with a bold title “Declaration of Principles and State Policies”, an article right after the “National Territory”—the article delimiting the metes and bounds where such sovereignty may be exercised.
Any critical and thinking individual would pose the question “is this all theoretical?” Or maybe I just thought that a critical and thinking individual would ask this question rather than a cynical person who has lost faith in the letters of the law that have remained just black letters on paper. As De Leon puts it, [t]heoretically but fundamentally, the people combined represent the sovereign power of the State. In practice, however, sovereignty is exercised by the electorate and those chosen by them, directly or indirectly, the elective and the appointive officials (2008). It is here that he mentioned that a democratic and republican government derives all its powers, directly and indirectly, from the people at large. It essence is indirect rule. Actual sovereignty is exercised by the people by means of suffrage through the ballot of the registered voters in duly appointed elections held from time to time.
The power is in the people and such power is directly exercised through the casting of the ballots held every six years. In between elections, such power is exercised only indirectly, if exercised at all, through the proper functioning of the electorate. The right of suffrage is a right to be exercised, a political right that enables one to participate in the process of government to assure that it truly derives its powers solely from the consent of the governed (Pungutan v. Abubakar, 43 SCRA 1, 1972). Although some legal scholars also call it a duty, most would only consider it a right that directly emanates from the Constitution. However, since it emanates only from the Constitution, some consider it as mere privilege because it is given and withheld by the lawmaking power subject only to constitutional limitations. It is not a necessary accompaniment of citizenship. It is granted to individuals only upon the fulfillment of certain minimum conditions deemed essential for welfare of society (De Leon, 2008). Whether it is a right, a privilege, or a duty, the fact is that it exists and that it can be exercised as it should be exercised. But in a third world country where poverty is not only apparent but so real, such right pales into insignificance as the problem of bringing food to the table transcends all political concepts. A third of the population of this country has not gone beyond a concept as basic as survival, on a daily basis.
Manual to automated cheating?
The Philippines has gained its independence in 1898 and it was between 1898 to 1899 that the form of government was made representational. Elections were held but only in some provinces because of the revolution. In some places, the people just drew lots to appoint their leader. The first “free” elections in the country was adopted during the American time, between 1903 and 1904 but it was only for the local positions. Finally, in 1912, the first national elections were held to elect the National Assembly, which was at that time composed only of the lower house.
In 2007 however, Republic Act No. 9369 was signed into law which amended the earlier law Republic Act No. 8436 which was signed in 1997, a law which authorized the Commission on Elections (COMELEC) to use an automated election system in the May 11, 1998 National or Local Elections and in subsequent national and local electoral exercises with the goal of encouraging transparency, credibility, fairness and accuracy of elections. Imagine this law existed in 1997 but was only pre-tested on August 11, 2008 in the Autonomous Region in Muslim Mindanao (ARMM) elections. This was after the promulgation of the 2007 law that contained amendments which came 10 years after. It was never used in the 1998 elections since one year is not enough, if not absurd, within which to implement a national policy, to conduct studies and tests, to draft of contracts and to finally purchase the technology and implement the whole system across the country. It was only last year that the government appropriated through a law the budget of P11.3 billion for the automated election system. It was initially assessed at P21 billion but was finally trimmed down to almost half of the initial proposal.
The system that was pre-tested in 2008 used two technologies—the Direct Recording Electronic (DRE) and Optical Mark Reader (OMR). COMELEC then called the pre-test a success but the poll watchers, media, and those who observed it characterized it as surrounded by technical glitches, human errors, incompetence of the IT implementers, and a lot of other problems. The goal of ensuring transparency, credibility, fairness and accuracy was also not met as evaluated by the observers, lawyers and IT specialists who were there during the observation. One of the major issues at that time is the access of a “super user” or the root user/system administrator who at that time, manually corrected the data shown in the program and remotely did so because a vote was twice counted. Any person who has implemented a program would readily recognize this issue. Who watches the power administrator? No answer still at this time and elections shall be held in less than two months from this writing.
The present system uses the OMR, also called “mark sensing” which is a method of scanning technology in which data is inputted via marks made in predefined positions on a form and entering data into a computer system (UNESCAP n.d.). It detects the absence or presence of a mark depending on the mark’s depth (darkness) on the sheet, which then gets interpreted and translated by the machine. In an election, the mark (full shade as required by the COMELEC), is made on an oval or square beside the name of the candidate on the ballot chosen by the voter. This mark will register less light than the surrounding ballot and thereby is detected by the scanner as a vote for the candidate in the predefined position. “Since most scanners use infrared light, an acceptable mark should be dark enough to absorb a high proportion of infrared light contrasted to the ballot” (UNESCAP n.d. as cited in The Automated Election System 2010 of COMELEC: Challenges and Uncertainties, October 27, 2009, UP College of Law).
In a study undertaken by the Dean’s Office of the University of the Philippines College of Law (Diliman, Quezon City), tapping Research Fellows from the Center for People Empowerment in Governance (CenPEG), it was highlighted that, contrary to popular belief, there are only 16 countries worldwide that have adopted various technologies for election modernization and of these countries, only one has utilized a full automated voting, Venezuela (CenPEG 2009).
Of personal interest in the study is the e-voting system in Ireland and I quote the study,
“where a critical paper by two computer scientists on e-voting put a halt to the country’s plan of introducing e-voting in the mid-2004 elections. According to McGaley and Gibson (2003), “in the rush to appear technologically advanced, inadequate voting systems are being installed and used. Significant errors and failures in voting systems since Florida 2002 have been noted…” Part of the criticisms of the scientists with the chosen technology in the Irish elections is the unavailability of technical documentation of the system as well as the source code. Regarding the source code, McGaley and Gibson say that “[s]ince the system does not print out the vote for the voter’s examination, we have no guarantee that votes are recorded correctly”. They went on to quote Dr. Rebecca Mercuri, a leading computer scientist studying automated elections systems, “[a]ny programmer can write code that displays one thing on a screen, records something else, and prints yet another result. There is no known way to ensure that this is not happening inside a voting system” (Mercuri 2001 in McGaley and Gibson). The authors further assert, “[t]he introduction of electronic voting in Ireland, in its current form, threatens the integrity of our democracy. As demonstrated in this report, this is an issue that has been incompetently addressed by the government” (2003).
And in March, Germany ruled that e-voting is unconstitutional because it lacks transparency since the voter cannot see what is happening inside the machine (Friedman, 2009).
The first world countries have taken a step back in implementing an e-voting system, those countries which have the resources and the capacity to implement a country-wide automated election system. Why, I ask, does the Philippines want to implement this kind of system and impose upon it a P11-billion project? My answers lies in the title of the law that implemented it—encourage transparency, credibility, fairness and accuracy of elections. But will it?
This machine got IT issues
What are the issues that surround this e-voting system in the Philippines? As stated in the study done by the UP College of Law, the following are the spotted problems in the system:
a. The use of OMR technology
b. Program correctness as reflected on the source code
c. Program integrity verification
d. Voter’s choice verifiability
e. Protection of transmitted data: Digital signature/secret key
f. Root user/system administrator super powers
The Use of OMR Technology
The choice of utilizing an OMR technology already poses a lot of questions on the integrity of the system. Although there are advantages, we look more at the disadvantages since these shall pose the very threats to democracy through a failure of the system to embody accurately the political concepts around the exercise of the supreme power of the people through the right of suffrage.
I shall only enumerate the disadvantages of using an OMR technology in the e-voting system as mentioned in the study of the Dean’s Office of the UP College of Law:
a. Difficulty of reading marks
b. The requirement for high quality printing of forms as OMR forms need to be precise
c. Machine appreciation of the ballots such as the possibility of false mark recognition
d. The environment factors such as:
i. Humidity: it affects the ballot and the position of the marks, for example, a 10% increase in humidity level can cause the ballot to expand by 1 part in 1000 thus cause misalignment of marks that will affect the reading by the scanner of the ballots
ii. Dust and poor transport: Dust may also affect the readability of the ballot, hence, countries with very dusty or humid climates and poor transport infrastructures are discouraged from using OMR.
e. Writing tools also affect the readability and such must ensure that marks made by such marking tools have enough depth to be recognized by the scanners.
f. The paper must not be folded or crumpled since this shall cause misalignment of the marks
The present ballot to be used in the May 2010 elections has small frames and is longer than the usual short bond paper (ballot extends up to 30 inches depending on the number of candidates in the area). Increase in the length of the ballot increases the chances of skewing the ballot as it is fed into the machine thereby causing misalignment of marks. Also, having an Arial font size 10 on a 30-inch ballot having 300 names on each side would greatly pose a problem to voters especially those whose eyesight and dexterity are affected by age or disability.
It is important to note that in the 2008 ARMM elections, the head of the National Movement for Free Elections (Namfrel) in Lanao del Sur said, “nobody can see anymore if the ballots were filled up by one person unlike in the old system when one can easily check on the handwriting” (Mindanews, 2008). Furthermore, in Sharif Kabusuan, the OMR machine used by inaccurate in counting the votes by 26% in one precinct and after a recount was made, the tabulation was still inaccurate by 2% (Azurin, 2009). What is the effect of a 2% margin of error in the system to democracy? In a country with 34M voting population, A LOT.
A source code is a human readable version of the computer programs running on the machine or, as in the case of the Philippine AES, the Precinct Count Optical Scan or PCOS (pronounced as pi-kos) as how COMELEC calls it. The source code is also used in canvassing the computers. It tells us what the computer is doing in counting our votes and in accumulating them into canvasses. In the manual system of voting, the security of the people in ensuring that the ballots are counted correctly is public counting. However in the present system, the substitute to public counting, as provided in the law, is source code review by the public.
In the law, section 14 states that “once an AES technology is selected for implementation, the Commission shall promptly make the source code of that technology available and open to any interested political party or groups which may conduct their own review thereof.” One of the parties that petitioned to review the source code is CenPEG which received an en banc resolution on July 10, 2009. At present, it has not yet been provided with the source code yet.
In the recent dialogue with the COMELEC, it mentioned that it shall only allow certain individuals and groups to publicly view the source code, which up to now it has not done yet. It mentioned that it will not give a copy of the source code to the public but that it shall “walk through” interested parties in the source code review, the date and time to be specified by the COMELEC. This is contrary to the language of the law which states that the COMELEC shall make the source code available and open to any interested political party or groups which may conduct their own review thereof . How can this be done when COMELEC shall limit the review under their watch? Moreover, considering that source code reviews take on the average 3 months to accomplish, imposing these conditions shall obviously delay the completion of the review. Even if we get a copy of the source code at this time, it may be impossible to finish the review until May 10. Is this a deliberate attempt to evade review? A cloud of doubt looms above the question.
In a recent press release by the COMELEC, Ferdinand Rafanan, director of the COMELEC law department, said that the international firm SYSTEST LABS, which was commissioned by the poll body to review the codes since October, has finished its work. Another COMELEC Commissioner, Armando Velasco, mentioned that the review of the political parties will be done in a controlled environment at the COMELEC main office to avoid leakage. In the same press release, Rafanan said that the source code review to be done is only for the purpose of seeing to it that indeed, the certification by the technical committee and Systest Labs is accurate, not to replace it. What should the public be wary about these statements? Aside from the fact that these statements are contrary to law, SYSTEST LABS is a company whose integrity is being questioned since it is closely related to the owners of the makers of the hardware, SMARTMATIC INC, whose owner is allegedly the brother of the major drug lord in Venezuela. Remember that this is the only country which implements a full e-voting system. Connect the dots.
In a recent Supreme Court ruling Roque v. COMELEC dated July 28, 2009, it was held that “the COMELEC has to supply the political parties the code for review. They have to take them home so that they can study them”. But clearly, the COMELEC does not uphold the rule of law and abdicates in its duty to provide the public the source code. What is the remedy of the public? File a mandamus in court. What is the problem with this remedy? Fourteen (14) of the fifteen (15) justices which constitute the Supreme Court are all appointed by one president who also signed the amended Automated Election System into law. Should the public be alarmed? With a president with the highest number of extrajudicial killings during her term, including the politically motivated Maguindanao massacre which killed 57 journalists in one day, all of which are still pending in the dockets of the courts, to be alarmed is an understatement.
Program Integrity Verification
With 82,000 PCOS machines and more than 1,000 canvassing computers, how can one know that the program running the machines is the same program that was approved and reviewed?
It was suggested in the study that the COMELEC should subject the approved program to a hash function and provide the Board of Election Inspectors (BEI), political parties, and poll watchers with a copy of the hash (one line of numerical value). On the election day, the hash function should be performed on each PCOS machine and its hash value printed in the initialization report to be checked by the BEIs and poll watchers. If the values are different from the hash of the approved program, the wrong program was installed in the machine. (To know what a hash value is, go to www.en.wikipedia.org/wiki/Hash_function).
The problem with this is that the law does not require the COMELEC to undergo this specific system integrity check and as such, it is upon the Congress to require the COMELEC to subject itself to such processes that shall ensure the integrity of the system. Is this still possible? With this Congress, everything is possible, but more often than not, towards its own interest.
Voter’s choice verifiability
Article 7 (n) of RA 9369 which states that the automated election technology should “provide the voter system of verification to find out whether or not the machine has registered his choice.” One mode to comply with this is to allow the PCOS machine to print on thermal paper the choices of the voter. However, according to some lawyers, this runs contrary to the fundamental concept of secrecy of the ballot which our Constitution puts much premium on. Also, this can encourage vote buying and other illegal transactions since the receipt can serve as proof that one has voted the candidate the vote buyers “sell”.
But the present PCOS machine has a feature that can address such problem. In the study, it was stated that “on the machine are two buttons just below the LCD screen. These are the “cast” and “return” buttons. If these features are enabled, the interpretation of the ballot is shown on the screen once the voter has fed his ballot. If the voter agrees with how the machine interpreted his ballot, he can then press “cast” so that his ballot will be dropped into the ballot box and his votes are counted. If there are errors in the interpretation, the voter can press “return”, then reinsert or edit ballot.” It is saved as a TIFF image which is then saved in the Compact Flash card in the machine. But why did the COMELEC disable these buttons? In the study, it was mentioned that it does not want to enable these features because the COMELEC thinks it will take up extra voting time for each voter. In the more recent discussions with the COMELEC, they came up with a more sound but illogical reason for not allowing the voter to see his or her votes. They asserted that by disabling the buttons, less human interference is made on the machine. This should add security to tampering the election results by limiting direct human interventions with the machine. A thinking person can see the soundness of that argument but will readily recognize also the fact that there can be safeguards, in fact safeguards that can easily be implemented, to address this issue should they allow the two buttons to function—do not allow anyone else to be around the voter as he or she casts his or her vote.
Protection of transmitted data: Digital signature/secret key
Section 19 of RA 9369 states, “[t]he (precinct) election returns (ER) transmitted electronically and digitally sighed shall be considered as official election results and shall be used as the basis for the canvassing of votes and the proclamation of a candidate.” This is a security feature of the system wherein the digital signatures shall identify the BEI personnel and the precinct number from which the ER came and that it assures that the precinct ER is not modified in any way by vote-padding and vote-shaving which can be done through acquiring the secret key and changing the data that shall be printed on the ER. One issue here is that the ER which has the electronic signature is considered the official election result and as between the actual ballot and the digital ER, it is the latter which is official because the law says so.
It is therefore imperative to ensure that the security key which makes one access the election data is protected and secured. But as the study says, instead of safeguarding the BEI’s secret keys, COMELEC has entrusted it to the winning bidder, which is the SMARTMATIC in this case. In the COMELEC’s Bid Bulletin No. 10, it states that “the digital signature shall be assigned by the winning bidder to all members of the BEI and the Board of Canvassers (BOC) (emphasis supplied). For the National Board of Canvassers, the digital signatures shall be assigned to all members of the Commission and to the Senate President and the House Speaker. The digital signature shall be issued by a certificate authority nominated by the winning bidder and approved by the COMELEC.” What is the implication of this provision? It is SMARTMATIC who will assign the secret keys to the teachers and in the process has the ability to make copies of the teacher’s secret keys.
SMARTMATIC plans to save the secret keys in the PCOS machines in order to avoid scenarios wherein the BEIs will forget or lose their secret keys. This is absurd. Having the secret keys that should secure the data in the machine readily accessible in the machine makes the whole system less secure. Another implication of this is that instead of the BEI digitally signing and encrypting the internal copy of the ER as the Terms of Reference (TOR) requires, by saving the secret keys in the machine, the machine can also digitally sign the ER which is contrary to the TOR. This can allow anyone who knows how to operate the machine to tamper the official election returns.
The root user or the system administrator is a “super user” or sometimes also called the “power user”. This person can issue any command available on the computer, do system maintenance and recover it from failure. This root user, having the universal access to the system, can edit the precinct ERs if he has access to the secret keys and change the election results. Because of the accessibility of the secret keys as these are saved in the machine, the propagation of root users is possible. The study mentioned that in the 2008 ARMM election, a root user was allowed to remotely access the servers during canvassing to correct a technical problem. This is a two-tiered problem—having a root user and allowing remote access to the system. How to address this problem? The COMELEC has yet to say a word on this.
A Fictional Democracy
At the core of the issue is the fact that the Constitution declares as a matter of state principle that the supreme political power of the state resides in the people and that governmental authority emanates from them. How? Through direct participation in the government through their exercise of the right of suffrage. But this right is bound by the system by which it can be exercised. This year, it is through automated elections. How can democracy be assured when the very power of the people is subjected to a system which integrity cannot be established? Having less than 60 days from now, the COMELEC has to establish that the system can be implemented and that if implemented, it has the integrity to assure a transparent, credible, fair, and accurate elections. But in less than 60 days, the COMELEC has yet to finish purchasing all the hardware for the system. In less than 60 days, the COMELEC has yet to make public the source code for review. In less than 60 days, the COMELEC has yet to issue security measures for the root users and the protection of the system from jammers. In less than 60 days, the COMELEC has yet to disclose the persons behind SMARTMATIC and SYSTESTS LABS. In less than 60 days, COMELEC has yet to convince the public that it can be trusted this time after being unable to establish it in 2004 during the Hello Garci controversy.
To be exact, we have 42 days. Only 42 days to change the next 6 years of this country. We have this window of 42 days to prepare for that time where we will directly participate in governance.
The Philippines has 42 days to change its political landscape which has been shaped by one person for almost a decade. COMELEC has to act fast. But the people have to act faster lest they lose the very power to direct the future of this country.