Sunday, October 18, 2009

Boutin's Election Questions (Oct 19 09)

Here are my answers to questions submitted by Mr. Matthew Boutin, a student of Ateneo:

-In your August 4 Filipino Voices blog entry entitled "Election 2010: Public Counting & Code Review" you note that the PCOS units will not reveal to the voter how it read their ballot because of COMELEC imposed time constraints, thus violating the Omnibus Election Code. You also suggest that issues involving source code review in a controlled environment interfere with the voters right to know. Do you you consider there issues alone worthy of putting a halt to the upcoming automation, issues to be resolved, or some other level of seriousness?

The sentiment of the Filipino public, I believe, is that everyone wants computerized elections to succeed. I also personally like computerized elections to succeed. I believe, though, that COMELEC should seriously rethink its stand on NOT implementing the "voter verifiability of his choices" feature of the PCOS. I also believe that there are some required features that the PCOS should have which it does not have and which only source code review will reveal. I believe that COMELEC must allow source code review NOW, while there is still time for review, so that the public can see the conformance or non-conformance of the PCOS to RA-9369 and the COMELEC Terms of Reference (ToR). I do not believe, though, that we should stop computerized elections, because that is the sentiment of the people.

With the destruction caused by Typhoons Ondoy and Pepeng to the schools, basketball courts and other places that will be used for precincts in Metro Manila and Northern Luzon, I have doubts that COMELEC will be able to do even 50% computerization of the entire country.

-Are these, or other issues, you biggest concerns about the voting automation?

These two are some of the important concerns. There are others, about 30 vulnerabilities in all. Check the website of the Center for People Empowerment in Governance for the list of 30 vulnerabilities, Top among these vulnerabilites is the fact that Smartmatic will generate all private keys that will be used by the BEI staff for digitally signing the precinct election returns. Ideally, each BEI staff should generate his own private-public key pair, then password the private key so that only the BEI staff himself can access the private key for signing, and then have the public key certified by Smartmatic or by another certificate authority. But under Bid Bulletin No. 10, Smartmatic will generate all private-public key pairs of all BEI staff, and the BEI staff will only get their signing keys (private keys) on election day. This is bull$#!+, because it gives Smartmatic power to change all precinct ERs, then re-sign them with the private keys (which they have) and pass this modified precinct ER as if it was the original.

-Do you feel that COMELEC skimped out on buying high enough quality machinery for automation (I am thinking of the scanner which you mentioned is only able to read a limited number of shades of color)?

The original AES (automated election system) manufactured by Dominion Voting Systems of Canada consisted of the Democracy Suite Ballot Marking Device (BMD) and the Democracy Suite Image Cast Ballot Scanning Device (the PCOS computer).


The BMD+PCOS combination should be ideal, but Smartmatic supplied us only the PCOS computer. In the NY primaries, voters used the BMD to select their choices using a touch screen, and then the BMD prints the ballot using perfectly shaded ovals (the computer always shades the ovals in the perfect way it knows, and in no other way). So even if the PCOS computer can only read 16 shades of gray, that is sufficient, because the BMD computer printed the voter's choices, and the PCOS computer has been programmed to read THAT perfectly 100% of the time.

In the Philippine's case, 48 million voters will troop to the polls, and will fill out their ballots manually, using 48 million different styles of shading. You can not imagine how difficult the job of COMELEC will be, trying the customize the "% threshhold" that the PCOS computer will use to decide whether the shading is a vote or not.

-In it's September 10 decision upholding the validity of the COMELEC-Smartmatic/TIM contract, the Philippine Supreme Court asserted that PCOS successfully met minimum system capabilites standards with the use of the COMELEC 26 item/check list criteria listed below... (I suspect you are familiar with them, but I will include them for ready reference) (Test criteria clipped) Do you feel that these are sufficient and strict enough criteria to determine if the PCOS units can get the job done? Would you like to see any changes or additional testing of the machines, and if so, what?

I was member of the CenPEG team of observers during the SBAC testing (Special Bids and Awards Committee). First, the team of testers were not software test engineers but lay employees of COMELEC and people from Smartmatic. Second, whenever SBAC felt that the PCOS computer will fail in a test, the testers modified the test a bit, to ensure that the PCOS will pass. For example, the PCOS is known not to read pencil and ball-pen marks on the ballot. So all the tests were done using only felt-tip pen, but the COMELEC ToR specifies that the PCOS must be able to read pencil and ball pen marks also. Little mods like this erode your faith in the correctness of the SBAC testing.

-Do you feel that it is misplaced priorities to put automation in place when vote buying and other forms of fraud could sway elections without tampering with the PCOS units at all? Should COMELEC and the government deal with basic fraud and corruption before turning to automation to improve the election system?

I should not answer this question, because vote buying is not a problem unique to computerized elections, but also exist in manual elections. Ask someone else with more experience than I. Maybe, Mr. Bobby Tuazon, whom I cc'd here, could answer this question with more authority.

-Do you feel that COMELEC can manage the large number of laptops, other computers, and technology it will need for a successful automation in time for the elections?

COMELEC is essentially a team of lawyers who are not computer-techies. It depends on Smartmatic for EVERYTHING regarding computers and the computerization of elections. So outside of customization of data for elections (format of ballot, how many to print per precinct, what % shading to consider a vote, what are the names of candidates, etc.) everything else is the job of Smartmatic. This includes testing, warehousing, transportation, security, etc of the computers. For this reason, Atty Harry Roque claimed that COMELEC has surrendered its mandate to manage the computerized elections to Smartmatic.

-Do you feel that the potential scenarios for an election failure are serious enough to call off automation if it was possible to do so?

There will be no failure of elections. In places where there is no electricity or no cellular signal (so no transmission capability), there will be manual elections. In places where there is electricity and cellular signal, where computerized election is possible, if at any step of the computerized election process, there is a breakdown of computer or transmission capability, then the computerized election will just continue in a manual way. The ballot box will be opened, and the votes counted manually. How this will be done within the context of allowable COMELEC regulations will still be threshed out by COMELEC's implementing rules and regulations (IRRs), which COMELEC has been delaying for some time. I think their problem is, since computerized election is so unfamiliar to them, reverting to manual from computerized election is even more strange, and thus the long delay in the release of the IRR. Mr. Bobby Tuazon might want to add to this.

-Do you consider the PCOS technology too complicated for poll workers and the voting public?

For the poll workers and the voters in the cities and big towns, who are familiar with computer technology, there will be no problem. The problem will be in the far off rural areas, where people have not even seen a fax machine. But voter education can solve this problem, and COMELEC must start its voter education soon.

-Do you have another other thoughts on or points about automation that are not covered in my questions or I may yet be ignorant to?

Check the 30 vulnerabilities in the CenPEG web site,

No comments: