By Joel Disini 21 May 2013 Facebook Notes
Something is not right with the way the Comelec is conducting the elections. If you go over to http://2013electionresults.comelec.gov.ph and check the ERs (Election Returns) from each precinct you will find that the digital signatures on each ER have been stripped. Digital signatures are absolutely necessary to ensure that the ERs are authentic and have not been tampered with.
Each PCOS machine (Precinct Count Optical Scan – which is the device used to scan the ballots, tabulate them, and transmit the results via GSM modem and/or onto a CF card ) is supposed to be equipped with a private key and a public key. The private key is embedded within the PCOS and is used to sign (and optionally encrypt) the election results generated by the PCOS. The public key should be published (preferably on a publicly accessible website, such as comelec.gov.ph), so that the public can verify the authenticity of any ERs generated by the PCOS machines. (Otherwise, how will Comelec know if the ERs they receive from the precincts have not been sent by a rogue PCOS? How else will the Municipal Centers who receive the CF cards containing ERs then determine that said ERs are authentic and that the CF cards have not been switched?)
For as long as the private key(s) are stored securely inside the PCOS and assuming (1) there is no way to hack into the PCOS to reveal the private key, and assuming that (2) no copies of the private keys have been kept by Comelec or Smartmatic or some other party, then it will be practically impossible for anyone to fabricate fake ERs and thus steal the election. Let me repeat that, as it bears repeating. For as long as the PCOS machines have been programmed properly and for as long as proper security measures were taken during the key generation/registration/embedding/signing process, then it will be impossible for anyone to steal the election.
Allow me to explain.
A 2048 key is mind-numbingly difficult to crack. It is estimated that a desktop computer will take 6400 trillion years to figure out the private key of a given public key. You can check out the math here http://www.digicert.com/TimeTravel/math.htm. Private and Public keys, on the other hand, while impossible to crack, can be generated quite easily by a desktop computer using free open-source software, such as OpenSSL.
The process of generating the keys and storing the private keys in the PCOS machines should be witnessed not just by Smartmatic and Comelec, but interested third parties such as the BEI (Board of Election Inspectors) and representatives of each political party. The people witnessing the process should ensure that all traces of the private key, once embedded in the PCOS, is erased. If a USB drive was used to copy the private key into the PCOS, then that too must be wiped clean. Ideally, some testing of the PCOS is done (by a qualified third party) to ensure that the PCOS is secure and cannot be tampered with. To be safe, the source code should also be reviewed, to make sure there is no back door inside that allows an insider to enter a predefined set of keystrokes (or scan a predefined document) that will trigger the back door (where the private key can be divulged, replaced, or the election results themselves can be edited).
Once the voting is over, the PCOS machines should generate the ERs, sign them (using their unique private keys), and then transmit them to the Comelec server, to the Transparency Server (monitored by the PPCRV, Rappler, etc), and to the Municipal Centers. When the servers receive the ERs from a PCOS, they should check their authenticity (by looking up the corresponding PCOS public keys and verifying that they match the digital signatures). If everything checks out, the comelec server should then publish the digitally signed election results on the comelec website.
In this manner, even if there are transmission delays, and horse-trading over the election results, it will not be possible to tamper with the results. Someone can of course generate new public key & private key pairs, and then generate fake ERs using the fake private keys. They would have to somehow tamper with the database of public keys used by the Comelec server, as well as the Database used by Transparency Server to pull off this stunt. Lastly, they would have to hack into the comelec website and replace the list of public keys with their own set of fake public keys. One way to avoid this (other than relying on the public to spot the hacker’s attempts) is to have the BEI and all the Political Parties sign the list of public keys. This way, it would be impossible for the list of public keys to be replaced without being detected. The only way to “beat” the system would then be to physically destroy the PCOS machines, or the comelec & Transparency Server.
So what can be done to prevent cheating in this current election?
1) Comelec must IMMEDIATELY publish the list of precincts and their corresponding PCOS public keys. There is no reason for the Comelec not to do this, other than to buy time to generate new public key/private key pairs for precincts that have yet to report their results.
2) They must publish the digital signatures that come with each ER. Again, there is no reason for the Comelec not to do this, unless some of the published ERs have already been tampered with.
3) The PCOS machines and their CF cards must be secured. If someone has already generated a new set of private keys, then we can detect the fraud by reviewing the source code for the PCOS machines, especially the part where the PCOS writes to the CF card & signs the results, determine where the private Key is stored within the PCOS, then write new code to access this location. Doing this will not be trivial, and it may take a lot of trial and error, but there are 78T PCOS machines, so we have enough machines to experiment on. The embedded private key can now be compared with the published public key and see if they match. If they do not match, then there is cause to believe that some fraud has taken place.
Any attempts to reset the PCOS machines and erase their CF cards should be deemed highly questionable.
4) Of course if unique private keys were never embedded into the PCOS machines, then Smartmatic needs to hauled into court, as there is absolutely no reason why they should stick us with machines using ancient technology. Their existing SAES voting machines already use 2048 public keys. And the cost to implement PKI (public key infrastructure) is minimal – as there is a lot of open source code available to generate keys, sign and encrypt documents, etc.
In fact, if Comelec deliberately asked Smartmatic to deliver PCOS machines without any PKI, Smartmatic should have immediately known that something foul was afoot. This would be the equivalent of asking a Private Security company to watch over a bank, and requiring them to use mobile Phones and walkie-talkies with known transmission problems, or to use CCTV cameras that fail to record, or to use bows and arrows instead of guns!
We shouldn’t wait any longer for someone to file an electoral complaint, or for someone to gather evidence of cheating before springing into action. We already have all the evidence we need – as all the digital security measures to prevent cheating have been turned off!
i had always voted, since the late 1960s when i came of age.
never voted for marcos, but he kept winning. voted for cory in 86 but she was cheated and had to mount the huge protest that led to EDSA. voted for salonga in 92 but fvr won. voted for erap (how stupid of me) in 98 and he won but was edsa-ed. voted for bro. eddie (he was talking alternative economics) in 2004 but arroyo won. voted for jamby and her nationalist platform in 2010 but noynoy won.
kahit midterm elections, pinapatulan ko noon. in may 2007, some months before i started blogging, i wrote Tipo kong iboto and sent it to everyone in my mailing list, including the inquirer. all about voting on issues for a change. economic issues, like the debt policy, e-vat, charter change, pork barrel. wala rin. once they won they forgot their promises, puro pangakong napako.
seeing no signs that it would be different this time, and praning over pcos, i didn’t vote na lang. so yes wala akong kinalaman sa pagkakatalo ni jack enrile. at wala akong kinalaman sa pagkakapanalo ni grace poe. may kinalaman lang ako sa low turnout, well, lower than 2o10, na inaamin naman ni brillantes.
… all the hard work of the candidates and their supporters can be negated by what Information Technology people call the Automated Garci — or the automated dagdag-bawas operation. How dagdag-bawas operations can be pulled off with the automated electoral system in place is discussed by several IT experts of the volunteer group AES Watch in the newly published book Was your vote counted.
Rene Azurin says automated cheating can be accomplished wholesale by introducing subtly altered software code into the voting machine or onto its memory card before the opening polls on election day. This can be done by those who have access to the machines or to the memory cards. According to him, cheating can also be done during the data transmission and consolidation stage if the cheater has access to the private (digital) keys of selected officials.
Many of those machines and CF cards are sent by ordinary public transportation to remote polling places, some up in the mountains, others in distant islands, days before election day. Access to them during transport and at the polling places is easy. Electronic transmission facilities in those remote places are inadequate if not absent.
Gus Lagman says the Smartmatic PCOS can be hijacked. Sixty of these machines were found in the house of a Smartmatic technician right after the elections. In 2010 PCOS machines had an open port. Through an open port a techie with a laptop can connect to the unit and tamper with the software and the CF cards in the machine. CF cards can be stolen easily as proven by the discovery of CF cards in a garbage dump in Cagayan de Oro City. Transmission of precinct election results from remote places to the canvassing machine is vulnerable to tampering as shown by Glenn Chong in Biliran in 2010.
Both Azurin and Lagman say that the Smartmatic system is very vulnerable to internal tampering. For the right incentive, a Comelec official can manipulate the system as to guarantee the election of a paying candidate. That is why their colleagues in the IT circle refer to the automated electoral system as Automated Garci.
A “Hello, Brilly. Hello, Brilly, can you…” call is out of the question. Comelec Chair Brillantes is a trustworthy man. He himself said he is trusted by President Aquino and Vice-President Binay. Besides, he is no IT man. In fact, his staunch defense of Smartmatic’s system with all its flaws shows he is an ignoramus when it comes to IT.
But many of Garci’s accomplices in 2004 remain with the Comelec. There could be techies among them. Members of the Bids and Awards Committee of Comelec that approved the purchase of ballot secrecy folders for the fantastic unit price of 380 are still with the Comelec. Yes, men and women of dubious integrity populate that Constitutional body.
…until May 21 then, by which time the results of the senatorial race shall have become final. Then either I say, “I told you so” or I eat my words.
that’s from oscar lagman jr.’s The final surge. read too jarius bondoc’s Clean,credible election: Does Brillantes care? federico pascual’s Source code review vital to poll integrity, jose sison’s Cloud of doubt, inquirer editorial More than legality, and dr. florangel rosario braid’s Automated elections: issues and concerns.
and so this makes sense: Poll cheating laid out: LP, UNA accuse each other of plotting
i’ve been wondering why voters and candidates and the church don’t seem the least bit concerned that brillantes has failed us, cheating hasn’t been ruled out. is all the technical talk over their heads? or can it be that because it’s all okay with the prez, then it must be all a-okay? or maybe it’s not really, but it’s too late to call off elections, bahala na si batman? argh.
the world is watching, of course. and as usual, we’re good for a laugh or two.
praning, that is, paranoid, about those blasted PCOS machines for the 2013, maybe also the 2016? elections. my beef in 2010 was that there were no manual counts done in random towns / provinces/ regions to prove without a doubt that the machines were counting and relaying real votes. and of course there was all the talk from credible, and very concerned, IT people about 236 glitches, weaknesses, defects, flaws. 236! here’s ex-comelec commissioner augusto “gus” lagman:
[Lagman] noted that when he was still with Comelec, the poll body opted to sign anew a deal with Smartmatic even if the latter had failed to address a lot of errors in the machines.
He said when he joined Comelec, the PCOS machines had “236 problems.”
“But these problems have not been addressed, and yet Comelec proceeded to enter into the deal,” he added.
He asked: “Are we going to count on Smartmatic’s word that these will be addressed?”
Lagman, an IT expert, believes that the machines can be hacked. The petitioners before the SC believe that this could eventually lead to widespread cheating.
says butch del castillo in Those cursed PCOS machines
During the High Court’s hearing on the petitions early this month, former Commissioner Lagman (who was called by the High Court to express his dissenting views) said Comelec’s approval of the purchase came long after its option to purchase had expired. Lagman said Comelec should not have renewed Smartmatic’s contract “because the technical glitches in the PCOS machines were not addressed.”
“Proof of the problems is that they were trying to repair it, an admission that the problems existed,” he said.
Lagman described the whole network of PCOS machines as “very vulnerable to tampering.”
He said, “it does not have enough security features and has no digital signatures, which were supposed to be given by election inspectors rather than the machine.”
Lagman also pointed out that the Smartmatic system “had no mechanism to check the authenticity of the ballots and votes supposedly shown.”
Lagman’s views on the fatal defects of the PCOS machines were similar to the findings of the Philippine Computer Society and other concerned entities that organized themselves into a watchdog group called Tanggulang Demokrasya or Tan Dem.
okay, so the supreme court summoned the IT expert ex-commissioner lagman pala and listened naman to his objections re the use of smartmatic’s PCOS machines sa 2013. and yet the supreme court has nothing to say about these objections. the problem, i suppose, is that the four separate complaints questioned only the legality of the contract signed last march by smartmatic and comelec, and did not raise the lack of security features, the vulnerability to tampering, atbp. bakit? they were so sure that there was no way the court would find the contract legal? that wasn’t very bright of them.
The court said the contract was still valid and existing because the performance security bond posted by Smartmatic-TIM was not yet returned.
The bond was in the form of a letter of credit worth P360 million or 5 percent of the original P7.2-billion poll automation contract for the May 2010 polls.
The bond was meant to fund penalties for non-performance or should Smartmatic-TIM fail to deliver the equipment based on contract schedules.
“That was one expressly stated in the contract, that return of the performance bond will terminate the contract,” (sc spokeslady) Guerra said.
“The court found that the main contract for the automated election system between the Comelec and Smartmatic–containing an option to purchase–was still existing when Smartmatic extended the period and when the Comelec exercised said option,” she said.
and now that it’s a go, biglang Chiz has no more doubts about PCOS.
Escudero said he also used to have doubts about the PCOS machines, but that Comelec statistics on electoral protests after the 2010 polls show the machines work.
“Lahat ng recount nila so far, kung ano ang nabilang ng PCOS at resulta ng halalan, ‘yon pa rin ang eksaktong lumabas. Sa katunayan, ayon sa Comelec, wala pa raw protestang nananalo tungkol sa maling bilang ng PCOS sa lokal na mga laban,” he said.
really? can we see these comelec reports too? and when did comelec come up with these statistics on electoral protests — before or after gus lagman was removed?
The Palace decision not to re-appoint Augusto “Gus” Lagman to the Commission on Elections (Comelec) is regrettable, particularly for a government that claims to be championing reform. Last week, a Cabinet official informed Lagman that his appointment as commissioner was rejected outright by the Commission on Appointments. He was not even given the benefit of appearing before that body. The Cabinet official explained that the Palace wanted to spare Lagman from grief and possibly a confrontation with members of the appointments commission – or at least one powerful member, supposedly Senate President Juan Ponce Enrile. Had he been re-appointed, though, Lagman would have welcomed the opportunity to face Enrile or whoever and to explain in a public forum whatever issue might be raised against him. We would have wanted to see that, too. Unfortunately, Lagman will never have that chance.
“supposedly,” enrile himself? googled it and found this report of march 23, just a week before corona was convicted — peaking nuon ang presiding senator judge.
Brillantes found an ally in Senate President Juan Ponce Enrile, who challenged critics to identify elected officials presently occupying government posts who benefited from alleged glitches in the automated voting.
“Of course, any technician can find something to criticize. But I’m talking about the result of the last election. If you can prove to us that there are people sitting now, exercising power, who were the product of cheating during the last election, then maybe we are open [to changing the system],” Enrile told complainants at the hearing of the committee on electoral reforms.
“If we say there’s cheating with PCOS, are we also saying that the victory of President Aquino involved cheating? I think that’s impossible. Even in the case of (Vice President Jejomar) Binay, there was no cheating,” Enrile said in Filipino, noting that he had presided over the canvassing of votes of president and vice president in the 2010 elections.
ganoon? alam ba yan ni mar roxas ? well, enrile’s son is with binay’s una party, no? which makes it even more interesting that one of the solons now daring smartmatic and comelec to bare PCOS’ errors and repairs is jack enrile.
… a day after the high court upheld the validity of the P1.8-billion contract of the Comelec with Smartmatic-TIM for the purchase of 82,000 PCOS for use in the 2013 elections, two lawmakers from the House of Representatives on Thursday expressed their apprehensions over certain alleged security defects that make the machines vulnerable to tampering.
Cagayan Rep. Jack Enrile said the Comelec must categorically address technical concerns aired by one of its former commissioners that the PCOS machines used to automate the May 2010 elections remain vulnerable to tampering.
Enrile said that “even if the high court upholds the Comelec’s decision to use PCOS machines in 2013, election officials are still hard-pressed to shed light on allegations by one of their former colleagues that the machines remain vulnerable to tampering and do not have enough security features.”
He said the poll body must clearly demonstrate to the public that the technical glitches have already been corrected.
He urged the Comelec to make a voluntary demonstration of the new PCOS machines’ features and operation and open the technology to scrutiny by independent IT experts.
Enrile had earlier called on the Comelec to make the PCOS machines available for pre-testing by interested parties even for a limited time, saying this will allow independent groups to identify possible glitches and provide feedback on how to further improve the system.
“The only way to see if the technical glitches in the PCOS machines have been corrected and that security features have been improved is to allow for an actual and thorough examination by independent IT experts on this technology,” he stressed.
“This would assuage public fears that results of the elections could be manipulated if Comelec pushes through with the use of the PCOS machines in the 2013 mid-term elections. The Comelec needs to convince the voting public that results of the elections will be credible and that their voice will be counted come election day,” he said.
“The Supreme Court should also look deeper into Lagman’s allegations and make an independent determination on the veracity of these concerns,” Enrile added.
so father and son don’t agree on PCOS? o nagda-drama lang sila, nagpapalabas, kumbaga?
Bayan Muna Rep. Neri Colmenares, vice chairman of the House committee on suffrage and electoral reforms, said the Supreme Court should have gone beyond the validity of the Comelec’s deal to examine Smartmatic’s capacity to comply with the contract.
“Why should we entrust our votes to a company that failed to comply with its own security measures and contract in the 2010 elections?” Colmenares said.
“Had the votes in the 2010 presidential elections been close, there would have been serious turmoil in the country due to the lack of transparency.’’
jojo robles may be right. it would seem that the complainants underestimated the powers of presidential wishes in these post-corona times.
It is no secret that Aquino, who was installed by Smartmatic’s PCOS machines, was wholly in favor of allowing the subcontractor to continue its work in next year’s midterm elections. Aquino’s push for the renewal of Smartmatic’s contract was a radical turnaround from his original position, however, that a new election automation provider must be found through a new bidding.
Comelec, under the leadership of Aquino appointee Sixto Brillantes, has never hidden its desire to continue using Smartmatic as its automation provider despite the protests lodged before it and, later on, before the Supreme Court. Last April, the high court led by Chief Justice Renato Corona, who had already been impeached and was then being tried in the Senate, issued restraining orders on Comelec to stop it from continuing to honor its contract with Smartmatic and from purchasing the PCOS machines.
googled the part about the prez previously saying that a new election automation provider must be found through a new bidding. found nothing. but found this, circa jan 2011:
The President said he was also in search of a commissioner who is knowledgeable in the field of information technology because of the automation of the country?s elections.
“We have the opportunity to really transform our electoral process through the selection of these people,” he said.
then why did he let lagman go? read this: Just how low can he get.
i wish none of the above were true. i wish we could be convinced that the PCOS machines are now working perfectly and cheating would be impossible in 2013. but it’s just too much of a stretch. better praning than sorry.
read too del castillo’s Horror stories about PCOS machines and elinonapigkit’s Post Analysis of Cheating in the Automated Counting and Transmission of Votes of the May 10, 2010 Election.