Preliminary
Statement
1.
This paper is about the implications
of the deliberate disablement by the COMELEC of the critical security
feature of digital signatures in the Automated Election System (AES)
used during the national and local elections of 10 May 2010.
2.
For purposes of this paper, the various technical terms used in the
AES may be defined as follows:
2.1.
An Audit
Log
is the record of all the transactions processed by a particular
Precinct Count Optical Scan computerized voting machine (referred to
herein as PCOS), from the date of testing and sealing up to the close
of the elections of 10 May 2010. The transactions here are entered in
progression or otherwise recorded forward, with details of the date,
time and description of the event.
2.2.
A Print
Log
is the record of last 1000 transactions processed by the computer
server of a Municipal Board of Canvassers. The transactions here are
entered in regression or otherwise recorded backward, where the 1st
entry is the latest transaction, while the 1000th
entry is the earliest transaction.
2.3. An Internet
Protocol
address (referred to herein as IP) is a numerical label assigned to a
particular clustered precinct PCOS or a particular Municipal server
participating in the computer network of the AES that uses the
Internet Protocol for communication. See
http://en.wikipedia.org/wiki/IP_address.
The IP address serves 2 principal functions: host identification and
location addressing. http://en.wikipedia.org/wiki/IP_address.
2.4. A Tally
Number
is the tally of votes for a particular elective position in a
particular CP manned by a particular BEI. The Tally Number is
comprised of 14 digits which are divided in 2 equal parts, where the
first 7 digits indicate the CP number, while the last 7 digits
indicate the elective position. The elective positions are as
follows: municipal sanggunian, vice-mayor, mayor, provincial
sanggunian, vice-governor, governor, district representative,
party-list representative, senator, vice-president and president.
Unauthorized
Transmission and Receipt of
Electronic
Returns from an Unknown Source
3.
During election day on 10 May 2010, the BEI of clustered precinct CP
7805002 in Barangay Bacolod, Culaba Municipality, Biliran Province,
closed the poll at 19:21:05 under Entry No. 392 of the Audit Log.
3.1.
The PCOS machine then generated the EML Data results file at 19:38:36
under Entry No. 407. Notably, the BEI did not use their digital
signatures to authenticate the results at 19:38:48 under Entry No.
408. This is apparently in implementation of Subsection 40(f), (g)
and (h) of Comelec Resolution No. 8786 which ordered all the BEI
nationwide not to use their digital signatures.i
3.2.
Thereafter, the PCOS
machine
repeatedly
attempted
but also repeatedly
failed to
transmit the EML Data results file to the MBOC server of Culaba
Municipality, the Comelec central server and the KBP citizens' arm
server. The several unsuccessful transmissions were recorded under
Entry Nos. 411, 412, 413, 414, 417, 418, 419, 420, 423, 424, 426,
430, 432, 433, 437, 438, 439 and 440. The failed transmissions were
recorded as “0
successful transmissions for 3 servers”
under Entry No. 442.
3.3.
After printing 1 copy of the Audit Log tape at 20:36:48 under Entry
No. 457, the BEI closed the PCOS machine at 20:39:01 of 10 May 2010.
3.4.
Attached as Annexes “A-1” to “A-4” are photocopies of
excerpts of the Audit Log for Clustered Precinct No. 7805002-0006A,
PCOS ID No. 7805002, Barangay Bacolod, Culaba Municipality, Biliran
Province.
4. However,
notwithstanding the manifest record of failed PCOS transmissions for
CP 7805002, the municipal
computer server
of Culaba Municipality apparently received
a transmission
sent via IP address 10.12.3.143 purportedly for CP 7805002. The
transmission was received at 23:23:23 of 10 May 2010 under Entry No.
808 of the Print Log. Notably, the time of receipt by the municipal
server was about 3 hours AFTER
the PCOS machine for CP 7805002 was closed by the BEI.
4.1. Upon receipt of
the transmission, the EML Data was successfully imported and
successfully processed under Entry Nos. 807 to 795 (read backwards).
Notably, the first 7 digits of the Tally Number was 7805002
indicating that it was for clustered precinct CP 7805002. This is the
same clustered precinct where the BEI closed the PCOS machine without
any successful transmission.
4.2. Strangely, the
computer server of Culaba Municipality received a second transmission
of the same EML Data sent via the same IP address at 23:48:08 of 10
May 2010. The second transmission was however recognized as identical
to the first transmission under Entry Nos. 792 to 779 (read
backwards).
4.3.
Attached as Annexes “B-1” to “B-4” are photocopies of
excerpts of the Print Log for the computer server of Culaba
Municipality, Biliran Province.
5.
Thus, the Audit Log taken in relation to the Print Log clearly show
that there was unauthorized transmission and receipt of electronic
returns for clustered precinct CP 7805002 from an “unknown source”,
because the sole authorized PCOS machine had been closed without any
successful transmission.
5.1.
Considering that all electronic returns bear no digital signature, as
ironically
instructed
by the Comelec En Banc itself under the cited Comelec Resolution No.
8786, the determination of the authenticity of the EML Data
electronically transmitted is systematically hampered.
Unauthorized
Double Transmission and Receipt of
the Same
Electronic Returns using Different IP Addresses
6.
On election day of 10 May 2010 through the next day 11 May 2011,
electronic returns from seven (7) clustered precincts of the
Municipalities of Culaba and Caibiran, were received twice by the
respective municipal servers via transmissions through different IP
addresses. The clustered precincts from Culaba Municipality are as
follows: CP 7805006, CP 7805008, CP 7805011, CP 7805012, CP 7805017
and CP 7805018. The clustered precinct from Caibiran Municipality is
CP 7804011.
6.1.
The details of the double transmission and receipt of the same
electronic returns using different IP addresses are as follows:
| CLUSTERED PRECINCT, BARANGAY, MUNICIPALITY | FIRST TRANSMISSION/RECEIPT | SECOND TRANSMISSION/RECEIPT |
| CP 7805006 Barangay Bool West Culaba Municipality |
MBOC Log No. 493 11 May 2010 01:55:36 IP Add: 10.15.2.121 |
MBOC Log No. 262 11 May 2010 03:41:51 IP Add: 10.15.3.43 |
| CP 7805008 Barangay Poblacion Culaba Municipality |
MBOC Log No. 479 11 May 2010 01:57:06 IP Add: 10.11.6.177 |
MBOC Log No. 324 11 May 2010 02:58:09 IP Add: 10.11.5.201 |
| CP 7805011 Barangay Looc Culaba Municipality |
MBOC Log No. 902 10 May 2010 22:31:33 IP Add:10.11.11.139 |
MBOC Log No. 778 10 May 2010 23:51:01 IP Add: 10.11.19.202 |
| CP 7805012 Barangay Marvel Culaba Municipality |
MBOC Log No. 465 11 May 2010 02:17:25 IP Add:10.11.2.192 |
MBOC Log No. 248 11 May 2010 03:46:23 IP Add: 10.11.0.117 |
| CP 7805017 Barangay Virginia Culaba Municipality |
MBOC Log No. 888 10 May 2010 23:00:03 IP Add: 10.11.19.47 |
MBOC Log No. 521 11 May 2010 1:21:23 IP Add: 10.11.0.232 |
| CP 7805018 Barangay Virginia Culaba Municipality |
MBOC Log No. 916 10 May 2010 21:03:28 IP Add: 10.12.41.14 |
MBOC Log No. 749 11 May 2010 00:20:25 IP Add: 10.11.13.140 |
| CP 7804011 Barangay Cabibihan Culaba Municipality |
MBOC Log No. 712 11 May 2010 05:13:34 IP Add: 10.11.0.180 |
MBOC Log No. 526 11 May 2010 06:23:18 IP Add: 10.11.1.60 |
6.2.
Attached as Annexes “C-1” and “C-2” are Tables of
Electronically Transmitted Results summarizing data for the time and
dates of the 1st
transmission by the PCOS machines, the time and dates with IP
addresses of the 1st
receipt by the municipal server, and the time and dates with
different IP addresses of the 2nd
receipt by the municipal server.
6.3.
Attached as Annexes “D-1” to “D-3”, “E-1” to “E-3”,
“F-1” to “F-3”, “G-1” to “G-3”, “H-1” to “H-3”,
“I-1” to “I-4”, are photocopies of excerpts of the Print Log
for the computer server of Culaba Municipality, Biliran Province.
Attached as Annexes “J-1” to “J-4” are photocopies of
excerpts of the Print Log for the computer server of Caibiran
Municipality, Province of Biliran.
7.
Thus, the Audit Logs taken in relation to the Print Logs clearly show
that there were unauthorized double transmissions and receipt of the
same electronic returns for seven (7) clustered precincts: CP
7805006, CP 7805008, CP 7805011, CP 7805012, CP 7805017, CP 7805018,
and CP 7804011, using different IP addresses between the first and
second transmissions. Notably, the electronic voting results are
intended for recording only once and not twice.
7.1.
Considering again that all electronic returns bear no digital
signature, as ironically
instructed
by the Comelec En Banc itself under the cited Comelec Resolution No.
8786, the determination of the authenticity of the EML Data
electronically transmitted and received twice is again systematically
hampered.
Unauthorized
Double Use of One IP Address
for
Two Different Electronic Returns
8.
On 11 May 2010, electronic returns from two (2) different clustered
precincts in the Municipality of Almeria, namely CP 7801001 and CP
7801002, were sequentially received by the municipal server via
transmission through one and the same IP address 10.15.0.157.
8.1.
The details of the double use of one (1) IP address for two (2)
different electronic returns are as follows:
| CLUSTERED PRECINCT, BARANGAY, MUNICIPALITY | FIRST TRANSMISSION/RECEIPT | SECOND TRANSMISSION/RECEIPT |
| CP 7801001 Barangay Poblacion Almeria Municipality |
MBOC Log No. 261 11 May 2010 01:06:50 IP Add: 10.15.0.157 |
NA |
| CP 7801002 Barangay Poblacion Almeria Municipality |
NA | MBOC Log No. 247 11 May 2010 01:23:53 IP Add: 10.15.0.157 |
8.2.
Attached as Annex “K-1” is a Table of Electronically Transmitted
Results summarizing data for the time and date of the respective
transmissions by two (2) different PCOS machines, and the time and
date of the sequential receipt of two (2) different transmissions but
using only one (1) and the same IP address.
8.3.
Attached as Annexes “L-1” to “L-4” are photocopies of
excerpts of the Print Log for the computer server of Almeria
Municipality, Biliran Province.
9.
Thus, the Audit Logs taken in relation to the Print Logs clearly show
that there was unauthorized double use of one (1) and the same IP
address for two (2) different electronic returns pertaining to two
(2) different clustered precincts CP 7801001 and CP 7801002. Notably,
each clustered precinct is assigned a unique IP address under the AES
to facilitate host identification and location addressing.
9.1.
Considering again that all electronic returns bear no digital
signature, as ironically
instructed
by the Comelec En Banc itself under the cited Comelec Resolution No.
8786, the determination of the authenticity of two (2) different EML
Data electronically transmitted and received via one (1) and same IP
address is again systematically hampered.
Concluding
Statement
10.
Under the premises, it is only reasonable to conclude that the
deliberate disablement by the COMELEC of the critical security
feature of digital signatures in the Automated Election System (AES)
used during the national and local elections of 10 May 2010,
systematically hampered the determination of the authenticity of any
and all electronic election returns, thereby facilitating network
intrusion or the hacking of the AES in manifest violation of Section
33 of the Electronic Commerce Lawii
and
the
constitutional mandate to secure the “sanctity of the ballot”.iii
This
article was written ex-gratia
by
Demosthenes
B. Donato for Tanggulang
Demokrasya.
All intellectual property rights are granted to the public domain.
21 December 2011.
Makati City, Philippines.
i
Comelec Resolution No. 8786 approved on 04 March 2010
provides in part as follows...
f) Thereafter, the
PCOS shall automatically count the votes and immediately display a
message "WOULD YOU LIKE TO DIGITALLY SIGN THE TRANSMISSION
FILES WITH A BEI SIGNATURE KEY?", with a "YES" or
"NO" option;
g) Press "NO" option. The PCOS will display "ARE YOU SURE YOU DO NOT WANT TO APPLY A DIGITAL SIGNATURE?" with a "YES" and "NO" option;
h) Press "YES" option. A message shall be displayed "PRINTING 8 COPIES OF NATIONAL RETURNS. PLEASE WAIT"...
The cited resolution was approved and signed by
Comelec Chairman JOSE
A.R. MELO, and Members RENE V. SARMIENTO, NICODEMO T. FERRER,
LUCENITO N. TAGLE, ARMANDO C. VELASCO, ELIAS R. YUSOPH, and GREGORIO
Y. LARRAZABAL.
Notably, the said resolution was issued in violation of the new Section 22 of Republic Act No. 8436, as amended by Republic Act No. 9369 on 23 January 2007, which expressly provides that election returns transmitted electronically be “digitally signed.”
Notably, the said resolution was issued in violation of the new Section 22 of Republic Act No. 8436, as amended by Republic Act No. 9369 on 23 January 2007, which expressly provides that election returns transmitted electronically be “digitally signed.”
ii
Republic Act No.
8792, 14 June 2000.
iii
1987
Constitution, Article
V, Suffrage, Section 2. The Congress shall provide a system for
securing the secrecy and sanctity
of the ballot
as well as a system for absentee voting by qualified Filipinos
abroad.
The
Congress shall also design a procedure for the disabled and the
illiterates to vote without the assistance of other persons. Until
then, they shall be allowed to vote under existing laws and such
rules as the Commission on Elections may promulgate to protect the
secrecy
of the ballot. (emphasis supplied)
No comments:
Post a Comment