Sunday, July 4, 2010

Why The May 10, 2010 Philippine Polls Failed: The PCOS Forensics

ONE of several arguments that strongly point to systematic, nationwide fraud to favor a “secret candidate” of the Philippines’ preceding Illegitimate “President” Gloria Macapagal Arroyo is the fact that the recent automated elections despicably failed to meet the minimum standards for “transparent and credible” electoral process. Central to the questions on the integrity of the AES polls last May 10, 2010 are the Precinct Count Optical Scan or PCOS machines supplied by Venezuelan firm Smartmatic-TIM.
The PCOS is perhaps most infamous for Comelec’s admission at one point of the machines as having ascandalously high error rate ranging from 15-30 percent instead of the tolerable rate of a mere 0.005 percent. There have been a host of other PCOS issues, however, even several weeks prior to the elections. Mr. Roberto Verzola, the “Father of Philippine Email,” made a pre-electoral assessment of Comelec’s adopted technology and predicted a mere 25% success rate for the Southeast Asian country’s first automated elections. On the particular issue of the Smartmatic-TIM’s PCOS machines and what Comelec’’s relevant actions, he listed the following points of electoral insecurities:
* “no mention of full testing and acceptance by the Comelec: of the 82,200 PCOS machines delivered”
* disabling of what was the built-in PCOS feature of voter verification and confirmation feature
* amidst the PCOS’ use of two memory cards and purchase of extra memory cards, the potential risk of malicious capability for memory card substitution in 21.5 percent of the PCOS machines.
The Center for People Empowerment in Governance or CenPEG also made its assessment five weeks before the polls that the technology adopted by Comelec falls short of the minimum safety requirements, as well as industry standards that the law mandates. Strong evidence indicative of the grievous insecurities of the PCOS machines were exposed during the forensic investigation on the 60 PCOS machines found in the residence of a Smartmatic technician in Antipolo City.
It is most unfortunate that Senate President Juan Ponce Enrile did not wait for the final forensic report and pushed through with the proclamation of the supposed presidential and vice-presidential “winners” of the May 2010 elections. Nonetheless, the said report reveals the utter unreliability of the PCOS machines for any serious electoral exercise. Amidst the findings on the Susana compact flash (CF) cards, the report adds to the many evidences that seriously indicate HOCUS PCOS poll fraud during the last AES polls.
What follows is the encoding of the final report of the National Board of Canvasser's Joint Forensic team that investigated the PCOS machines suspiciously found in the residence of a Smartmatic technician (hardcopy provided by the office of Sen. Jamby Madrigal).

(Summary of Findings:)

Extracted Hash Code Did Not Match Published Hash Code.

The has code is an output of an algorithmic process that will verify if an electronic file is authentic or not. The hash code of an electronic file is always unique–it would change if the content of that electronic file is modified. The hash code is to an electronic file as the fingerprint or DNA is to humans. (p. 2)

Absence of Machine Digital Signatures.

Examination of the PCOS machines revealed that there was no evidence found to prove the existence of digital certificates in the PCOS machines, contrary to the claims of Smartmatic. (p. 3)

PCOS Machine Can Be Controlled Through Its Console Port.

The PCOS machine contains a console port, which Smartmatic claims is only a one-way out put port, used for diagnostic purposes only. The forensic team, with the allowance of Smartmatic technicians, was able to connect an ordinary laptop computer to the console port of a PCOS machine, via a serial cable provided by the latter.

“… the serially connected laptop computer was able to access the operating system of the PCOS machine… [without need for] username and password….
“The Linux operating system of the PCOS machine was exposed to full access and control….

“Smartmatic cannot offer a technical explanation for this major loophole” (pp. 3-4)
Hon.  Anne Susano’s CF Cards.

“The forensic team is of the opinion that the three (3) CF cards, one (1) of which is a main CF card, are all authentic CF cards, meaning that are all original and duly issued by Smartmatic or COMELEC.

“This finding would then belie the announcement of the COMELEC NCD Director that all the CF cards within Metro Manila had all been accounted for and turned over to the COMELEC.” (p.5).

Final Recommendations.

The Recommendations and Conclusions, as embodied in the Preliminary Report remain standing except for Item No. 1, which should now read, as follows:
“1.  To allow the forensic team to further explore the console port of the PCOS machine and perform tests as to its capabilities and vulnerabilities. For example, to allow the forensic team to store an executable code in the PCOS machine’s RAM disk and verify as to how the PCOS machine will behave with such a load in its RAM.”

It is further recommended that the forensic analysis of the PCOS machines be allowed and expanded by the incoming 15th Congress to include those PCOS machines which are subject of electoral protests and suspected of having been used as instruments of electoral fraud.

For your consideration and approval.

Sincerely yours,
For the Joint Forensic Team  

Importance of Digital Signature
Digital signature forms the lifeblood of authenticity in electronic transactions. It is a cryptographic process through which the Private Signature key of the sender is signed into a PRISM message, enabling the message's recipient, who has the correponding public key, to accurately authenticate the message. It serves to validate both data and identity to make sure that information has not been changed--in other words, not tampered--from the time it was created to the time it was sent to the time it reached the receiving party.
In all secured electronic transactions, including the critical election process, digital signatures constitute a fundamental infrastructure element for electronic voting. That the Comelec did away with it with its March 10, 2010 resolution--in violation of the Republic Act 9369 and its pledge before the Supreme Court in the Harry Roque - COMELEC-Smartmatic case--highlights how the 60 PCOS machines having been found in a Smartmatic technician's residence in the province of Antipolo have possibly been used to commit electoral fraud. As explained by Hermenegildo R. Estrella R. Estrella Jr., Management Systems Advisor for public and private consulting projects:
The purpose of the digital signature is for the receiving entity, in this case for example, the municipal or city board of canvassers, [to] know exactly where that particular vote count is coming from; and whether (1) it is authentic, (2) it can be verified, and (3) really accurate.
Had Comelec not dismantled the requirements for digital signatures, and had the third party certifying the authenticity of such signatures been independent (as required by law, should have mainly been the National Computer Center and NOT Smartmatic itself as is the case, constituting constitutes blatant conflict of interest), the discovery of the PCOS machines in a private residence should not have been an issue. This is because digital certification by the BOE inspectors would have allowed the PCOS machines to bear his or her identifying number no matter if s/he uses other PCOS machines as necessary in transmitting the electronic voting data, thus serving to verify the sender and help authenticate the transmitted election returns.
However, exactly because there was no digital security safeguard, who's to tell the machines were not used to transmit fraudulent votes? In fact, it is probable that the said PCOS machines, which obviously constitute part of the extra machines Comelec had ordered but found in apparently scandalous circumstances, were used in the unexplained transmission of ghost votes reported by the mainstream media on the night of election day. Jonathan Manalang, the Operations Director of the technical support center of Smartmatic, testified in Congress on how the media was astonishingly reporting 50 percent vote transmission when there was, in fact, only 20 percent votes yet being transmitted from the headquarters of Smartmatic-TIM.

Forensic Report of No Digital Certificates in PCOS
That the forensic report of the Congressional Canvassing body shows the ABSENCE of the machine version digital signature by itself glaringly reveals even more how highly anomalous the automated elections held last May 10, 2010 were. What, are the people supposed to believe that Comelec did not bother inspecting the delivered PCOS machines? Or, did the poll body even cared to test the capability of Smartmatic during the bidding (and post-bidding) process? Father of Philippine e-mail RobertoVerzola in fact made a March 2010 pre-electoral assessment that reports of how Comelec made no mention of having fully tested the delivered PCOS machines.
In the context of the discovery having been made amidst the lying claming of Smartmatic that (1) signature was present in the PCOS machines; (2) Comelec's bullying insistence that Smartmatic bag the P7.3-billion contract for AES; and (3) Comele's adamant claim that Smartmatic technology is unhackable, the revelation categorically points to collusion between the previous Arroyo administration, as represented by Comelec, and Smartmatic. These two entities apparently worked in conjunction with each other in paving the way for insecure, unsuccessful automated polls.

Hash Code
Hash codes are unique digital fingerprints that serve to authentically identify electronic files. That the hash codes extracted in six of the PCOS machines did not match Comelec-published results further adds to the fraudulent anomaly of the Philippines' first AES. One wonders whether there were other PCOS machines that carried hash codes not matching the ones published by Comelec?
That Comelec belatedly claims the extracted harsh code to be the correct one indicates incompetency on the part of the poll body at the very least and, more likely, deliberate fraud by the administration at its worst. Moreover, that the Philippine poll body apparently bothered not knowing the PCOS machines' genuine hash code until the fact of the incongruence of the extracted and of the Comelec-published hash codes was shown by the final report of the Congressional Canvassing body--which was released only on June 9, 2010 or nearly month after the polls--probably point to how the entire elections was intended to be fraudulent.
Why so? Because this incredible level of technical nonchalance by Comelec diametrically counters--and belies--Comelec's insistence that the security features of Smartmatic's PCOS machines are not hackable. Such diametrical opposition of fact versus Comelec pronouncement, amidst the poll body's illegal forfeiture of the digital security feature basic to any successful secured electronic process, only indicates systematic intent to deceive and con the Filipino electorate.

Forensic Discovery of Secret "Backdoor" Control
The discovery of the secret control "backdoor" in the console part of the PCOS machines is another grave issue that clearly points to Comelec-Smartmatic collusion for poll failure or automated poll fraud. Smartmatic having claimed the backdoor was merely a one-way output port for diagnostics when it could easily be exploited to fully manipulate the machine's actual operations through its sash interface loudly cries deception. That Comelec has been pronouncedly amiss in ensuring the security of the AES, among others, by certifying, and testing the PCOS machines, even when it has vouched for their supposed non-hackability, unquestionably show intent to deceive.

In sum, Congress' final forensic report of the PCOS machines inappropriately housed in the residence of a Smartmatic technician reveals the (1) mismatch between the Comelec-published and the extracted hash codes; (2) absence of digital certificates in the PCOS contrary to Smartmatic's claim; the (3) the alarming presence of a secret "backdoor" to easily control PCOS operations; and (4) even Comelec's inability to secure all its duly-issued CF cards. Amidst Comelec's move to forego of the digital security feature requirements of R.A. 9369, including that most fundamental digital signature; it's bullying insistence to acquire the services of Smartmatic; and highly suspicious failure to fully test the delivered PCOS machines while loudly vouching for them as supposedly being not hackable, the poll body in complicity with Smartmatic seemed to have plotted the failure of the Philippines' first automated elections. Beyond the failure in terms of a secured automated environment and authenticity of counted votes and election returns, it appears the previous Arroyo administration had ensured the victory of its secret anointed one HOCUS PCOS style.


Posted by Jesusa Bernardo

No comments: