POSTSCRIPT / March 24, 2022 / Thursday


Philippine STAR Columnist

Share This

Check peopleware, hardware, software!

With candidates and voters caught in the frenzy of the campaign, who has been left to ensure that the computerized election system has not been rigged to deliver not the people’s vote but the election results that somebody had bought?

Smartmatic to provide vote-counting machines (VCMs) in the 2022 elections. Photo: Shutterstock

Are the hardware (eg: Vote-Counting Machines), the software (programs operating them), and the peopleware (the human managers) of the Automated Election System (AES) adopted under RA 8436 been sufficiently shielded from tampering?

Not that we have wavering faith in ourselves, but similar voting machines in past elections have been found to be vulnerable to manipulation.

On May 9, some 67 million qualified Filipinos are expected to troop to around 100,000 precincts around the archipelago to vote for a president, a vice president, 12 senators, hundreds of congressmen, and thousands of other local officials.

After that brief moment of being King, the voter loses track of his precious piece of paper as the pre-programmed computers take over the ballot-scanning, vote-counting, and transmitting the tabulated results to distant servers that will consolidate the scores.

What is the guarantee that in the scanning, counting, transmitting, and consolidating of the votes no cheating occurs? Or that no malicious instructions have compromised the process through the source codes or the SD (Secure Digital) cards inserted into the VCMs?

The computers will do exactly what they are programmed or instructed to do. That may explain the anxiety over the program or software that reportedly came packaged with the machines purchased from Smartmatic, the suki of Comelec.

We were surprised to learn days ago from a Comelec official that the international certification of the source code(s) has been COMPLETED and that the local source code review is already nearing completion!

With only 46 days till Election Day, is there still time to adopt recommended (but mostly ignored) safeguards or protocols against known election cheating techniques used by moneyed politicians teaming up with tech-savvy criminals?

 What’s Comelec plan vs cheating?

It would be tragic if the people’s will as expressed through the ballot would only be subverted by computerized cheating under the very nose of the Comelec.

There are supposedly three stations whose software must undergo source code review: Election Management System, Vote Counting Machines, and Consolidation and Canvassing Servers. How come not much has been reported on this aspect of the elections?

Source codes are instructions written to ensure that the hardware works the way it should. Representatives of political parties, information technology election experts, and advocacy groups were reportedly allowed to attend the source code review. Did they?

The VCMs (a rebranding of the discredited Smartmatic HOCUS-PCOS machines of previous elections), SD cards and other hardware have been stored in the Comelec warehouse in Sta. Rosa, Laguna. The VCMs and the SD cards are being configured there.

Like guns, VCMs and SD cards are neutral by their inert selves, but in the hands of criminals hired by moneyed politicians, they could be used for tampering with vote counts.

In previous elections, representatives of political parties and candidates were allowed to observe the VCM testing and the SD Card configuration in Sta. Rosa, as well as the printing of the ballots in the National Printing Office.

This time, however, observers reportedly have been disallowed, including Comelec’s accredited watchdog PPCRV (Parish Pastoral Council for Responsible Voting). Lack of transparency can undermine faith in the system and in the Comelec run by a cohort of seven Duterte appointees.

Having learned from past incidents, advocates of clean elections suggest that a manual ballot count be made the official count in precincts where SD cards were reconfigured or replaced, VCMs malfunctioned, or transmissions failed to transmit.

* * *

Back in 2013, we were already calling attention to the critical role of the source code in our computerized system. We said among other things in our Postscript of April 28 that year:

The election hardware is run by software or a set of instructions written in binary code which uses strings of ones (1s) and zeroes (0s) that only the machine can read or interpret.

The binary code is a translation of the source code, which is the original program written in a technical language that humans can read. The binary code in the machine must be confirmed to be a correct and exact translation of the source code written for it.

After the source code is written, a compiler converts it into binary code using only two bits – one (1) and zero (0) – to rewrite the program in machine language.

Binary encoding has been simplified with the use of only “1” and “0”, which are the bits generated by the “on” or “off” states that the computer takes. (These two bits do not have the same meaning or value as the 1 and 0 in our decimal number system.)

The letters of the alphabet are written in binary as: A=01000001; a=01100001; B=01000010; b=01100010; C=01000011; c=01100011; … et cetera … X=01011000; x=01111000; Y=01011001; y=01111001; Z=01011010; and z=01111010.

Since humans — including Comelec officials, politicians, and IT experts — cannot read binary, the election law orders that at least three months before Election Day, local parties must be able to review the readable source code. (FDP: Note the three-month order!)

There must be absolute certainty that the instructions to the voting machine are flawless, fair and not malicious. For instance, what if a line had been inserted in the tenor of “for every five votes for Candidate A, credit one of the five votes for Candidate B”?

That sample computerized “dagdag-bawas” instruction cannot be detected if there is no review of the source code.

(First published in the Philippine STAR of March 27, 2022)

* * *

Share your thoughts.

Your email address will not be published.