Hebrew soldiers said Goliath was too big they could not kill him. David said Goliath was too big, his slingshot would not miss him. Attitude. Equipped with the correct attitude, our people can view this electoral breakthrough called poll automation, and the generous support of many all over the land, young and elderly alike, as reasons for hope and optimism. With prayer and work (ora et labora) that there are better days ahead, Filipinos will succeed. If we whine, we complain, we bemoan that the Filipinos are beyond redemption, we will fail. Against gloom and doom, we labor and hope that change is within reach, and proclaim that God provides and He will never fail the Philippines!
Justice Antonio Carpio raised the issue of foreign control of the polls after he pointed out the mandate of the Comelec, which is to supervise and administer the election process. Carpio noted that the winning foreign bidder, Barbados-Venezuela Netherlands-based Smartmatic, will have exclusive possession of the public and private keys for the operation of the electronic machines.In response to Carpio's line of questioning, Lead Petitioner Harry Roque reportedly posited that if Comelec grants exclusive possession to Smartmatic, it also cedes exclusive control of the election process:
Carpio, one of the few IT-knowledgeable magistrates in the tribunal, explained that the public key allows access to the main system (or administrator) while the private key is essentially the password for the operation of the individual machines. The precinct count optical scan (PCOS) machines that will be used in the polls will count, consolidate and transmit the election results.
Lead petitioner UP Professor Harry Roque told the High Court that it will be Smartmatic which will have control of both public and private keys. During the elections, the private key will be given to the Board of Election Inspectors (BEIs) in the precincts.
However, the BEIs will have to depend on the private keys (or passwords) to be given by Smartmatic. By having control of both public and private keys, the set-up, in essence, reposes to Smartmatic the exclusive control of the election process.
Roque said the scheme amounts to “complete abdication of the function of Comelec” to supervise the polls, which is unconstitutional.
Cryptography: Requirements relating to use of cryptography in voting systems, e.g., use of U.S. Government FIPS standards.
Setup Inspection: Requirements that support the inspection of a voting device to determine that: (a) software installed on the voting device can be identified and verified; (b) the contents of the voting device’s registers and variables can be determined; and (c) components of the voting device (such as touch screens, batteries, power supplies, etc.) are within proper tolerances, functioning properly, and ready for use.
Software Installation: Requirements that support the authentication and integrity of voting system software using digital signatures provided by test labs, National Software Reference Library (NSRL), and notary repositories.
Access Control: Requirements that address voting system capabilities to limit and detect access to critical voting system components in order to guard against loss of system and data integrity, availability, confidentiality, and accountability in voting systems.
System Integrity Management: Requirements that address operating system security, secure boot loading, system hardening, etc.
Communications Security: Requirements that address both the integrity of transmitted information and protect the voting system from communications based threats.
System Event Logging: Requirements that assist in voting device troubleshooting, recording a history of voting device activity, and detecting unauthorized or malicious activity.
Physical Security: Requirements that address the physical aspects of voting system security: locks, tamper-evident seals, etc.What one discovers from a careful study of this comprehensive document is that CRYPTOGRAPHY is essential and necessary to all these aspects of system security and operation. It would be literally impossible to carry out its mission and guarantee that system security if Smartmatic were not given exclusive possession of them.
This happened already once before --in the 2004 SCoRP decision ITF v. Comelec--whose incomplete restitution has left a sour taste in everyone's mouths about Comelec and automation. The Court-ordered recovery of over a billion pesos paid to provider Megapacific in that case has never happened! As a result of the 2004 fiasco over Ben Abalos' Automatic Counting Machines there has developed a justifiable cynicism and distrust of Comelec. Many people are simply unwilling to grant Comelec the benefit of a second doubt in the case of the proposed Smartmatic Automated Election System and Comelec has not done much to win the Public's TRUST since the Garci Scandal of 2004, indeed, insult was added to injury with that slow-motion Maguindanao scandal in 2007 involving the votes of Migz Zubiri and Koko Pimentel, and Mr. Garci Junior himself, the accurately-named Lintang Bedol!
Of course, ANY first attempt to conduct an automated national election involving up to 50 million voters has got to be fraught with pitfalls and challenges. However, I do not agree with Petitioners in the case aforementioned that there is a big risk of an outright failure of election because of a massive and systemic failure in the Smartmatic system software and hardware. Against such a possibility -- say their PCOS disappears and another cannot be delivered in time -- each Board of Election Inspectors is expected to conduct a manual count of the executed ballots and to process their Election Return in the normal way: by submitting it to the Municipal Board of Canvass. They are obligated to do the same any way under RA 9369 except that they could also forward the PCOS-generated E.R. In a sense, manual election operations become the fail-over mechanism should the PCOS machines be unable to do the job on the voters' ballots. The Smartmatic Real Time Information System (REIS) claims to be able to accomodate manually counted and reported Election Returns from precincts without functional PCOS machines.
Some paint a picture of possible widespread inability to operate the Smartmatic PCOS machines; or that these machines will spit out and transmit inaccurate or dishonest election returns that cannot be questioned and corrected. Such an eventuality would be a grave disappointment, of course.
It is easy to believe the speculation that the First Gentleman Mike Arroyo stands to make a hefty commission from the deal, and not much less credulity to think that the FG or similar evildoers may even resort to "wholesale automated cheating".
I guess, I am prepared to believe that certain persons in High Places stand to make money from a seven billion peso contract, but I do not personally believe that Smartmatic Corp. is primarily interested in selling out to some Filipino politician instead of trying to establish itself as a long term leader in a rapidly growing global market for automated election systems. The calculus here is pure greed, since Smartmatic stands to make more money providing secure, reliable election systems than colluding with Filipino cheaters for a small time score.
Accusations have been made that these cryptographic codes in the possession of "foreign companies" will be used to conduct "modernized cheating" or digital dagdag bawas during the transmission and canvassing phase. The main accusation of petitioners is in fact "Comelec has abdicated its Constitutional duty " to conduct the 2010 synchronized national and local elections if it agrees to give Smartmatic Corp. "exclusive possession of the public and private keys" used in the elections.
I believe this characterization to be HYPERBOLIC, if not hysterical. It is equivalent to claiming that one ought not to allow one's Bank to exclusively possess the combination to its own SAFE because then it might cheat one of one's money, or not yield to an audit of the balance on demand.
Exclusive possession of those cryptographic keys by Smartmatic is WISE, as opposed to shared possession with say Virgilio Garcillano and others at Comelec--which strikes me as a singularly idiotic idea.
13 comments:
I think you misunderstand the role of the public and private keys in poll automation and confuse it with cryptography. The data is encrypted and the innards of that encryption system is kept secret and held only by Smartmatic. But to open that file, one needs a key. That key should be generated by and kept secure by the authorized person mandated by law - the election inspector. Authorizing the election inspector to create and control his own key does not mean exposing the entire encryption system to the public.
To put it simply, the public/private key is like the PIN for your ATM. This PIN is not assigned by the bank but is generated by the user himself (in this case the election inspector) in order to ensure that the election results data that he sent from the precint level is exactly the same thing that was transmitted and received by the canvassing center. Thus, the election inspector's digital signature or password should be generated and kept by the user alone, not by COMELEC or Smartmatic. Giving Smartmatic or COMELEC these keys would make the entire system vulnerable to systematic manipulation.
Teddy, that's what Carpio thinks.
I just think it's a "damned if you do, damned if you don't" situation. Who really trusts the Comelec, whether it's automation or manual vote counting? Perhaps, the election officer should be assigned two/three "bodyguards" 24/7--one each from the administration and major opposition groups?
2010 is not the time to automate elections. When? First thing is to allow time for the atmosphere of corruption and wanton disregard for the law to pass. How much time will that take - who knows?
If at all, automation should be tried on the local elections first. Let's see how that goes. So, lets pilot the proposed system. Field testing is what they call it. This should expose certain system kinks. The glitches would be more manageable.
I've worked as a technical consultant in systems development and implementation in the US and know that any system, more so with huge systems can't be rushed.
Unfortunately, there are always those who get excited about automation without really understanding what is involved.
Ony
Chicken v. the Egg Ony. I say we start now and force reform on Comelec. If you wait for Comelec to reform first, why do you even need automation?
Jorge,
Many systems fail because of what you propose - start/implement now for the sake of having automation.
As I suggested, start at the local level where it can be administered with an some level of confidence, in the Manila mayoral and council elections, for example.
Reform Comelec? By all means! And it might be simpler than what your complex noodle factory thimk. If we can get rid of GMA, we'd be 50-70% done in our efforts.
Ony
anon,
perhaps it is mere hatred of GMA that motivates those who oppose it now. It isn't like automation is some big mysterious thing. Cenpeg and Roque are doing a reprise of the Y2K bug. Their technical critique does not stand up to scrutiny as it is based on fearmongering. They are holding the thing up to standards that aren't even within a thousand kilometers of the manual system that they are forcing upon us. Why shouldn't we do it they say? Because we will be cheated or it will fail. But cheating is much easier to do in a manual election and will surely occur.
Jorge,
Manual or automated, for those who know and are in power, one is not harder than the other when it comes to cheating. You know this just as well as anyone.
Automated processes should always be held to higher, if not the highest standards. In fact, this is always the objective - "Best practice."
As to hatred of GMA, she brought it upon herself. If I may use your analogy of chicken and the egg: GMA is both chicken and egg of corruption in the Philippines - puno at dulo, ika nga.
Wouldn't you agree that her actions motivates or inspires suspicion and deep mistrust to everything she is connected to or does?
Again, sa local elections, kung palpak ang automation o hindi na test ng mabuti at maraming surot ang system mass manageable na ituwid o bigyan lunas sa mataas na kanpangyarihan, lalo na kung ang puno ng bayan ay hinde si 'hello Garci.'
Btw, R. Carandang suggests an interesting schenario in his blog about what could happen in 2010 elections.
Ony
I may be wrong, but I think the bank analogy doesn't quite fit. The bank can be trusted because if it messed up, it could lose its license. If Smartmatic messes up, the consequences on it is not as dire as on the electoral process.
Orlando,
You would be right if we assume that Smartmatic isn't in this for the multibillion dollar global automation market (including its business in the US) and that they would be willing to sellout small time to some Filipino trapo. Then again the analogy would change to a ROGUE BANK that was set up for just a single score (and possible jail terms!) The Philippine election would be the biggest single national election that would be automated and could crack the market wide open for Smartmatic if it is hailed as successful and secure. They would be out of business otherwise. BTW the analogy is more along the lines of how CRYPTOGRAPHY in the election system is as strong (and claimed to be STRONGER) than for banks since they use the same US Federal Cryptography standards, against which their software has already been tested since they participated in several US polls. I bring up the analogy for a third reason: to convince people that this type of automation is quite common and reliable already, not some big mysterious thingy. thanks for your comment.
Hi Dean,
Denying Comelec access to the public and private keys - because it cannot be fully trusted - will not necessarily prevent the likes of Bedol and Garci within the Comelec, or any one with intimate access to it, from rigging the election should they want to. Smartmatic might not have the motive to score or become pawns of election cheats, but dirty Comelec officials can always have access to the election machines and insert malicious softwares to alter the results. An inside job at the Comelec is more likely to sabotage the AES. In fact, this problem is something that a princeton university IT study group found vulnerable in the US automated elections; luckily for the US, their election officials do not suffer obsolescence of trust.
goodness. all these naysayers on automation. a few years ago they were screaming 'automate!' then when the comelec comes around to doing this they all scream 'don't automate!' i mean, what do we all really want?? why can't we make up our bloody minds?? it's occam's razor, the simplest answer tends to be the correct one. automate. get electronic results within the day, proclaim a winner so that governance won't be severely delayed (we've seen garbage pile up during hotly contested local election counts) and if there are complaints, then retrieve the paper ballots cast. which means, once those paper ballots are run through the counting machine, don't throw them away. so in this scenario, after the electronic count, comelec declares an unofficial winner who will be deemed as a sort of 'officer-in-charge'. governance and public service will then be left unhampered. if all protests against this OIC are deemed void or resolved, then COMELEC moves to officially proclaim the OIC as duly elected for his/her respectable position. frankly, i for one believe that the presidential and senatorial vote is likely more honest than the local elections because based on what i've observed throughout all my years voting is that people on the local level hardly care about the national vote. so to secure the presidential and senatorial count, you merely need to focus attention on the national canvassing body. all the issues against automated voting might be releveant in the local elections but arguably not for the national vote. besides, if the system messes up, we won't have any problems finding the culprit. Smartmatic gets the accusatory finger.
@Anonymous
I guess you've not heard enough of the abominable 'Hello Garci' scandal and previous 'Dagdag-Bawas' operations that's why you think national elections in RP have been cleaner than the locals.
Even if, for the sake of argument, vote manipulation in both levels are the same, the implications of national-level cheating are obviously much more serious.
Post a Comment