Poll officials must answer security issues - CenPEG
June 3, 2010 - Even as Congress is set to proclaim the winners in the May 10 presidential race, there remain security issues related to the automated election and until these are plugged, doubts will linger on the credibility of poll results.
The Center for People Empowerment in Governance (CenPEG) through its IT consultant, Lito Averia, thus said today on the heels of a new controversy arising from reports that the Comelec had asked on May 9 regional offices of the Department of Science and Technology (DoST) to configure new compact flash (CF) cards with the use of two burners. The new CF cards number about 1,600.
Averia, who made the revelation in yesterday’s hearing of the House committee on suffrage and electoral reform, said the directive begs clarification by DoST. Congress members looking into the May 10 elections noted this fact was hidden from them by Comelec, with one of them, Rep. Rufus Rodriguez, warning about a possible security hole. Both Comelec and Smartmatic had been saying that replacements for all the 76,340 CF cards found to be faulty on May 3 were to be supplied by the central plant in Cabuyao, Laguna.
With regard to the recent Smartmatic demonstration at its Cabuyao warehouse, Averia raised several questions concerning data security issues related to the conduct of the automated election system (AES).
“The demonstration of the automated election system (AES) by Smartmatic, albeit in a controlled environment, may have addressed detailed issues raised during the committee hearings, but some questions still remain unanswered,” the CenPEG IT analyst said. Security breaches and data tampering can still occur with the participation of insiders who know the keys (passwords) and have intimate knowledge of a system, he added.
He said that in the botched May 3 final testing and sealing procedure due to the unreconfigured CF cards, the central password (used for digital signing) management by Comelec, the console port on the precinct count optical scan (PCOS) counting machines “are security holes that have to be thoroughly reviewed.”
“Were these security holes exploited to breach the system and perpetrate fraud?,” Averia asks.
He asked if the compact flash (CF) cards used in the AES are truly WORM (Write Once, Read Many) devices as represented by Smartmatic, since CenPEG’s research does not reveal that such WORM CF Cards exist.
“At best, the device could be write-protected with logical keys or passwords,” he said, referring to the Cagayan de Oro CF Cards, found to be genuine, and the CF cards presented by Rep. Annie Rose Susano in Congress.
One CF card’s slog line (or record) showed gibberish, indicating some kind of digital signature record, and “what remains open until fully investigated is the question if said CF cards were used or substituted to perpetrate fraud,” said Averia.
Averia now asks how many of the re-configured CF cards underwent final testing and sealing on site, and how many did not reach their final destinations before May 10. CenPEG received reports of many precincts failing to receive CF cards in time for poll opening.
While Smartmatic demonstrated during the May 31 visit to its Canlubang warehouse how machine digital signatures protect the data stored in the CF Cards, CenPEG believes that “machine digital signatures do not exist in the Philippine legal firmament.”
To resolve PCOS accuracy issues, CenPEG has also asked that the House committee subject PCOS machines to vibration and drop tests in a testing laboratory accredited by the Bureau of Product Standards.
Averia also noted that the different PCOS machines have different internal clock settings, a phenomenon Smartmatic said may have been triggered while in transit.
The display of erroneous registered voter count at the PICC where the Comelec held its canvass of senators and party list, and at the Batasan where Congress is now in joint session for the canvass of votes for the presidential and vice-presidential positions should also be explained.
For further information, please contact:
Center for People Empowerment in Governance
3/F CSWCD Bldg., UP, Diliman, Quezon City
TelFax +9299526; or +4344200
Email: email@example.com; firstname.lastname@example.org