After a difficult day in the 2013 elections where the Electoral Commission found itself in the middle of a dispute between Smartmatic and Dominion Voting Systems over the process of obtaining the source code of the Precincts and its subsequent audit as established by law.

For the 2016 election event, Pablo Manalastas, source code reviewer, said it would be difficult for cheaters to alter the source code of the consolidation and canvassing system and vote counting machines (VCMs) supplied by Smartmatic Inc, in statements delivered to the joint congressional oversight committee on automated elections.

“All attempts to hack the system fail because it is so secure. To succeed in hacking the system, you need to have the cooperation of the people who are in charge of the databases and who have physical control of the machines,” he said.

He pointed out that the only way to manipulate the codes is from the inside, that is, it could be done if one has all the passwords and “login keys”.

Photo | Inquirer.net | Richard A. Reyes
SMARTING An angry Election Commissioner Rowena Guanzon slams Smartmatic for its decision to change a computer script without COMELEC clearance, a break in protocol for which Smartmatic project director and general manager Ellie Moreno looks properly chastened

Auditing the Software

The committee held the hearing after detecting glitches in last week’s mock elections.

The COMELEC attributed the glitches to the alleged incompatibility of the source code with the election management system (EMS), which contains important information such as the names of candidates, ballot serial numbers and details about some polling precincts.

Commissioner Christian Robert Lim told the panel that the COMELEC plans to conduct more field tests in the coming weeks together with Denver-based in-house source code certifier SLI Global Solutions.

COMELEC President Andres Bautista changes the rules of the game.

There was also a brief discussion on Comelec’s decision not to configure the VCMs to print receipts. The receipt serves to show the voter that his ballot has been received and read.

COMELEC Chairman Andres Bautista said the decision not to print receipts was made unanimously.
He said a receipt could be used for vote buying and would only lengthen the voting process for several hours.

“The long time and long lines could discourage the voter,” Bautista said, although he cited a Supreme Court ruling that the ballot itself is the document that can be used for auditing.
He said the receipts could also cause confusion, as the VCM may produce a different result from what the voter may be expecting if the ballot is wrongly marked.

Denouncements and irregularities

The group of vice presidential candidate Ferdinand Marcos Jr. denounced on Wednesday, May 11, that a new computer command was introduced in the Transparency Server of the Commission on Elections (Comelec).

“We received disturbing information: past 7:30 p.m. on May 9, election day, a new code was introduced in the Transparency Server,” the group said in a statement.

The Code Change was made without COMELEC’s approval.

The Commission on Elections (COMELEC) on Friday formed a committee to investigate its technology partner Smartmatic for the unauthorized change in the data package of a transparency server that led to allegations of vote-counting fraud in Monday’s national elections.

The COMELEC also restricted the access of Smartmatic personnel to the consolidation and canvassing system workstation at the Philippine International Convention Center (PICC) amid the uproar caused by the minor adjustment it made in the data package for the transparency server of the Parish Pastoral Council for Responsible Voting (PPCRV) on monday night.

Congress to investigate script change

The Congressional Joint Oversight Committee on the Automated Electoral System, chaired by Sen. Aquilino Pimentel III, is set to conduct an investigation this Thursday on the unauthorized change in the script of a transparency server for automated elections.

Commission on Elections (COMELEC) chairman Andres Bautista said the small change in the code was only “cosmetic” and did not compromise data from the vote counting machines (VCMs) to the central servers.
Bautista said that a Smartmatic programmer simply corrected a typographical error where the letter “ñ” in the names of some candidates was represented by a question mark.

The Senate will likely invite Marlon Garcia, Smartmatic project manager in the Philippines, Smartmatic Philippines general manager Elie Moreno, Bautista, election commissioner Rowena Guanzon and officials of the election watchdog Parish Pastoral Council for Responsible Voting (PPCRV) to the hearing scheduled for May 19.

Guanzon has denounced the violation of protocol by Smartmatic when one of its executives changed the script in the transmission server used by PPCRV.

Pimentel also revealed plans to request a suspension of departure order against 20 officials of the Venezuela-based firm that has been chosen to handle the country’s automated elections since 2010.

Source:
1. comelec-optimistic-of-securing-source-code
2. source-code-hack-resistant-expert-tells-congress
3. -marcos-altered-hash-codes-robredo-votes/
4. smartmatic-faces-probe?
5. congress-probe-script-change?
6. raps-filed-vs-ex-poll-execs-smartmatic

1. How is it possible to modify a code that was audited and certified by external entities?

2. Are all respective political actors notified of the modifications?

3. If Smartmatic was not open about the “cosmetic” change, why should one believe that it has respected the previous certifications that ended in lawsuits?

4. Was COMELEC’s restriction of access to Smartmatic just a measure to try to quiet the scandal?

5. How did Andres Bautista and Smartmatic qualify before Congress the change as a “cosmetic” change? Were the hashes of the application revised to guarantee the integrity of the results?

6. Is it a normal practice of Smartmatic to refuse to deliver the source codes and to modify them at will?